Cybercrime is a big business and organisations must take holistic approach to successfully conquer cybersecurity in the digital age.
This is the message of the keynote speech delivered by Guido Crucq, Dimension Data's General Manager for the Security Business Unit for Asia Pacific (APAC), at the Computerworld Security Summit Philippines on Tuesday (12 April 2015).
According to Crucq, we are now in the age of digital disruption-wherein organisations are increasingly forced to transform their business model by leveraging digital technologies. Even though doing so will help organisations remain relevant and gain competitive advantage in future, it also brings about new threats. And the sad fact is that the information security industry is not ready for this new era and remains on the back foot, said Crucq.
According to Dimension Data's 2015 Global Threat Intelligence Report (GTIR) - which is based on the data gathered from NTT security companies' clients and NTT's live Global Threat Intelligence Platform-seven out of 10 vulnerabilities recorded were directly related to end user systems.
In line, the report revealed that exploits usually spike after weekends or holidays when users reconnect to their organisations' systems. However, majority of the businesses (74 percent) had no formal incident response plan after a security hiccup.
On top of that, businesses - regardless of the size of their IT teams - are not regularly patching vulnerabilities in their systems. Seventy-six percent of vulnerabilities found in the clients' systems were more than two years old, while nine percent of vulnerabilities were more than 10 years old. Crucq explained that this is due to IT teams taking a reactive stance to security incidents and their refusal to integrate systems.
As such, Crucq encouraged businesses to change their mindset when it comes to cybersecurity. "We need to be more proactive and approach security holistically; we need to share information and work better in building functional teams," he said.
Holistic security is a layered approach to security which involves technology, people and processes. To achieve this, organisations could leverage security as a service platform to support their new digital business efforts. Crucq added that endpoint security must be strengthened to deal with the different devices used within a company. Besides that, businesses should build security operations centres and learn to deal with technologies like tokens, authentication and single sign-on.
In terms of the people aspect, organisations should create a coherent understanding among staffs with regards to digital business to improve incident response. Boarding forensic analysts, privacy experts, and a chief information security officer is also necessary, Crucq explained.
He added that a holistic approach to security requires risk management-which includes assessment, strategy, architecture, controls and management-to be placed at the core of a business.
Crucq concluded that organisations today must accept the fact that they will be hit with security incidents at some point. Hence, they must be ready and take a proactive approach to mitigate the impacts of security incidents.
Sign up for Computerworld eNewsletters.