HAVING weak cyber security puts a company at risk of losing revenue and reputation. It can also make the company vulnerable to sensitive data theft and costly lawsuits.
For these reasons, firms are urged to build up their capability to protect their cyberspace or outsource a reliable company with a cyber security approach that is predictive, responsive, preventive, and detective.
“Traditional security measures are necessary but are not enough for the survival of an organization,” said ePLDT chief information security officer Angel Redoble.
“Even if you have the basic setup for your company’s cyber security, you will be spending money and still putting the company at risk.” Redoble was one of the speakers during the Seminar on Cyber Security and Data Privacy Law organized by PLDT Enterprise and the Mandaue Chamber of Commerce and Industry (MCCI) at Maayo Hotel on Jan. 25. Other speakers were Assistant Secretary Geronimo Sy of the Department of Justice and Police Senior Insp. Leo Deofiles, chief of the Regional Anti-Cybercrime Office-Central Visayas.
While cyber attacks are becoming more “intelligent and sophisticated” every year, many firms still do not have a strong understanding of their cyber posture and many organizations take long to discover a breach.
“Businesses need to protect its internal and external information. The longer you detect and resolve a cyber attack, the bigger the damage. The challenge is to respond quickly and efficiently. How fast can you respond and recover?” Redoble said.
He explained that cyber attacks are driven by different motivations, such as for personal or corporate gains, organization funding, and economic superiority.
But when companies implement cyber security, they are faced with the complexities it brings, including people, process, and technology, larger network, BYOD (bring your own device), and siloed IT. Also, deployment can make it difficult to implement cyber security across organizations.
Cyber security, according to Redoble, also needs the right people with the right expertise. Yet companies are having difficulty recruiting the required talent. This could be attributed to the lack of solid educational programs on cyber security, among others.
With the way cyber attacks are becoming elaborate every year, Redoble urged firms to face the facts.
He said that attackers also have access to most or all the defensive tools and tactics of enterprise defenders and that defenders lack platform, authority, and resources to fully control and protect the systems and data they are responsible for. He also questioned the capability of security teams to monitor round-the-clock traffic and attacks.
“Cyber security is not just about technology and computers. It involves people, information systems, culture and physical surroundings, and technology. It creates a secure environment where business can remain resilient in the event of a cyber attack,” he said.
During the seminar, MCCI President Stanley Go raised the suggestion for the chamber to work with PLDT in conducting a “cyber security audit” for its member-companies. (PR)