The world of money and espionage: Not Bond, but data breaches: Page 2 of 2

Rising awareness, no mandatory disclosure

The world of money and espionage: Not Bond, but data breaches: Page 2 of 2

 
It is not all gloom-and-doom, however, with cybersecurity awareness rising across the Asia Pacific region.
 
This has been helped by moves such as the Singapore Government’s Cyber Security Act, as well as the efforts of CyberSecurity Malaysia (CSM) and the investments the Malaysian Government has put in, according to Carbon Black’s Asia Pacific and Japan managing director Kane Lightowler (pic above).
 
“Both have done a lot for those two countries, specifically in raising awareness,” he told DNA in Singapore.
 
But the one thing that has been holding back a proper response to data breaches is the lack of mandatory disclosure in Asia – in many Western countries, companies are required by law to inform their customers, shareholders  and/ or the markets when they have been hacked.
 
“There is largely no mandatory disclosure legislation, and although countries are talking about it, none has come into effect,” said Lightowler.
 
“What’s happening is that the incidents are occurring, but business leaders are not educated enough on it – which makes it difficult for them to make decisions on whether they are doing enough on cybersecurity,” he added.
 
Build a moat … not
 
Verizon’s Ashish concurred, and also recommended that organisations identify the “golden nuggets” they need to protect.
 
“There is no panacea – organisations need to invest time into identifying their golden nuggets, their key assets, and protecting them in a prioritised matter with the limited budgets they have,” he said.
 
When it comes to hacking into a system, if cybercriminals “think they would need to spend a lot of effort in the battle, they will move to a softer target,” he added.
 
In the earlier days of computing, organisations would protect their information assets with perimeter defences – essentially, building a moat around their castles.
 
But with the mobile and cloud trends, this is no longer feasible, Lightowler argued. Instead, you need to protect your endpoints, including mobile devices.
 
“The endpoint is important because that’s where the transaction starts and finishes – it is where the data resides and where it leaves the organisation,” he said.
 
“If you’re using security only on your network, that major investment you made is useless when your devices leave the premises.
 
“Endpoints now are the most important piece in the security stack – if you can protect them sufficiently and have visibility into them, in the office or out of it, you can better protect yourself from threats,” he added.
 
Related Stories:
 
SEA not ready for a cyber-attack … nope, not really
 
Governments not that clueless about cybersecurity after all
 
SEA at risk as disputes turn to cyberwar: FireEye
 
 
For more technology news and the latest updates, follow us on TwitterLinkedIn or Like us on Facebook.
 

 
Keyword(s) :
 
Author Name :
 
Subscribe to SNAP
Download Digerati50 2020-2021 PDF

Digerati50 2020-2021

Get and download a digital copy of Digerati50 2020-2021