KUALA LUMPUR, 23 JUNE 2011 - The recent spike in global cyber attacks demands enhanced and integrated protective measures, say analysts from the Malaysian office of analyst firm Frost & Sullivan.
The recent attacks on government portals in Malaysia by local and international hacker groups, following an announcement that government regulator MCMC [Malaysian Communications and Multimedia Commission] would block 10 filesharing sites, have raised 'a red flag', said Edison Yu, Frost & Sullivan industry manager, ICT practice, Asia Pacific. According to reports from MCMC, and government security agency CyberSecurity Malaysia, the data of 392 users of the Sabah Tourism site were stolen and released to the public, while almost 200 different websites have been disrupted at various levels.
"[In addition] the recent slew of incidents, such as the attacks involving the Sony's Playstation network, Lockheed Martin's network, Google's g-mail passwords and Citibank's credit card customers' information, have only further strengthened the belief that cyber attacks are here to stay," said Yu. "More importantly, the fact that these incidents are popping up in an almost unbridled fashion, despite the best efforts of security practitioners, and advancements made in security technologies further epitomises the challenge faced by the IT security community moving forward. It is no longer sufficient to simply protect against these attacks. In fact, the good guys here have to ensure they are constantly ahead of the bad guys and by a few steps no less."
"There is greater call for enterprises to ditch their traditional perspectives towards IT security and protection against the risk of cyber space attacks, and reassess their approach towards the evolving issues," he said. "In this sense, they should shift their mindset away from a threat management approach and adopt a risk management perspective towards IT. Enterprises should also start viewing IT security from a business-centric standpoint, rather than allowing the topic to remain confined to an IT perspective. Moreover, with IT becoming synonymous with driving business processes these days, securing IT assets should form an integral part of an enterprise's efforts in minimising business risk."
"Beyond risk, enterprises will do well to incorporate IT security into their corporate governance framework," said Yu. "In many ways, governance in an enterprise setup should be extended to the realm of IT security; for instance, the mentality behind the financial controls put in place to manage monetary claims made by employees should also be applied to the management of data flow within an organisation. Such an approach will not only help enterprises in minimising the risk of data loss and cyber theft, but also enhances employee awareness and appreciation towards the importance of handling data within the organisation. Henceforth, greater ownership and responsibility will be delegated to the organisation as a whole, rather than simply passing them to the hands of the IT department solely. This is central to the concept of marrying people, processes and technology."
Sign up for Computerworld eNewsletters.