Managers need to take cybersecurity seriously
Only 9 per cent run penetration tests to check their systems on a regular basis
No matter what your industry, cyber security needs to be top of mind for management teams. These days, with organised cyber criminals running mass-scale hacking operations and then selling information about institutional vulnerabilities, companies need to be proactive in their defence.
A worldwide survey of more than 900 executives conducted by Accenture Strategy found that more than two-thirds of respondents believe the likelihood of a cyberattack to be “very” or “extremely” high and a similar share sees a high likelihood of data or privacy breaches. With that in mind, it’s somewhat surprising that only 9 per cent run inward-directed attacks (penetration tests) to check their systems on a regular basis. It’s clear there is a significant disconnect between how aware organisations are of the cyber-threat and how prepared they are for such an attack.
Managers need to address this disconnect by making cyber security a top-down priority. From the board of directors and senior managers to junior analysts, your team needs to take cyber security seriously.
A 2015 study conducted by Accenture and Ponemon Institute found that firms that displayed leadership in cyber security shared certain characteristics, including immediate reporting of security incidents to the chief executive and board of directors, clear definition of security responsibilities and authority, and effective communication of security requirements to all employees. In short a company’s leadership team needs to address cyber security head on.
Many companies are already using new security technologies that enable them to identify anomalies in network traffic, prioritise threats and provide advance warnings of possible breaches. In addition, some companies have begun exploring new technologies to identify and prevent cyber incursions. For example, in financial services pioneering retail banks in some countries are using biometric authentication at automated teller machines, while some investment banks are piloting voice biometrics for added security and a better customer experience during telephone transactions.
Others are exploring new authentication methods, such as social log-ins and risk- or content-based identification. Although still in very early stages, such services might result in a competitive advantage, especially given the negative media exposure that is generated by successful cyber-attacks.
As well as implementing technical solutions, it’s imperative that leaders apply big picture principles to cyber security.
●Take a proactive stance: reactive cyber defence is no longer sufficient to maintain an effective security programme. This is especially true for many of Hong Kong’s key industries, such as banking, which has to be compliant with additional regulations.
●Apply a broad view of risk management: cyber risk should be considered alongside traditional enterprise risks and inform risk management decision making.
●Collaborate with experts: internal cyber security teams may have been capable of dealing with yesterday’s threats. However, in the current environment, firms will need not only outside expertise, but also effective collaboration with cloud and other service providers to deal with emerging threats.
●Pay attention to the “human factor”: many breaches occur as a result of human error, negligence or failure to follow security protocols.
Hackers are here to stay, but companies that don’t take the threat seriously may not be. For more on this, see Cybersecurity Threat: Investment Bank Challenge.
Ravi Chhabra leads Accenture’s financial services business in Hong Kong