As hackers become bold and technology advances, the Southeast Asia business community will need to ramp up their cyber defences or face severe consequences. This means moving cyber expertise from the IT back office to the top floor.

Southeast Asia businesses are on a cyber knife edge. For the last few years, a well-trained cyber army has mounted a torrent of attacks causing unsurpassable devastation to businesses’ operations – and their bottom lines. Given the unstoppable rate of cyber breaches and attacks, the only solution is for business leaders to take decisive action, implementing stringent cyber measures from the boardroom to the warehouse.

This fact illustrates the need for decisive leadership: despite Southeast Asia’s apparent cyber vulnerability, the wider Asia Pacific market is expected to witness the highest growth of cyber security expenditure between 2022 and 2031. It is clearly more than just a technology problem.

An elevated risk

The first step in improving Southeast Asia’s security position is understanding what constitutes an appealing target. Historically, cyber security was simply a case of protecting networks and devices from malicious codes and viruses created by a handful of amateur hackers.

Also Read: Indonesia’s antivirus reliance: A cybersecurity blindspot

However, today, attack technology is far more advanced, and the attackers may be anything from organised criminal gangs to state-sponsored threat actors. Moreover, Southeast Asia’s chief information security officers (CISOs) and IT managers are dealing with multiple attack surfaces, spanning mobility, the internet of things (IoT), software-as-a-service and the cloud, and a host of threats ranging from low-level phishing to full-scale ransomware attacks.

Thanks to the emergence of crypto-currencies, cybercriminals are finding it easier to carry out large-scale attacks such as ransomware, in which attackers use malware to hold an organisation’s data in exchange for a ransom.

According to a recent study, 67 per cent of companies in Southeast Asia reported they were victims of ransomware attacks. Operational technology (OT) has also become increasingly threatened. An emerging cyber threat weaponises programmable logic controllers (PLCs) to infiltrate OT and enterprise networks.

And finally, social media platforms have become an elevated risk as bots, spam accounts, and phishing scammers look to exploit human and business vulnerabilities.

The prevalence of bots is concerning due to their ability to sow discord and build mistrust amongst organisational stakeholders. They also pose a gateway to financial scams and can lead to employees compromising important information.

Across the world, bots and spam accounts account for 77 per cent of online security and fraud incidents. Bots’ capabilities are significantly greater than humans’ due to their automation and the absence of human error.

All of these issues can be attributed to several factors: ageing infrastructure, poorly-designed architectures, application vulnerabilities and physical device infiltration. However, human error is the primary cause of most data breaches and cyber-attacks.

According to an IBM report, 95 per cent of cyber security breaches are primarily caused by human mistakes, costing US$3.3 billion. A single, reckless human error can effectively undo investment in an extensive stack of sophisticated cybersecurity technology.

These incidents often stem from a lack of cyber training and poor awareness of the various attack methods. In addition, the post-COVID-19 shift to remote and hybrid working has made monitoring employees and their use of company technology more challenging.

Also Read: Safeguarding digital assets through cybersecurity innovations

The most critical factor is a business culture built on cyber complacency. If senior executives ignore or dismiss the cyber threat, then there is no impetus for employees to care.

Review your resiliency

Naturally, given the potential repercussions of human error, any organisation’s first line of defence is boosting staff awareness of cyber threats. The Singapore Police Force’s (SPF) recent guidelines on types of crimes and online harm are a good place to start.

CISOs and IT managers often then follow this up with regular communication on circulating phishing scams and technological trends.

Consistent education for employees is key to building resilience. Employees who are well-versed in their company’s IT stack are less likely to be exploited by cyber threat actors.

Crucially, organisations should ensure they have robust cyber security policies in place that are driven from the top down. Business leaders and boards that communicate regularly with CISOs and IT chiefs are more likely to be well-defended against current cyber attacks.

Business leaders may need to review their internal systems and policies to achieve this resiliency. They may be required to upgrade legacy technology stacks, implement privileged access management (PAM) and Zero-Trust procedures and consider investing in a 24/7 security operations centre, either through their cyber security vendor or a managed security services provider (MSSP).

Whatever the roadmap, a business’ leadership should be at the forefront, thereby ensuring a healthy cyber culture across the entire organisation.

Of course, adopting this culture is easier said than done and necessitates both time and investment. For small-to-medium businesses, both costs and resources remain a constant pressure. Meanwhile, multiple silos and overlaying IT stacks at the enterprise level can complicate the issue.

Nevertheless, business leaders willing to listen to and work with cybersecurity experts will find it easier to align their security measures with their business strategies. Together, they can formulate financial plans incorporating cyber security costs while still achieving their KPIs and objectives.

Once the Southeast Asian business community better understands cyber security’s benefits on long-term business health, investment in this area will no longer be regarded as a cost but a necessity. The tools are already there: leaders and security experts need to bring them together.

–

Editor’s note: e27 aims to foster thought leadership by publishing views from the community. Share your opinion by submitting an article, video, podcast, or infographic

Join our e27 Telegram group, FB community, or like the e27 Facebook page

Image credit: Canva Pro

The post Boardrooms to warehouses: How SEA leaders can build cyber resiliency from top-down appeared first on e27.