Lower cyber security risks
Lower cyber security risks
In the past year, cyber-attacks in Singapore have been on the rise. What we see on the news are the ones that cause noticeable damage. However, there remain many other unreported security incidents, simply because enterprises are not mandated to disclose any breaches.
This bodes ill for other companies, which remain oblivious to the risks that they are facing. According to a recent report by US security company, Mandiant, Asian organisations score the lowest in terms of cyber-readiness. This in turn, leads cyber-criminals into viewing Asian companies as easy targets.
In the same report, Mandiant pointed out that companies based in Singapore are much more likely to be victims of cyber-attacks, due to their weak defences in terms of response processes, threat intelligence, technology and personnel expertise.
In the recent years, there had been several high profile breaches that exposed the personal data of customers.
One involved a bank, which lost private banking client data when its third party vendor’s server was breached. Another involved a private entertainment company that had its customer database hacked and leaked by hacktivists.
Since these incidents—which are stark reminders of the vulnerability of Singapore companies—the Personal Data Protection Commission (PDPC) has taken action against more than 11 organisations for their lack of security measures to protect customer data.
This shows that in the face of these high profile breaches, Singaporean companies need to do more in order to keep their digital assets safe, especially if they are beginning, or have already started their digital transformation journey, which could potentially reveal even more vulnerabilities as their legacy IT infrastructure struggles to keep up.
As these companies prepare to embrace new technologies like cloud computing, Software-as-a-Service, and other cloud-based technologies, their on-premise IT facilities are becoming less critical to daily operations.
While certain legacy software might still require on-premise IT infrastructure, the cost-effectiveness of scaling up or maintaining them start to fall. This makes it harder to justify implementation of on-premise security solutions.
To keep up with the growing sophistication and persistence of cyber-threats, organisations need to depend on several different types of technologies (and vendors) in order to have a well-rounded security infrastructure.
This can push costs and operational expenditure far beyond what an organisation is willing to spend, and which could be used to achieve other business goals. To deal with a growing threat landscape, enterprises are increasingly turning to third-party security service providers to secure their digital assets.
In a recent IDC report commissioned by StarHub (soon to be released), it was revealed that cloud-based managed security services are the fastest growing segment in the security services market.
But what makes this alternative to on-premise solutions so attractive? Given the stakes involved (enterprises typically lose millions a day due to security breaches) is it wise to trust a third-party security provider with keeping your entire business safe?
The answer for most organisations regardless of size, is fast becoming a unanimous “yes.” Large-scale attacks of immense sophistication are coming. It’s not a question of “if,” but a matter of “when.” Organisations need to take action immediately to secure their business, and managed security services are the fastest and most cost-effective way to get started.
Third-party managed security solutions have been shown to drastically reduce CAPEX in terms of manpower and technology. Providers are now investing heavily into threat prevention technology—much more so than any one company is willing to spend on protecting their own business.
This in turn leads to more advanced threat prevention capabilities that are better equipped to address cyber-attacks that evolve at a frighteningly fast pace. By outsourcing security services, organisations are then able to divert IT resources from security maintenance and strategy planning, into efforts that advance business goals.
However, not all managed security services providers are made the same. Some may offer functionalities you don’t need (meaning it may cost more unnecessarily), or are unable to provide features that make up the core of your security strategy.
To find the right partner, you need to ensure that they fulfill all your current and future requirements by asking questions specific to your organisation.
Some providers’ solutions only cover the network or web, while there are those that provide more holistic protection, starting from the telco level—allowing you to choose the service that fits your business, and more importantly, your budget.
The essential cyber-security guide for SMEs
What you need to get started on your cyber-security journey