/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/08/ID-100216749.jpg)
Shrikant Shitole
Attacks against business and nations hit the headlines with such regularity that they become anything but news, making us numb to the sheer volume and acceleration of cyber threats.
Cyber-criminals have started adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers, making attacks more complex to detect also.
In the wake of such breaches, IT budgets and expenditure on security has increased. Gartner predicts that by 2017 the typical IT organization will spend up to 30 percent of its budget on risk, security and compliance, and will allocate 10 percent of their people to these security functions. This is triple the levels of 2014 expenditure.
Indian companies have been boosting expenditure on cyber security but, sometimes lack processes to cope with a breach. In the current state of adversary defense, the detection of a breach takes too long. In that respect, the board has a vital role in ensuring management has created an organization that is equipped to deal with cyber threats and attacks.
In 2015, there were a record-setting total of nine reported mega-breaches globally involving 429 million identities exposed. Yet, the incidents that make the news are just the tip of the iceberg. Most organizations are unwilling to admit publicly that they have been the target of attacks for fear of damaging their reputation and opening up legal problems. According to the Symantec, the number of companies that chose not to report the number of records lost jumped by 85 percent.
To meet the challenges of an increasingly complex environment, organizations need to invest in the best defenses. Compromise is expensive and can lead to financial losses, reputational damage, loss or damage to IP, and disruption to the business. A cyber-attack can also lead to regulatory and compliance issue – elevating the agenda to a board-level concern. It is essential that organizations conduct comprehensive risk assessments to identify and manage jurisdictional, governance, privacy, technical and security risks.
Some of the things top-level management should consider to make organizations cyber-resilient are:
1. Know Your Data
It is important to understand what data is important, where is it residing, who have access to it and to what extent. It is also important to understand if the data is is subject to lawful access by a foreign government, or jurisdictional laws. Some foreign-owned cloud service providers (CSPs) acknowledge that they are obliged to disclose customer data in response to official requests and may be unable to notify customers beforehand.
2. Prioritize and Limit the Access
Understanding the data and its accessibility will cordon off endpoints. Irrespective of the location of data, allowing more people access and increasing the chances of an attack or disruptions.
3. Know Your System
Information regarding infrastructure i.e. whether the multi-tenancy nature of cloud computing which increases the likelihood of unauthorized access or network compromise or whether a CSP now controls security measures that were previously done in-house helps deploy requisite security methods.
4. Act Fast
The process of uncovering threat data across endpoint, network and email gateways is manual and time-consuming, which gives attackers an edge. To curb the impact at the minimum, it is important to report it at the earliest possible and act fast.
5. Capitalize on Existing Investments
Businesses today, do not want to deploy multiple solutions to protect each end point. For optimum benefits, they should rather deploy solutions which will integrate itself with existing infrastructure
6. Invest in Right Skill set
Work with experts or have access to qualified security experts that can monitor and analyze advanced security threats to help minimize the business impact of cyber attacks
Cyber attacks are among World Economic Forum’s top global risks indicating that it is no longer an issue that concerns only IT and security professionals, but is also an important topic for boardroom discussions. Directors need to be informed and themselves about their organization’s cyber strategy, what information is shared to third parties, and the security of their networks – both for the company’s protection and their own.
The author is Managing Director, India Symantec