A trusted public-private partnership is critical in any national effort to secure cyber space, which many governments worldwide have recognised. For instance, certain governments have set up trusted information sharing networks as part of their national critical infrastructure framework, whereby industry players are invited to participate as security experts and advisors, and to share global industry best practices. Security companies like Symantec have had long histories of working with governments worldwide on enhancing their cyber security posture. Not only do we provide the technology solutions, we are also familiar with the challenges and pain points being experienced by the various government counterparts, as well as the industry best practices being used to defend against cyber attacks.
How do you think the Asia public sector needs to adapt to a world where devices and data centres access information that is stored, used or passed through the cloud?
As highlighted in the Symantec ISTR XVI, the increased use and relative simplicity and effectiveness of attack kits has contributed to their increased use in cybercrimes—these kits are now being used in the majority of malicious Internet attacks. This has attracted traditional criminals who would otherwise lack the technical expertise into cybercrime, fuelling a self-sustaining, profitable, and increasingly organised global underground economy. Cybercriminals who are financially motivated are now able to easily launch malware anytime and anywhere and steal confidential information, such as customer credit card information or intellectual property, from enterprises or end-users.
With 80 percent of respondents globally planning to use cloud computing much more intensively two years from now, according to a survey conducted by the Ponemon Institute for Symantec, the cloud’s growing popularity will increase the risk of being targeted by cybercriminals. However, despite widespread interest in adopting cloud computing technologies, many organisations are still ‘flying blind’ with respect to making them secure, potentially putting their business operations, company data and customer information at risk. Most organisations lack the procedures, policies and tools to ensure that sensitive information they put in the cloud remains secure. In fact, the same study revealed that only 27 percent of respondents said their organisations have procedures for approving cloud applications that use sensitive or confidential information.
To safeguard against data breaches in the cloud, public sectors should heed the below
• Ensure that policies and procedures clearly state the importance of protecting sensitive information stored in the cloud. The policy should outline what information is considered sensitive and proprietary.
• Organisations should adopt an information governance approach that includes tools and procedures for classifying their information and understanding risk so that policies can be put in place that specify which cloud-based services and applications are appropriate and which are not.
• Evaluate the security posture of third parties before sharing confidential or sensitive information. As part of the process, corporate IT and/or information security experts should conduct a thorough review and audit of the vendor’s security qualifications.
Sign up for Computerworld eNewsletters.