The recent attacks on government portals have raised a red flag for most people on the safety of the internet. According to reports, the data of 392 users of the Sabah Tourism site were stolen and released to the public, while 41 different government websites have been disrupted at various levels. If government websites are susceptible to such attacks despite prior warning, how do we secure ourselves and our enterprises from suffering the same fate?
According to Edison Yu, Industry Manager, ICT Practice, Asia Pacific, Frost & Sullivan,"The recent slew of incidents, such as the attacks involving the Sony's Playstation network, Lockheed Martin's network, Google's g-mail passwords and Citibank's credit card customers' information have only further strengthened the belief that cyber attacks are here to stay. More importantly, the fact that these incidents are popping up in an almost unbridled fashion, despite the best efforts of security practitioners and advancements made in security technologies further epitomizes the challenge faced by the IT security community moving forward. It is no longer sufficient to simply protect against these attacks; in fact, the good guys here have to ensure they are constantly ahead of the bad guys and by a few steps no less."
He adds that in view of a vastly different security environment, there is greater call for enterprises to ditch their traditional perspectives towards IT security and protection against the risk of cyber space attacks, and reassess their approach towards the evolving issues. In this sense, they should shift their mindset away from a threat management approach and adopt a risk management perspective towards IT. Enterprises should also start viewing IT security from a business-centric standpoint, rather than allowing the topic to remain confined to an IT perspective. Moreover, with IT becoming synonymous with driving business processes these days, securing IT assets should form an integral part of an enterprise's efforts in minimizing business risk.
"Beyond risk, enterprises will do well to incorporate IT security into their corporate governance framework. In many ways, governance in an enterprise setup should be extended to the realm of IT security; for instance, the mentality behind the financial controls put in place to manage monetary claims made by employees should also be applied to the management of data flow within an organization. Such an approach will not only help enterprises in minimizing the risk of data loss and cyber theft, but also enhances employee awareness and appreciation towards the importance of handling data within the organization. Henceforth, greater ownership and responsibility will be delegated to the organization as a whole, rather than simply passing them to the hands of the IT department solely. This is central to the concept of marrying people, processes and technology", says Mr. Yu
Individuals also have a role to play in the fight against cyber attacks, says Ms. Aliza Shima Kassim, Research Analyst for ICT – Network Security, Asia Pacific, Frost & Sullivan,"Beyond the traditional focus on IT security by enterprises, consumers need to be accustomed with best practices while doing online transactions. Portal users need to ensure their devices and connections are well secured. Moreover, precautionary steps should be taken by staying alert and well informed on cyber threats that are occurring globally. The safety of personal transactions can be maximized when the enterprise and consumer are doing their part to ensure high levels of safety while using the internet."
In a broader view of the threat, Ms. Aliza says that other countries are starting to determine the proper authorities that should be in place to address cyberspace law administration. She believes that clear law enforcement is imperative in order to deter hackers and cyber crimes. "In addition, regulatory compliance needs to be strictly enforced by the relevant government agencies in order to strengthen their IT security posture. Apart from these precautions, the sharing of information pertaining to cyber attacks are crucial and will act as lessons to be learnt among the various government agencies together with private enterprises. This measure will help close the public-private sector gap in handling cyber attacks; something which is still in the infancy stages here in Malaysia."
Frost & Sullivan (frost.com), the Growth Partnership Company, enables clients to accelerate growth and achieve best-in-class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best-practice models to drive the generation, evaluation, and implementation of powerful growth strategies. Frost & Sullivan leverages 50 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from more than 40 offices on six continents.