Massive and target-focused cyber attacks are threatening companies as well as national institutions. Regardless of criminal objective, intrusions in information systems raise enormous challenges for victims. Further to high economic recovery costs, the reputational repercussions that cyber attacks would cause companies are undeniable, especially for businesses that are ill-equipped with the appropriate knowledge, skills, and resources.
For instance, Quann IT Security End User Study 2017 reveals that more than half (56 percent) of 150 senior IT professionals from medium-to-large companies based in Singapore, Hong Kong and Malaysia, do not have Security Intelligence and Event Management Systems to correlate and raise alerts for any anomalies in a timely manner.
Closer to home, 54 percent of the Singaporean respondents do not have a Security Operations Center (SOC) or a dedicated team to proactively monitor, analyse and respond to cybersecurity incidents that are flagged by the systems. This no longer begs the question of “When we will get hacked?” Rather, “When?”
Overcoming the barriers
While cybersecurity investment is seen to expand at an exponential rate, from over USD80 billion in 2016 to USD170 billion in 2020, general sentiment at present posits that reaching total protection is an illusion, attributing to the lack of sophisticated systems and inability to keep up with the rapidly growing cybercrime industry.
With a forecast of 20.4 billion IoT (Internet of Things) devices to be in use around the world by 2020, it is clear that business firms need to stay ahead of the curve by taking cybersecurity seriously and invest in technical and behavioral protections.
Against this backdrop, the financial sector is no exception, where cyber attacks are growing threats as financial services are increasingly delivered over the internet. Cyber risk management is thus the new frontier for global regulatory efforts and supervisory co-operation to address these emerging threats.
In Singapore, the Monetary Authority of Singapore (MAS) has collaborated with the Financial Services Information Sharing and Analysis Centre (FS-ISAC) to establish an Asia-Pacific Regional Intelligence and Analysis Centre, which aims to encourage regional sharing and analysis of cybersecurity information within the financial services sector.
Cloud as a Countermeasure
In the private sector, we are seeing a trend of businesses veering towards the Cloud as a countermeasure, with more than half of US-based multi-national corporations (MNCs) engaging such a move. Instead of infinitely investing in computer infrastructure, third-party servers are used to store and process valuable data.
Cloud computing is becoming a highly-demanded service because providers offer high capacity networks and computing power, rather cheap cost of services, and adaptability to business evolution thanks to a "pay per use" model. In addition, companies reap the advantage of locating data in an environment that is perceived as safe.
The main cloud computing providers, including Amazon, Google, and others like them, are some of the world’s main actors that have formidable cybersecurity systems, owing to their Internet-based business models that cannot allow breach of security and disruption caused by cyber attacks.
These companies have achieved impressive growth rates over the last five years – sometimes higher than 100 percent – and they continue to invest in computer and network capabilities to propose more services to users.
Due to their reputation in cybersecurity expertise, there is an emerging trend that companies that adopt their services in the cloud will benefit from the rise of cyber attacks. However, does this mean that these industry giants will monopolize the cloud as an opportunistic countermeasure to cyber attacks, and how big is the value potential for cloud actors in the wake of recent cyber attacks around the globe?
Article by Philippe Very, PhD, Head of the “Management and Strategy” Faculty and Professor of Strategy of EDHEC Business School.