There’s more to cybersecurity than firewalls and phishing
As cybercrime hits the big time, Asian companies are starting to look for more advanced cybersecurity services.
How big a deal is cybercrime? Very, is the short answer. In fact, according to a recent story in ComputerWeekly, if cybercrime was a country, it would rank 13th globally in terms of GDP (gross domestic product). With a turnover of approximately US$1.5 trillion a year, the scale of the cybercrime business is about the same as the entire Russian economy.
Cybercrime is showing no sign of slowing down. Today there is more malware in circulation than ever, with something like a quarter of a million new signatures detected every day. According to a study at the University of Maryland, a hacker attack hit its test servers on average every 39 seconds.
That’s the bad news. The good news is that, as cybercrime hits the big time, more companies in Asia are recognising there is more to effective cybersecurity than installing firewalls and educating employees about the dangers of “phishing.” And they are starting to look for more advanced cybersecurity services.
Breaking with tradition
Traditional cybersecurity programs are aimed at ensuring compliance, usually through ethical hacking, cyber-audits or staff awareness training. However, these typically rely on older frameworks, and are therefore somewhat behind the security curve. That’s a problem, because by the time a framework is approved, and auditors are trained, a whole new set of cybersecurity challenges will have emerged and need to be tackled.
Companies should really approach cybersecurity with a long-term view that goes far beyond compliance. For example, last year Adura’s Threat Intelligence Services identified and successfully neutralised over 750 high risk Darkweb asset exposures for clients. They included leaked confidential files, pre-emptive cyber-attack intel, VIP and corporate impersonation, harvested staff system credentials, social media exposure, email forensics and security configurations.
Conventional cybersecurity tools and compliance measures aren’t capable of capturing these exposures. It takes a combination of skilled personnel and in-depth analytical know-how to identify and eliminate them.
Simplifying cybersecurity management
Major incidents during the past year have demonstrated how sophisticated cyber attackers are increasingly becoming. Adura helps businesses put structure into their cybersecurity management approach through our proprietary Cyber Essentials Framework. It covers the three key pillars needed for effective cyber security management – people, process and technology.
Preparing your people
Trends such as bring-your-own-device, coupled with highly variable employee awareness of cyber security best practices and shadow IT, can open the door for cyber criminals. Therefore, it is vital to educate employees about cyber threats, lowering their susceptibility to social engineering attacks and email phishing.
In phishing simulations that we’ve run for clients, we’ve seen 20 percent of staff opening phishing emails disguised as social media invites or internal organisational messages. And that is despite them having received training on how to spot phishing emails!
People in finance and HR department – two departments that manage sensitive employee information – were more likely to be misled by phishing emails. I think this highlights the critical importance of continuous and effective employee training on cyber security issues.
Improving internal processes
Managing cyber security risks requires a well-rounded approach. In my experience, 99 percent of web servers lack at least eight critical security patches, usually because of weaknesses within in-house cyber security processes. This leaves businesses exposed to cyber threats.
Adura helps customers reduce their risk exposure by identifying vulnerabilities, and prioritizing security updates. We work with companies to put the right processes and plans in place, based on the customers’ size, industry and business goals.
Accessing technology talent
As the technology landscape and cyber security best practices continue to evolve, companies need skilled cyber security personnel on-hand at all times to help them assess and manage their risk profile. Adura has found that 20 percent of companies in the region do not have a Chief Information Security Officer (CISO), or sufficient specialist staff.
To ensure companies always have access to the best talent at hand, Adura offers a Virtual Chief Information Security Officer (vCISO) service, that provides the senior-level counsel and insight of a traditional CISO, without the customer needing to hire additional personnel for their IT team.
Become secure, not a statistic
Our work on managing cyber incidents in the Darkweb shows that cyber threats are commonplace in today’s digital world. And they can, and all too often do, have a serious impact on businesses of all sizes.
The sheer volume of threats, and rapid changes in cyber security and best practices, make it very difficult for companies to effectively manage their cyber security needs. It’s not impossible. But it calls for cyber security programmes that follow a prevention-led approach to continuously identify and close gaps in employee awareness, security management processes and skills as well as technology.
It makes the difference between doing business safely and becoming another casualty. Talk to us to find out how Adura can help you develop a holistic cyber security programme that secures your success.
By: Barnaby Grosvenor
With more than 20 years' experience in the cyber risk and information security industry, Barnaby helps corporations in Asia develop holistic, tailored security programmes to drive greater business success.