Menu

Rethinking the Approach to Cybersecurity

Asian organizations have made significant progress on improving their cybersecurity over the past year. That’s the good news. Now the other side of that: FireEye research shows that Asia Pacific organizations face heightened threat levels. Due to geopolitical tensions and increasingly sophisticated criminal groups, the area’s threat activity isn’t likely to drop any time soon. 

Making matters worse, Asian organizations still lag behind their peers across the world when it comes to cybersecurity. Most breaches in Asia are never made public because governments and industry-governing bodies don’t employ effective breach disclosure laws—making it a challenge to know just exactly how big the problem is. 

All of this is disheartening for governments and businesses in Asia that are desperate to keep their networks safe, but it doesn’t have to stay that way. Increasing the attention paid to cyber defense will help, but only if the changes start from the top. 

Changing the Focus 

Cybersecurity is a business risk issue that must be addressed at the highest levels. The majority of corporate boards are not involved in determining security strategy—most companies are content with handing the security reins to the CIO and assuming it will be taken care of. 

What they don’t understand is that cyber risk is not purely technical. Cybersecurity is an enterprise-wide issue with enterprise-wide implications. Executives must understand that a proactive security posture can make the difference between a disastrous breach and a manageable one. 

The sad reality is that breaches are inevitable. Increasingly sophisticated threat actors find a way around even the most cutting-edge defenses—sometimes before they’re even fully developed. In a nutshell, that means breach prevention is simply not enough. Being fully prepared means being fully proactive: not just waiting for something to happen. 

Too Much Time on the Inside 

Attackers don’t need much time inside a network to wreak havoc, but the more time they are given, the more damage they can do. Threat actors in the Asia-Pacific region have ample amounts of time before they’re discovered. In 2016, enterprises across the area allowed attackers to dwell in their environments for 172days before they found them—a full 73 days longer than in the global average. With that much time, these hackers had the opportunity to steal anything they wanted and create other entry points for future infiltration – setting the stage for more compromises down the road. 

Clearly Asia Pacific organizations must change how they’re thinking about cybersecurity. 

Those at the C-level and on the board need to understand that any investment plan should match their enterprise’s overall security strategy. Their mindset needs to shift from prevention to proactive remediation. From hunting for and monitoring signs of compromise to identifying, responding to and containing breaches, their focus must be on the entire lifecycle of a breach. That requires deep visibility into their network and real-time threat intelligence to provide a comprehensive view and create a cyberstrategy to address any gaps. Once they have the capability to identify a breach and quickly respond to it, those at the top will have taken a major step forward in maturing their cyber security posture. 

An easy way to do that? Think like a threat actor. 

It’s not as difficult as it seems. First, they need to understand the motives and the methods. What are the attackers after? How would they infiltrate our network? Who are they targeting, and why? The answers to these all-important questions will help guide resource allocation. With that information, those responsible for cyber spending will know where to focus their attention to get the most bang for their buck. 

From tools that proactively search for indications of a breach to analysts who monitor alerts and identify those worth investigating, governments and businesses in Asia can get ahead of attackers by shifting their cyber approach from reactive to proactive. The change will make them significantly better prepared to respond to a breach when it occurs. 

With more efforts and investment, Asia's cyber security will continue to improve. To see the biggest improvement, though, senior leaders in organizations across the region need to rethink how they approach cybersecurity. They need to ensure their enterprises are prepared to respond to incidents across today’s increasingly hostile threat landscape.

Tags: APJ, C-Suite View

Posted on May 15, 2017

Bryce Boland

by Bryce Boland

Asia Pacific Chief Technology Officer, FireEye

← View more Blogs

This document was retrieved from http://www.rsaconference.com/blogs/rethinking-the-approach-to-cyber-security on Wed, 22 Nov 2017 20:57:19 -0500.
© 2017 EMC Corporation. All rights reserved.