There was a time when the biggest cybersecurity threats were happening at the network layer, and the priority for IT professionals was to have complete visibility into the network and keep an iron grip on access to applications and data.
However, with the wide adoption of cloud computing, the influx of cloud-based applications and the popularity of BYOD in the workplace, today’s cybersecurity landscape is much different – attacks are now happening across multiple layers beyond network layer.
In fact, according to the 2016 Ponemon Institute report Application Security in the Changing Risk Landscape [PDF], almost half of the respondents (50%) said application layer attacks were more frequent, and 60% said those attacks were more severe than at the network layer. Cisco’s Cybersecurity Report 2017 echoes this trend, reporting that more than half of security professionals identified mobile devices (58%), data in public cloud (57%), and cloud infrastructure (57%) to be their biggest sources of concerns when it comes to cyber attacks.
According to September 2015 report from London-based consultancy Grant Thornton, organizations in Asia Pacific lost an estimated $81.3 billion in revenue due to cyberattacks in the 12 months prior to the survey, compared with $62.3 billion in Europe and $61.3 billion in the U.S.
When taking a closer look at each market in Asia, Hong Kong is believed to have the second-highest risk of cybersecurity breaches in the region. According to a recent cybersecurity report by Telstra, 14.7% of Hong Kong firms have been affected by cyber attacks in the last year. Meanwhile, in April 2017, the Hong Kong Securities and Futures Commission stated that 20 hacking attacks over the past 18 months led to investor losses of HK$110 million ($14.2 million) in total. The commission will tighten cybersecurity requirements for Hong Kong stockbrokers accordingly.
Losses go beyond monetary
Back in 2007, Jason Spaltro, then the executive director of information security at Sony Pictures Entertainment, famously said it was a “valid business decision to accept the risks of a security breach”, and that he “would not invest $10 million to avoid a potential $1 million loss”. Famously, seven years later, the company suffered a major cybersecurity breach, where hackers stole and leaked pre-released movies, individuals’ private information and sensitive documents. The total loss? Almost $100 million in revenue, and a lot more in intangible and hidden costs. This includes loss of customers, difficulty acquiring new customers, and investor flight among others.
Today’s cybercriminals are unforgiving and more malignant in nature, motivated not only by financial gain but also destroying reputations built over decades that may ultimately cost owners their business. It is no longer the question of whether cybersecurity should be part of a holistic growth strategy; it is now a matter of how to invest.
Firstly, prioritize what you need to protect. For instance, in an app-centric environment, you should identify all apps in your network, whether they’re corporate apps deployed by IT or shadow apps installed by impatient employees, and secure those you deem to be most vulnerable.
Secondly, security assessment must be part of your application development framework, and not an afterthought. Having a secured application will not only protect your data, but even more importantly will enhance your customer experience and their confidence in your brand.
Lastly, it is also important to keep in mind that cybersecurity is everyone’s responsibility, not just IT. Ongoing conversations among different business units – from finance to senior management – let you better identify critical vulnerabilities, understand end-user behavior, plan an efficient and robust cybersecurity strategy, and get the support needed to roll out business-wide security initiatives. Ultimately, cybersecurity should be integrated into every aspect of the organization to ensure that you retain your customers’ trust and protect your bottom line.