Cybersecurity: Key To Transforming Into A Connected And Intelligent Business
Danger looms around every digital corner... Many are unprepared for the growing threats from increasingly sophisticated attackers who are always probing for weakness especially with new digital systems.
Nobody would like to hear the news that their company has suffered a brand damaging, expensive cyberattack. Within the last one to two years, Malaysia has seen news of massive data leaks or attacks involving personal data of millions of Malaysians. It would be a mistake to think that security should only focus on protecting against these sort of incidents.
While the Fourth Industrial Revolution accelerates the move to automation and other digital capabilities, it also increases organisations’ vulnerabilities on this front. Many are unprepared for the growing threats from increasingly sophisticated attackers who are always probing for weakness especially with new digital systems. Accenture’s Security Index cites that researchers believe the costs of cyberattacks could reach US$90 trillion by 2030.
What does this mean for Malaysia? Are we ready to embrace this rapid shift to the Fourth Industrial Revolution safely? The government has already taken steps to provide for a robust and healthy environment in line with the Malaysia Digital Economic Corporation’s (MDEC) projection to have the digital economy contribute 20% of the country’s GDP by 2020.
In 2016, it established the world’s first cyber court, and the following year, the Digital Free Trade Zone - another world’s first. Most recently, the National Industry 4.0 Policy Framework cited one of the key issues and challenges as being “Digital Readiness & Connectivity - Exposure to cyber threats with increased connectivity and new technologies, especially IoT”. On their part, if Malaysian companies are to succeed in developing superior customer insights, proprietary intellectual property and compete efficiently via digital technologies, they will need a robust cybersecurity strategy to underpin everything.
How does one develop a holistic cybersecurity strategy that is aligned to how the business wants to transform?
CISOs need to prepare CEOs and board members to think about security differently, because they set the tone for the entire company.
Leadership And Governance: CISO
Who is advising the CEOs or management board on Cybersecurity?
CEOs and boards are increasing their commitment towards cybersecurity to a point where they are taking the responsibility for the company’s cyber risks. However, the role of Chief Information Security Officer (CISO) or equivalent is important to identify and address security concerns while companies adopt new technologies and help to answer strategic questions such as:
• How are our security investments helping protect our most-valued assets?
• How does our cybersecurity strategy align with our business objectives?
• Is the business ready for what comes next?
• And can we build on our security to grow the business with confidence?
CISOs need to prepare CEOs and board members to think about security differently, because they set the tone for the entire company. The senior leadership team can ask the tough questions, understand that end-customer expectations are well ahead of security standards and argue that ‘compliance box tick’ practice is not good enough.
Cybersecurity-first Culture
Is Cybersecurity listed at the top of your company’s agenda?
A large part of a security-first culture has to do with the knowledge, awareness, belief, perception, attitude, assumptions, norms and values of employees regarding cybersecurity and how they manifest themselves in employees’ behaviour with information technologies.
To be able to defend and protect against the ever-increasing cyber threats, we must start by developing a culture of cyber resilience within companies. This begins from the top, with leadership setting the tone and managers driving cultural changes throughout the organisation. For example, running a customised campaign for different groups of employees, themed around cybersecurity and the varying forms of threats that may manifest. The aim is not to give “silver bullets”, but to create a new culture that everyone understands and accepts.
Trust: Customers And Partners
Secure by Design and Privacy by Design
Companies are leveraging on the opportunities afforded by digital technologies and new forms of customer engagement. A lack of digital trust can rapidly undermine these goals. Digital security and privacy concerns of customers can affect companies in expected and unexpected ways. The slightest distrust amongst customers and partners may lead to a large business reputational impact. This is amplified in the digital era through the use of social media.
Companies need to persevere to build and sustain the customer’s trust along the digitalisation journey by ensuring their data is handled with a “Secure by Design” and “Privacy by Design” mindset.
Cybersecurity Investment
How much $$$ is enough to be secured?
There isn’t a straightforward answer to the question of “how much is enough to be secure?”. First, we need to answer the question of “did we get the basics correct?”. Have we made the correct investment in ensuring we are able to defend ourselves from intruders who maliciously target a customer, use our infrastructure to attack our competitors and/or attack our own business-critical assets or ‘Crown Jewels’?
Getting the basics correct is not an easy task, else we would not see or hear successful ransomware attacks, the majority of which could have been avoided with “getting the basics correct”.
The next question that needs to be answered is “how much innovation is available to improve your cybersecurity and data protection?”. Cyber attackers find it far too easy with all the new technologies and new ways of getting into your company. The use of innovative technology - such as but not limited to AI, machine learning, advanced cyber analytics and blockchain - would help companies to learn, identify unusual activities and neutralise a cyber threat. In summary, we need to have the right level of funding for cybersecurity to understand the critical importance of the basics and the need for cutting-edge innovation. Both sides of the equation are “must haves”.
Cybersecurity Strategic Partner
Who can help you?
There is no “finish line” in securing your company, the silos between business units and teams needs to be broken. Strong security partnerships with organisations that have the expertise, global resources and advanced technologies to create integrated, practical services that are specifically tailored to your industry and business goals will be crucial to defend and fight against cyber threats.
Conclusion
For companies on the journey towards becoming an intelligent business, digital innovation opens up a whole plethora of new business value. However, the risks of not protecting critical business assets go beyond corrective measures from cyberattacks.
Customer trust for one, is hard to quantify but could impact performance for years. It is time cybersecurity becomes a board-level agenda, right alongside business strategy as it is key to enabling the safe expansion and transformation of every company. As businesses make it a priority, alongside the government’s efforts, all stakeholders can then see a secure and safe Malaysia Reimagined.
This is a contribution by Mark du Plessis, Security Senior Principal and Saidoo Arivindran, Security Consultant Senior Manager, of Accenture.