Over the past decade, the wave of digital transformation has swept across many organisations as they embark on adopting advanced technologies to streamline their business processes for productivity. In an era commonly termed as the “fourth industrial revolution”, data is recognised as one of the most valuable resources as it has the potential to yield powerful insights. Against this backdrop, it is important for every organisation to implement adequate security measures and to ensure they are operating effectively to protect its data from internal and external threats.

 

The following are the common technology risks organisations are exposed to:

Malware, Weak Authentication, Phishing and Social Engineering

Technology risks are multifaceted and constantly evolving. To prevent, detect and correct them in a timely manner, organisations need to consider the various aspects of an information technology system and to deploy strong security measures for the following:

  • Application security: Reduces the opportunity for malicious code to control applications to access, steal, modify or delete data
  • Information security: Protects information at every stage of the life-cycle, from storage, processing to transmitting
  • Network security: Protects network traffic by monitoring and controlling incoming and outgoing connections to prevent threats from entering and propagating across the network
  • Business continuity planning/disaster recovery planning: Ensures appropriate steps are taken to respond, recover and resume system operation
  • Operational security: Safeguards sensitive information using a series of controls and protective mechanisms
  • Identity management: Authenticates user access to systems to limit and track employees’ access to sensitive data
  • Cloud security: Protects data and applications on the cloud
  • End-user education: Educates end-users who are the first line of defence against cyber threats to adhere to IT policies, identify risks and perform actions to protect data assets

 

From an organisation’s perspective, the considerations listed below will guide efforts to reduce exposure to technology risks:

  1.   How to determine which IT security metric matters the most?
  2.   Would installing one IT solution mitigate all technology risks?
  3.   How to effectively evaluate outsourcing risks?
  4.   Are patching and privileged users’ management critical in breach defence?  

 

Recent trends have also shown an increase in the adoption of cloud services by organisations worldwide due to benefits such as reduced costs, convenience and ease of scalability. There are several cloud models available. In one of the models, cloud service providers may offer Infrastructure as a Service (IaaS) to their customers where they have to install an operating system, business applications and data on the instance provided. Although cloud service providers constantly monitor the security of the cloud infrastructure, some other security aspects to protect the operating system, business applications and data are still governed by the organisations.

 

It is therefore important for organisations to implement robust cybersecurity strategies that provide an overarching framework to identify, assess and respond to risks. Having such frameworks in place can protect your organisation against such risks, speed up recovery time in the event of breaches, and improve the public’s confidence in your organisation.

This article is contributed by Ow Ghim Siong and Riven Ooi of our Technology, Media & Telecommunications practice.

 

To find out how our Technology, Media & Telecommunications team can assist you in your technology matters, please consult our specialists:

Adrian Tan 
Partner & Industry Lead, Technology, Media & Telecommunications 
T +65 6594 7876 
[email protected]

Hoi Wai Khin 
Partner & Deputy Industry Lead, Technology, Media & Telecommunications 
T +65 6594 7880 
[email protected]