Top 3 action items for CIOs as security risks rise in Asia

Vanessa Lew

In the age of big data, bring-your-own-devices and internet-connected supply chains, cybercrime is big business. As a result, cyber security has never been higher on the C-suite agenda.

Top executives from all disciplines are now aware that with access to sophisticated technology and services, organized crime is responsible for developing malware and coordinating attacks that are very difficult to detect and avoid. Insidious Advanced Persistent Threat (APT) attacks that put an intruder within your network to syphon off data over an extended period of time are becoming more common, sometimes using a more traditional Distributed Denial of Service (DDOS) attack as a cover for the intrusion.

Challenges in Asia

Here in Asia including India, these global risks are being amplified by two factors: the fast pace of the merger and acquisitions (M&A) process and the fluidity of the job market for senior IT personnel.

The volume of M&A activity in Asia reached a record high of $367.7 billion in the first half of this year. While volumes across the US and Europe are also high ($815.7 billion and $507.9 billion respectively), it is the velocity of M&A activity in Asia that is striking. Executives here must be even more vigilant to ensure that security is not compromised by the speed at which deals are done.

Security is a critical component of M&A due diligence today. Determining whether the new partner brings an acceptable level of cyber risk should be as crucial as evaluating the deal’s financial and legal implications. An undetected APT intrusion in a target company could, for example, allow confidential documents to be monitored during negotiations and open a backdoor to your network post-acquisition if vulnerabilities are not addressed.

Publicity around an M&A could also attract malicious activity as cyber criminals probe for weaknesses to exploit. Getting appropriate security in place before integration begins is thus vital to protecting both entities and the value of the deal.

On the positive side, Asian businesses are well aware of the security risks inherent in doing business today and amplified by M&A and other leadership changes.

CIO security checklist

Keeping these challenges in mind, here are my top three action items for executives in Asia including India to consider when assessing their security provisions.

Understand your security posture

To what risk level is your organization exposed? What technologies, policies, procedures and controls protect you from threats? How effective is this technical and non-technical security infrastructure? Do you regularly review firewalls and logs, searching for evidence of a breach?

With a clear picture of your business risks and resources, you’ll be better able to identify and prioritize next steps. Your approach to security must evolve as threats, technologies, supply chains and regulations change. In the past, security protocols were primarily risk-based; then they became rules-based. Today, they are becoming increasingly anomaly-based, using business intelligence technologies to detect unusual system activity.

Periodic reassessment of your security posture, including regular security assessments and threat analysis, will help you determine how your current systems need to be improved. A security assessment may highlight a gap in your defences or discover an undetected breach. Given the pace at which the security landscape is changing, it will certainly uncover some room for improvement.

Integrate security into decision making

What are the security implications of your business development projects and growth strategies? What is the monetary value of security? Is proactive risk management stifled by a focus on compliance?

Providing the CIO with a seat at the strategy development table will help your business identify security threats and data-driven business opportunities. It should ensure that proper security is in place before new policies (such as BYOD) are deployed, and it may help you drive cultural change to prevent security breaches and prioritize planning to mitigate the impact of cyber-attacks.

Select the right security technologies, policies, tools and partners

What do you need to keep pace with escalating security risks? Can you consolidate your basic security solutions and invest more wisely? How are you supporting employees and third-party partners to protect your business data and intellectual property?

Selecting and updating the right security technology portfolio for your organization is daunting. A certified security provider can act as a trusted advisor. It will guard all elements of your infrastructure and protect your network and reputation while ensuring regulatory compliance and business continuity. A world-class partner will operate on a global scale and have the resources to keep on top of new threats and abreast of new technologies. It will also provide a continuous high level of service during transitional periods, such as when a new CIO or CEO is hired.

The author is senior security advisor, AT&T