May 09, 2017 (LBO) – Sri Lankan corporates needs to increasingly invest on protecting systems, in the backdrop of growing cyber-attacks on organisations, as more and more businesses become vulnerable to such attacks, an expert said.
DHL Asia Pacific Chief Information Officer Steve Walker, speaking at a CEOs Forum organised by the Institute of Chartered Accountants of Sri Lanka, underscored the importance of making ‘security’ a priority in companies if they were to prevent such attacks.
Quoting a study by Russian multinational cybersecurity and anti-virus provider Kaspersky, he said that out of 4,000 businesses in 25 countries, 38 percent came under cyber-attack, while data was removed from 25 percent of these companies during such attacks.
“These attacks are no longer carried out by young kids looking for a bit of laugh but instead the culprits are highly organised people looking to make serious amounts of money or governments doing it for political reasons or movements doing it for moral reasons,” he warned.
“Whatever the motive, these people are serious and they have the ability to get into your system and exploit it.”
Walker said that to prevent such attacks, companies must make security a priority.
“In our business at DHL, security is a priority. Our business and reputation as an organization will be damaged significantly if we don’t make security an important priority,” he said.
“We also have a cyber security dashboard which looks at all aspects of our security and allows us as people who run the business to make decisions where we need to make investments and focus on time and energy to ensure we are fully protected at all times.”
He also called on the top management of local companies to invest in a Security Operations Centre also known as SOC, which is a centre that monitors systems 24/7, and utilizes tools to see what is happening in various systems to determine if there is any unusual activity going on.
“People with SOC have far less likeliness of being hacked, as possible hacks are detected early, and so steps can be taken to isolate and ensure it doesn’t impact the business in a wrong way,” he said.
Walker said that the two biggest causes of malware going into the system was through memory sticks and clicking on attachments that are received via email. He emphasized that it was important to educate the staff on this, and their role in ensuring their organisations stay protected.
“It is also important to work with your suppliers and customers in this area, particularly, suppliers of IT, and make sure they are complying with your high standards,” Walker said.
He also advised companies to move away from simple passwords and to authenticate users and make sure default passwords are changed.
“Preparing for attacks is really important because when it happens it happens at the most inconvenient time, and you need to know your plan. Also have someone who is responsible for data security. If things go wrong, there must be someone to drive the way forward.”
He said at DHL Supply Chain there was a protocol in place where if something happens, the company will not communicate via email or through any channel within the company’s system.
“Some people employ outsiders to come and take a look at their systems, so they can receive an outsider’s perspective,”
“There will be some aspects where you may need help and if that is the case, go get help.”