Rethink the cybersecurity framework with a 4-step approach

Andrew Kwok September 27, 2021 10:38

Cybersecurity is a top-of-mind priority for almost all businesses today. While the global pandemic has led to a dramatic rise in cybercrime, constantly identifying and fixing the weakest link, be it human, machine and workflow, is becoming more important than ever. However, the fact is, cybersecurity efforts continue to be largely reactive that security teams detect intrusions after the fact, after cybercriminals breached a company’s network and stole data or inserted malware that would do further damage. From our business encounters and exchanges with C-suites in Hong Kong, this question about cybersecurity keeps lingering in their minds and this scene actually aligns with what we have learnt from Deloitte.

According to a study from Deloitte, more than half a million people globally were affected by breaches in which the personal data of video conferencing users was stolen and sold on the dark web. The recent breach of a digital payment service provider indicates that both giant enterprises and SMEs are vulnerable to threats. Another global study revealed that data breaches now cost surveyed companies US$4.24 million per incident on average. Obviously, companies of all sizes have been impacted by this emerging trend though not all have the resources and scale to protect themselves by pouring more money into it. Therefore, when considering how to tackle the challenges, businesses are having headaches on how to make the right decision.

More than just choosing the security solution

When being asked, many companies are looking for a full-range security platform, but not having the full knowledge of the solutions and technologies managing the network is the hidden hero doing the “heavy lifting” behind the scenes. On the other hand, the platform manages end-to-end devices, hardware, and software, records and provides dashboards, integrates with other systems and so much more, for a better view of what exactly is going on.

To select the right security platform, “future” matters most. Instead of merely looking at your immediate security concerns, businesses need to consider thoroughly how today’s decision about a security solution, or a security partner will vastly impact your capability and achievements as your security needs and digitalization evolve over time. Adaptability for compliance and data protection, certified and skilled resources and intelligence, prevention strategies and advisories, and new security network solutions are all crucial considerations when coming to the decision of the right security platform and partner.

Four-phased security approach

So, what makes an ideal security platform and partner for a business? Let’s try to analyze the gaps in a more robust and completed approach, namely Predict & Prevent, Detect, Protect and Respond.

Predict & Prevent – Moving from the current reactive model to a more predictive one, and it is more than adding other security tools such as encryption or multi-factor authentication. Companies can work with cybersecurity service providers to derive holistic design and prevention strategies, while the top-class resource can monitor the threat landscape and warn companies about the places where cybercriminals are most likely to attack next and also enable automation of routine cybersecurity responses.

Detect – An effective cybersecurity threat detection starts with a detailed design of the security data on-boarding process, customized security management platform, together with ongoing use case development, the security team can identify and resolve issues before they escalate to the critical incident level.

Protect – By conducting regular security assessments including zero trust assessment and multi-factor protection by consultants, together with deploying a reputable security partner with hundreds of local subject matter experts in various ICT technology domains, companies can better prepare for potential cybersecurity breaches.

Response – Companies should have an always-on incident response plan. This is a key part of the holistic cybersecurity strategy and can make a huge difference between a breach with minimal damage and a disaster. With the support of certified and experienced cybersecurity professionals with global cybersecurity insights, the plan enables fully resilient, adaptive and automated cybersecurity operations, and readiness of the incident response team, with the goal of providing encompassing response to any threats detected.

It’s the opportune time for companies to shift the cybersecurity operations model to a more proactive and predictive one by taking the 4-phased approach. And when considering how to put this approach into place, do think about what your challenges and goals are, to our experience, a holistic solution that integrates professional consultancy and comprehensive ICT solutions relieves most of the headaches.

Once set, you are close to having a secure network ready to defend your business from cybercriminals, not just for today, but most importantly, for tomorrow.

-- Contact us at [email protected]

Andrew Kwok

CEO of HGC