Rethink the cybersecurity framework with a 4-step approach
Cybersecurity is a top-of-mind priority for almost all businesses today. While the global pandemic has led to a dramatic rise in cybercrime, constantly identifying and fixing the weakest link, be it human, machine and workflow, is becoming more important than ever. However, the fact is, cybersecurity efforts continue to be largely reactive that security teams detect intrusions after the fact, after cybercriminals breached a company’s network and stole data or inserted malware that would do further damage. From our business encounters and exchanges with C-suites in Hong Kong, this question about cybersecurity keeps lingering in their minds and this scene actually aligns with what we have learnt from Deloitte.
According to a study from Deloitte, more than half a million people globally were affected by breaches in which the personal data of video conferencing users was stolen and sold on the dark web. The recent breach of a digital payment service provider indicates that both giant enterprises and SMEs are vulnerable to threats. Another global study revealed that data breaches now cost surveyed companies US$4.24 million per incident on average. Obviously, companies of all sizes have been impacted by this emerging trend though not all have the resources and scale to protect themselves by pouring more money into it. Therefore, when considering how to tackle the challenges, businesses are having headaches on how to make the right decision.
More than just choosing the security solution
When being asked, many companies are looking for a full-range security platform, but not having the full knowledge of the solutions and technologies managing the network is the hidden hero doing the “heavy lifting” behind the scenes. On the other hand, the platform manages end-to-end devices, hardware, and software, records and provides dashboards, integrates with other systems and so much more, for a better view of what exactly is going on.
To select the right security platform, “future” matters most. Instead of merely looking at your immediate security concerns, businesses need to consider thoroughly how today’s decision about a security solution, or a security partner will vastly impact your capability and achievements as your security needs and digitalization evolve over time. Adaptability for compliance and data protection, certified and skilled resources and intelligence, prevention strategies and advisories, and new security network solutions are all crucial considerations when coming to the decision of the right security platform and partner.
Four-phased security approach
So, what makes an ideal security platform and partner for a business? Let’s try to analyze the gaps in a more robust and completed approach, namely Predict & Prevent, Detect, Protect and Respond.
Predict & Prevent – Moving from the current reactive model to a more predictive one, and it is more than adding other security tools such as encryption or multi-factor authentication. Companies can work with cybersecurity service providers to derive holistic design and prevention strategies, while the top-class resource can monitor the threat landscape and warn companies about the places where cybercriminals are most likely to attack next and also enable automation of routine cybersecurity responses.
Detect – An effective cybersecurity threat detection starts with a detailed design of the security data on-boarding process, customized security management platform, together with ongoing use case development, the security team can identify and resolve issues before they escalate to the critical incident level.
Protect – By conducting regular security assessments including zero trust assessment and multi-factor protection by consultants, together with deploying a reputable security partner with hundreds of local subject matter experts in various ICT technology domains, companies can better prepare for potential cybersecurity breaches.
Response – Companies should have an always-on incident response plan. This is a key part of the holistic cybersecurity strategy and can make a huge difference between a breach with minimal damage and a disaster. With the support of certified and experienced cybersecurity professionals with global cybersecurity insights, the plan enables fully resilient, adaptive and automated cybersecurity operations, and readiness of the incident response team, with the goal of providing encompassing response to any threats detected.
It’s the opportune time for companies to shift the cybersecurity operations model to a more proactive and predictive one by taking the 4-phased approach. And when considering how to put this approach into place, do think about what your challenges and goals are, to our experience, a holistic solution that integrates professional consultancy and comprehensive ICT solutions relieves most of the headaches.
Once set, you are close to having a secure network ready to defend your business from cybercriminals, not just for today, but most importantly, for tomorrow.
-- Contact us at [email protected]
-
Integration of GIS and BIM can drive development of smart city Dr. Winnie Tang
The China Association for Geospatial Industry and Sciences (“the CAGIS”) released the Top Ten Highlights of China's Geographic Information Industry in 2023, which provides much inspiration. The
-
Equip young people for the future Dr. Winnie Tang
In late February, the inaugural flight of an air taxi from Shenzhen Shekou Cruise Homeport to Zhuhai Jiuzhou Port took only 20 minutes with an estimated one-way ticket price of 200 to 300 yuan per
-
Are we raising a generation of leaders, or of followers? Brian YS Wong
The essence of education is defined not by the facts it imparts, but the potential knowledge it inspires students to individually pursue on their own. Put it this way – the ideal form of education
-
The urgent need for reforms to sex education in Hong Kong Sharon Chau
Nearly one in every four university students (23%) in Hong Kong has been sexually harassed, according to a 2019 report published by the Equal Opportunities Commission (EOC). A 2019 study found that
-
STEAM should be linked to real life Dr. Winnie Tang
In the 2017 Policy Address, STEM (science, technology, engineering and mathematics) education was proposed as one of the eight major directions to promote I&T development. Since then, funding has