[Sponsored Article] With cybersecurity breaches, including recent high profile attacks in Hong Kong attracting negative worldwide attention, they serve as a constant reminder that companies, regardless of their size, location or industry, cannot afford to overlook the need for robust cybersecurity practices. Matthew Shriner, IBM Security, Global Security Intelligence Operations Consulting (SIOC) Partner, notes that whether it is a multination financial institution, large family operated business or an SME, in addition to financial and credit card cybercrime, well-organised cyber-criminals are increasingly fine-tuning their efforts to obtain and leverage higher-value data. Shriner says the demand for leaked data is trending toward higher-value records such as health-related personally identifiable information (PII), credit reports, and other commercially sensitive data. "Across the region, intellectual property, cutting edge manufacturing processes and new product design details are all vulnerable to cyber-attacks," says Shriner. Furthermore, as the adoption of new technologies such as big data infrastructures and cloud-based technologies increase the volume and spectrum of threats, it has become "mission critical" to monitor and protect the "treasure trove" or data lake of high-value information. "The increased threat of new product designs and sensitive data being compromised has placed cybersecurity issues at the company board level," notes Shriner. Cybersecurity research firm, Cybersecurity Ventures, predicts that cybercrime will cost the global economy about US$6 trillion annually by 2021, up from US$3 trillion in 2015. As an international finance and business hub, Hong Kong is a prime target for cyber-attacks with numerous organisations falling prey to cyber-crime, causing widespread disruption, tarnishing reputations and costing the business community billions of dollars. The latest IBM X-Force Threat Intelligence Index found that cybercriminals are changing their stealth techniques to gain access to computer systems. Notably, IBM X-Force saw an increase in the abuse of administrative tools, instead of the use of malware. More than half of cyberattacks (57%) leveraged common administration applications like PowerShell and PsExec to evade detection, while targeted phishing attacks accounted for nearly one third (29%) of attacks. With many companies using a fragmentary, disconnected approach to address their cybersecurity needs, Shiner says it is typical when IBM Security first engages with a client they will have as many as 80 security products supplied by more than 40 vendors – making security a complicated task by allowing the bad guys to hide between the cracks. In contrast, IBM's integrated security solutions correlate threat information and can automate a coordinated real-time response to threats across physical and virtual environments. "Any effective security strategy requires collaborative system integration between traditionally isolated security tools," Shriner says. This includes the sharing of real-time threat intelligence, centralising security policies and implementing consistent and coordinated policy enforcement strategies. "Adapting to a threat-aware, risk-based approach versus a compliance-based, box-checking approach is critical amidst the ever-changing regulatory mandates affecting organisations," says Shriner. For example, with potential fines anywhere from 2-4% of a company’s gross revenue for violating the EU General Data Protection Regulation (GDPR) rules, protecting GDPR data has become a cybersecurity imperative. The GDPR doesn’t just impact European companies, any organisation that stores, accesses, processes or uses EU residents’ personal data is subject to the regulation. Prior to implementing new or adding additional cybersecurity solutions, Shriner recommends the important first step should include an across-the-board of assessment of existing cybersecurity strategies and tools, and defining possible risk areas and measureable outcomes. "The key to successfully implementing a cybersecurity system should begin with an executive level conversation focusing on prioritising business objectives, and devising a security map that seamlessly spans across an organisation’s entire internal and external attack surface," says Shriner. Combined with IBM’s X-Force Red pen testing & vulnerability assessments, SOC Consulting and security information and event management (SIEM) platform, behavioural analytics, and hands-on IBM X-Force incident response services , organisations can quickly develop and deploy a holistic security strategy designed around technologies and services tailored to their needs and objectives. Widely recognised for providing one of the most advanced and comprehensive cybersecurity enterprise security portfolios available —top industry analysts -- including Gartner, Forrester, and IDC rank IBM as a leader across 12 different market segments — with more than 8,000 security professionals worldwide, IBM's X-Force team monitors more than 70 billion security events per day. Importantly, however, while IBM Security is used by major airlines, multinational healthcare companies, manufactures and global energy and utilities companies —and by 98% of the Fortune 500 list of top global financial services and banking companies — IBM's end-to-end solutions are designed to be utilised by any company regardless of industry sector or size. "IBM is the largest security consulting firm on the planet, however, our solutions are designed to cater to a wide range of clients" Shriner explains. By using IBM's X-Force solutions, companies with limited internal resources can outsource or implement security monitoring and penetration testing in a cost-effective way. "Depending on the size and structure of the organisation, the on-boarding of the X-Force solution capability can be done relatively quickly and seamlessly," says Shriner. With security teams stretched thin and facing an ever-growing stream of threats, Ricky Ho, Head of Security, IBM Hong Kong says due to limited resources, Hong Kong companies are often ill-equipped to defend their networks. "One of the main issues is a shortage of cybersecurity experts," Ho says to keep up with the increase of security threats IBM Security's range of products and services are tailored to the different needs of SMEs and large enterprises. Adding another line of defense, using artificial intelligence (AI), IBM Watson for Cyber Security with its ability to ingest millions of documents and terabytes of information allows third party users to research security threats a human might not spot. Furthermore, it's not just a matter of identifying 10 times more incidents at 60 times faster than human can, IBM Watson for Cyber Security game changing AI technology can process complex data in seconds or minutes, compared with the hours it could take a human using digital tools to process the same data. "From strategy and risk advisory services, threat management including design and deployment of SOC services in the cloud, on-prem or hybrid, incident response, and digital trust, IBM is able to help businesses to manage strong digital policies and continuously protect against emerging threats," says Ho. To understand more on how IBM Security can help, please visit our website https://ibm.biz/Bd2wZT or contact us at 2825-7878 for enquiries.