Sanjay Rohatgi, Senior Vice President, Asia Pacific and Japan, Symantec
There is no denying that customer data is a valuable source of customer insights and essential part today’s business models. With this data, businesses can enhance customer experiences, improve service quality and target their marketing efforts (and dollars) efficiently. At the same time, there is increasing pressure for companies to ensure that the data is well protected, given the increasing data volume and value.
Companies need to bear in mind that their customers are entrusting sensitive personal data with them, and a breach in trust will be difficult to regain.
Businesses need to take the necessary steps to protect their data, whether it’s in storage or being transmitted across networks. In 2014, cyber attackers targeted five in six large companies – a 40 per cent increase over the previous year. As industrial Internet of Things (IoT) becomes more connected due to requirements and demand for reporting, these changes will introduce more opportunities for attacks on critical infrastructure in the year ahead. Furthermore, the line between work and personal tools are blurring, whereby personal devices and cloud applications are now being used to access corporate email, calendars, applications and data. As a result, this places customer data at a higher risk by opening more doors (or endpoints) to potential cyber-attacks.
"Cyber insurance itself is not a defence; it is an added layer of protection that compliments other existing information security management system"
With the high costs from a data breach, what can companies do to protect their customers’ data, and to mitigate risks?
Mitigating Risks through Cyber Insurance
Cyber-attacks can impact a company’s brand, reputation, and business operations, with legal repercussions varying in scale across the board. On top of that, cyber-attacks and data breaches are often expensive. Companies need to plan proactively for attacks and prepare reactively for cyber-attacks. Consequently, cyber insurance – insurance for goods, intellectual property (IP) and commerce – is becoming increasingly critical in mitigating risks and protecting companies against costly hacks or theft.
Cyber insurance is effective when the cost of additional information security controls do not reduce the risk enough to make the investments in such controls practical. Cyber insurance itself is not a defence; it is an added layer of protection that compliments other existing information security management system.
Embracing Biometric Security
There has been a significant adoption in the use of biometrics in recent years, and this will be the security trend to keep an eye out for as it as major industry players implement new capabilities both with new sensors in devices, but also with adoption of biometric authentication like FIDO and TouchID. As a matter of fact, many of us are now familiar with the biometric scanners on popular devices such as the iPhone and Samsung mobile, and are getting increasingly comfortable with this tool. This facilitates secure on-device storage of biometric information (like fingerprints) as well as interoperability between apps and systems. Biometric sensors will significantly increase convenience for device unlock, purchasing and payments while reducing, or perhaps even replacing, the dependency on passwords. In a corporate setting where we may be using multiple devices at any given time, this would be especially useful since it eliminates the need to memorise multiple complex passwords.
Adding the Human Element to Cyber Security
While every organisation will have their respective security solutions in place, they should not be overly relying on them. Companies should think about the human element in cyber security, and equip themselves with basic security know-hows to avoid basic attacks. Many data leaks are also often a consequence of careless human error or complacency. We have to bear in mind that we do not necessarily have to be security experts to protect ourselves, and simple precautionary acts can also be highly effective in fending off basic malware attacks.
Companies can consider using security gamification techniques to train employees to look out for phishing emails or to generate, remember, and use strong passwords. Through these simulation exercises, employees can extend their understanding on cyber security practices and increase their security awareness. Simple exercises such as sending a faux phishing email to the office can show employees what the warning signs they should look out for, and improve their readiness. Using instant gratification of simple game can also encourage employees to adopt better security behaviours and train resilience.
As cyber-attacks evolve and become more rampant, companies need to up their security game and stay one step ahead of cybercriminals. This is especially important during these times where the cost of cyber-attacks extend beyond business operations and into the hard-earned trust between companies and their customers.