The journey towards greater cybersecurity begins with a single step
By Paul Hadjy | The arrival of advanced digital solutions through the Internet of Things (IoT) is the primary catalyst driving the Industry 4.0* metamorphosis across the Asia-Pacific region. This digital transformation is evident in the broader business environment, where 94% of companies adopting IoT solutions into its corporate strategies are already seeing a significant return on investment, according to a 2018 white paper by CSG International. Successful adoption of IoT solutions critically relies on two things: information technology (IT) and data.
IT solutions drive interactions between startups and their recurring and prospective clients. These solutions range from hardware assets (e.g. laptops and smartphones) to software assets (e.g. customer relationship management programs). Such interactions generate data, which dynamically assists crucial decision-making processes and can make or break the survival of any startup in the Industry 4.0 landscape.
Despite the resources and education presently available to help startups enter into the Industry 4.0 marketplace, cybersecurity remains under-examined in most organizations. All businesses need a holistic approach to securing their IT and data assets, which entails procedures for protecting the assets, determining the level of cybersecurity risk, and executing protocol during a security event.
When it comes to IT and data protection, startups should consider integrating the following practices into their business processes.
Update, backup, and control the network
Regularly updating IT assets, which includes computers, mobile devices, and any accompanying software is a basic step towards protecting them. Most software updates include critical security patches designed to address any discovered vulnerabilities.
However, companies must also regularly back up any vital business information in a secure location. This can range from a localized encrypted server to secure cloud storage provided by a Third Party Managed Data Backup service provider. Such precaution not only provides an older version to fall back on should the update fail, but it also ensures a redundant copy of any critical information if anything goes missing or stolen.
Controlling access to the business network safeguards startups against unauthorized individuals who should not have access to accounts and other information. Controlling what happens around and within the network is a necessary practice for protecting assets.
Aside from access restriction, having proper change management policies and IT governance frameworks increases visibility and control over what happens in the business’s IT environment. Also, formalizing these practices as business requirements provides a degree of environmental awareness to support threat prevention, detection, and response capabilities.
The human pitfall
In a world where everything is going digital, hardware and software developers are increasingly directing their efforts on securing the technological domain. But our inherent belief and trust in technology and its accompanying solutions leads to the most critical and common pitfall of all: the human element.
The workforce is the backbone of every business, making them valuable targets for hackers. We use technology to accomplish so many business processes that we often don’t scrutinize what we see on our screens. Hackers take advantage of this opportunity, which has led to the abundance of simple social engineering attacks commonly known as phishing.
Empowering staff and properly preparing them for cybersecurity risk is another practice that startups should look to normalize, which can range from cybersecurity awareness training to prevent hackers from exploiting staff at any level.
Additionally, a well-designed Business Continuity Plan (BCP) is essential. When designing a BCP with the business team, remember to align data recovery processes with business needs. Pay attention to Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs)–two measurements that indicate how much data can afford to be lost and how long it takes to recover information. Mapping data recovery processes like BCPs to business needs and testing it with disaster recovery drills allows a smoother return to a business-as-usual after a cyber attack.
Assessing risks and responding to threats
The journey towards greater cybersecurity begins with a single step. For startups, this step is to know themselves, and the current state of their cybersecurity posture by conducting risk assessments on both their IT and business infrastructures. But just learning about and mitigating risk is not enough.
Therefore, businesses need to be ready to respond to any security event that may occur through the employment of a Cyber Emergency Response Team (CERT), which can be set up internally or outsourced to a third-party security vendor.
Startups should ensure their response capabilities are developed in parallel to their business continuity and disaster recovery plans in order to facilitate a speedy restoration to operational strength after a security event.
*Industry 4.0 is considered by many to be the fourth Industrial Revolution, where automation and data exchange come together to streamline manufacturing processes. Industry 4.0 includes cyber-physical systems, IoT, cloud computing, and cognitive computing.
About the Author
Paul Hadjy is the CEO and Founder of Horangi Pte Ltd. Before Horangi, Paul worked at Palantir Technologies, where he was instrumental in expanding Palantir’s footprint in the Asia Pacific. Paul has built over a decade of experience and expertise in anti-money laundering, insider threat, cyber security, government, and commercial banking. In 2016, Grab selected Paul as their Head of Information Security and IT to shape the company’s internal technology, information security, and business process architecture during their rapid scaling.