Despite cybersecurity being a global concern among firms, it remains to be an area where the Philippines need a lot of catching up to do, according to a recent report.
One of the best ways to begin ensuring cybersecurity for the country is by clustering data to easily identify assets that need intensified safeguarding, according to a consulting firm.
It is essential to observe how other countries are confronting these challenges and collaborate with other governments, as well as cyber agencies to counter cyber-attacks.
Companies must have a change of outlook when pertaining to ensuring cyber safety.
From merely “throwing money at a problem”, they should move towards a more focused approach to what is most important in a company’s set of assets.
Instead of starting with technological vulnerabilities such as insufficient patching of servers or routers, companies should protect first the most critical business assets or processes like customer credit card information, for instance.
Several big organisations have already implemented multiyear programs in order to classify corporate data so that they can focus cybersecurity efforts and policies on their most crucial information assets.
Knowing where to spend is significant. Expert posited that half of the data assets of companies are usually not “mission critical”.
Hence, firms must learn to identify the cyber risks per set of information and direct efforts to guaranteeing security of the critical data. Doing so may reduce cybersecurity costs by 20%.
The consulting firm surveyed 45 out of the top 500 companies globally and discovered that more security spending does not lead to high risk management maturing.
Some of the organisations have spent a lot of money but were not necessarily protecting the right information assets.
Thus, it is important to know where and how much to spend.
Applying the same cybersecurity controls to all assets creates extra effort and expense. Vital assets should be protected more strongly than less important ones.
Moreover, taking a more proactive than reactive attitude against cyber criminals may be more effective in dealing with an ever-evolving threat.
Firms can impede hackers more effectively if they understand how they behave. Some of the leading companies maintain an up-to-date intelligence on the capabilities and intentions of cybercriminals, and sometimes even their identities.
With the increase in value of digital data now, protecting data privacy is becoming trickier. Moreover, it has become even harder as the distinction between work and private devices is starting to blur and data sharing is becoming more open among businesses and their clients.
Add to that how cybercriminals are growing more creative.
Professional cybercrime organisations, political ‘hacktivists’, and state-sponsored groups have become more technologically advanced to the point that they have outpaced the skills and resources of corporate security teams.
Notably, the passing of the National Identification System law by President Duterte last month is “a major opportunity but will also naturally expose more citizen data online.”
The key is to rapidly be secure without slowing down the adoption of technology and digital initiatives.
Although insufficient preparation may risk the leak of important business information, extreme and misplaced data security efforts could also hamper the conduct of work in a company.
Expert concluded that organisations need to make cybersecurity a broad management initiative with a mandate from senior leaders in order to protect critical information assets without placing constraints on business innovation and growth.