A steady stream of high profile hacks and headlines over the past 12 months should leave little doubt about the importance of robust cyber-defence. Now, more than ever, cyber security needs to be firmly on the radar of board-room executives.
In January 2014, the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) cautioned businesses and the public of rising security threats as it recorded 1,593 security incidents in 2013, up 52% from 2012. It also identified over 8,300 ‘invisible bot machines’ in Hong Kong in the fourth quarter of 2013.
Analysing the cyber security scene in Hong Kong, Mr Leung Siu-Cheong, Senior Consultant of HKCERT, said: “Cyber security activities are becoming camouflaged, if not invisible. Owners of compromised computers are unaware that their computers are being used to attack others on the Internet. To get a clearer picture of the cyber security scene in Hong Kong, HKCERT is working with global security researchers to collect data to proactively identify these ‘invisible bot machines’, or compromised computers.”
With the growing trends of mobile payments and ‘Bring-Your-Own-Device’ at work, mobile attacks may also become more mature and sophisticated.
At BT our recent global research on the state of cyber security preparedness amongst businesses enables us to offer our customers advice and guidance on the best approach to strengthening their organizations cyber-defences. The most recent survey validates the findings of the HKCERT and similar organizations worldwide: the war on cyber security is escalating as technologies continue to mature and the Web becomes an integral part of daily business.
Our new research reveals that board-level executives may not be taking the threat of cyber security seriously enough; more than half (58 per cent) of IT decision-makers in Asia Pacific state that their boards underestimate the importance of cyber security (see Figure 1). Hong Kong businesses view IT security as an important part of business with up to 56 per cent of Hong Kong respondents indicating that directors and senior business decision makers are undergoing IT security training and a further 38 per cent said training was in the pipeline. This compares favourably against Singapore where only 40 per cent are currently being trained.
Figure 1Importance of cyber security in Asia Pacific
The study, which assessed attitudes to cyber security and levels of preparedness among IT decision makers across seven countries, reveals some interesting variations in attitudes towards cyber-security.
Measuring for success
Companies today are under scrutiny to provide measurable return on investment (ROI). Investments in IT security can sometimes be hindered by difficulty in measuring ROI. 68 per cent of Hong Kong respondents to the survey say they are able to measure their returns on IT security investment in line with the global average of 66 per cent (Figure 2). This will prove important for them when it comes to budget reviews and also where a case needs to be made to upgrade or introduce new technologies to combat rising cyber security threats.
Figure 2Able to measure IT Security ROI
What next for businesses?
The research provides a fascinating insight into the changing threat landscape and the challenge this poses for organisations globally. It should also serve as a warning to organisations that the risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone.
Adopting tight cyber security strategies must not be overlooked in 2014 and beyond and should play a key factor in boardroom plans for long-term growth and success moving forward.
In response to emerging threats, three quarters (75 per cent) of IT decision makers globally say they would like to overhaul their infrastructure and design them with security features from the ground up. 74 per cent would like to train all staff in cyber security best practice. While just over half (54 per cent) say they would like to engage an external vendor to monitor the system and prevent attacks.
Among Hong Kong respondents the priority is around training staff on cyber security best practices (70 per cent). Overhauling the IT infrastructure is tied with outsourcing IT security at 62 per cent. This is similarly reflected among Singapore respondents that see training as most important (80 per cent) closely followed by an overhaul of the IT infrastructure (76 per cent). At 60 per cent, outsourcing IT security is a distant third.
Table 1Top 3 IT Priorities
|Overhaul IT infrastructure and design them with security features from the ground up||75%||83%||62%||76%|
|Train all staff in cyber security best practice||74%||62%||70%||80%|
|Engage an external vendor to monitor the system and prevent attacks||54%||55%||62%||60%|
|Improve whitelisting policies||49%||49%||59%||37%|
|Increase the use of virtualized environments||47%||49%||46%||46%|
Encouraging signs, but it remains to be seen whether board level executives will take notice of the emerging threat that cyber security poses. As the threat landscape continues to evolve, CEOs and board level executives need to invest in cyber security and educate their people in the IT department and beyond.
At BT we help our customers identify and understand the risks and vulnerabilities as well as their critical assets. We provide them with best of breed portfolio, intelligence services plus dedicated subject matter experts to help them put the right security measures in place to mitigate cyber threats.
Security is in our DNA and we see it as a priority - the stakes are too high for cyber security to be pushed to the bottom of the pile.
For more information, please refer to the study: http://www.globalservices.bt.com/static/assets/pdf/solutions/security/BT...
Kevin Taylor is President, Asia, Middle East & Africa at BT Global Services.