Even though new technologies such as software-defined networks, cloud and big data are able to help improve the business, they present new and complex cyber threats as well. The speakers at this year's Computerworld Singapore Security Summit thus shared the strategies and tools they have at hand that could help protect organisations from the risks associated with these new technologies. The Summit saw more than 250 active participants-members of the information security professional community in Singapore and other parts of Asia-assemble for some in depth discussions held at the Marina Bay Sands Expo and Convention Centre in April.
Addressing Cyber Threats
Gerry Chng, Partner at Ernst & Young Advisory (Singapore), kicked off the summit by sharing findings from his company's 'Global Information Security Survey 2013' in his presentation titled 'Under cyber attack.'
Gerry Chng, Partner, Ernst & Young Advisory, Singapore
The annual survey-which drew the opinions of 1,909 CIOs, CISOs, CFOs, CEOS and other information security executives from 64 countries-explored the actions that enterprises took last year to address current and future threats. The actions taken were found to have fallen under three levels of responses to cyber risk: improve, expand and innovate.
According to Chng, organisations today need to transform their security measures as no enterprise is invulnerable to the cyber threats which are getting increasingly complex. Organisations seem to recognise this need as 43 percent of the respondents indicated that their information security budgets were on the rise. Moreover, they are also shifting their focus from operations and maintenance to improving and innovating, as indicated by the respondents claiming that 46 percent of their IT spending in the next 12 months will be directed towards security improvement, expansion and innovation.
Enterprises (46 percent of the respondents) are increasingly aligning their information strategy to their business strategy too, said Chng. This is a positive move as a misalignment between the two can potentially expose organisations to increased information risk.
Besides improving security measures, Chng advised enterprises to expand their security capabilities so as to widen their ability to protect the organisation, data and brand. To do so, top level executives and senior management need to first buy into the belief that security is vital to the enterprise. Organisations also need to ensure that the people, process and technology elements are aligned before implementing a security policy or technology. According to Chng, many failed security projects are due to the fact that they were too focused on technology and ignored the needs of the employees who will be using it and the process the technology required. Other ways of expanding security capabilities include improving physical security, as well as using analytics and reporting tools such as the Security Information and Event Management (SIEM) to obtain a holistic view of the organisation's IT security and spot patterns that are out of the ordinary.