“In our current state of cybersecurity, security breaches are inevitable. This is an important fact, so I am intentionally repeating it. In our current state of cybersecurity, breaches are inevitable.”
Kevin Mandia. CEO, FireEye
Focusing on cybersecurity in Southeast Asia is essential. The devastating results of cyber-attacks in Vietnam, with 19 million online users affected in just the first six months of 2019 was well documented. We also know that Singapore is especially vulnerable to cybercrimes, with recent data breaches of confidential information in hospitals and banks a prime example.
Most companies have firewalls and other protections in place to avoid a cyberattack, but what if those precautions fail? If your company is the target of a cyberattack, do you know what to do? According to a special report by Marsh & McLennan Insights and FireEye, an intelligence-led security company, “since 2017, risk experts have consistently ranked large-scale cyberattacks and data fraud among the top five most likely risks around the world.”
No one is safe from cyberattacks in this internet-driven era. The implications on people, companies, and countries can be devastating. To survive a cyberattack, your company needs a cyber resilience plan to step in when cybersecurity fails.
Identify business vulnerabilities
The majority of cyber-attacks are carried out on small to medium-sized businesses. Of those small businesses compromised, 60% go out of business within 6 months of the attack.
Tech startups are especially vulnerable to cyber-attacks because of the valuable data stored by these organisations, the use of new technology with security vulnerabilities, and managing data in-house rather than using a third-party.
While the techniques to carry out cyber-attacks in Southeast Asia are evolving, the Marsh & McLennan Insights and FireEye report suggests that 90% of all cyber-attacks are human-enabled. This refers to instances where employees click a malicious link in an email or fall victim to phishing attacks. Although certain departments may be more at risk of attack than others, company-wide training is imperative.
Putting a policy in place regarding internet usage is the first step to creating a safe environment for the startups of Southeast Asia. While traditional training helps relay information, creative training like Game of Threats can help employees learn about cybersecurity in a hands-on application.
Quantify the potential financial impact
When creating a cyber resilience plan, it’s essential to measure the potential financial impact as you decide how much to invest. Consider internal factors, such as loss of revenue as well as external factors, like litigation costs and regulatory fines. Once you’ve determined what you stand to lose, you’ll be able to make an informed investment in a cyber resilience plan.
Understand the potential non-financial impacts
While the financial implications of cyberattacks can cripple an organisation, non-financial implications can be just as devastating. When a company falls victim to a cyberattack, the reputational damage can be insurmountable. Researchers from the Department of Computer Science at the University of Oxford and Kent’s School of Computing determined four non-financial ramifications of cyberattacks: physical or digital, psychological, reputational, and social or societal.
Despite your best attempts to restore your reputation after a cyberattack, it’s still likely a portion of your clients will venture elsewhere, especially if there is a breach of their personal data.
External reputation aside, a cyberattack can also cause internal psychological and social damage throughout the organisation. A drop in internal morale in the midst and aftermath of a cyberattack often results in a loss of staff.
Moreover, on a physical level, cyberattacks may destroy or steal digital information, leaving a corporation without the assets needed to continue operations.
Have a plan to protect yourself and your business against cyber-attacks in Southeast Asia
Once you’ve determined the potential financial and non-financial implications a cyberattack may have on your business, it’s time to make a plan. Cyber insurance is a proactive option to manage your risk. The insurance plan should complement your frontline security and mitigate risk in case of a breach.
The Marsh & McLennan Insights and FireEye report states that “Global predictions indicate that cyber insurance premiums will increase at a compounded annual growth rate of 20.1 percent, between 2014 and 2020, three times faster than the general property-casualty insurance market.” These cyber insurance plans can be tailored to combat threats specific to your organisation and help you navigate liability, fines, and crisis response so your organisation can continue providing services to your clients.
***
Focusing on cybersecurity in Southeast Asia alone is not enough to keep your business safe at a time when cybercrime is on the rise. By taking the steps listed above seriously in your business and becoming more cyber resilient, you’ll be ready if an attack breaks through your company’s security precautions.