SECURITY software alone cannot guarantee the safeguard of data from the threats to the information and communications technology (ICT) infrastructures, an ePLDT chief information security officer said.
“Companies that focus on data security technology alone, unfortunately, do not understand cyber security,” Angel Redoble said. “A single attack can affect every department of a company.”
Redoble explained that cyber security should be approached holistically by integrating it across all departments.
“A company should focus first on placing a strict protocol or process and should hire the right people who are skilled to combat different kinds of threat.”
A firm could achieve business resilience in the integration of cyber security in the entire company with the appropriate technology, he explained.
According to Ernst & Young’s Global Information Security Survey, 64 percent of 1,735 companies, including Philippine-based firms, admitted to having no or informal threat intelligence programs. No less than 42 percent admitted to having no communications strategy or plan in the event of an attack.
“A security process or program provides the framework in keeping a company at a desired level of security by assessing the risks, deciding on how to mitigate them, and planning on how to keep programs and practices up to date.”
Most companies get their data compromised since they try to secure it by simply installing security software without the essential aid of proactive and inclusive measures, he added.
“The hundreds of thousands of vulnerabilities that are recorded daily, plus the evolving hacking methods, show that like a process, cyber security is a never-ending undertaking and should be evolved to mitigate and manage new threats.”
Knowledge and skills in information security are important, he noted. A knowledgeable and skilled work force could “identify and, therefore, understand how to handle” data threats, including malicious software or hackers attempting to pillage data.
Some firms “do not employ cyber security because of financial constraints,” Redoble pointed out. The measure of potential losses, however, could be bigger than the amount of money a company would invest in cyber security.
“Fortunately, due to the current trends and developments in cyber security, businesses can now achieve the process, technology and skills to uphold security through inexpensive means,” Redoble said. “By administering an assessment of their current capabilities, a company can already set certain protocols, while the lack of skills can be addressed by teaching the staff on how to recognize an attack.”