Jane Ku - Intern - Business & Strategy Management
Implementing robust cybersecurity practices can be hard for SMEs and somehow become a ‘Space Project’ kind of challenge. But why don’t we step back a bit to take another look from a different angle?
Indeed, cybersecurity can be implemented with easy approach, bottom-up rather than top-down. It should simply start with identification of existing loopholes via threat & vulnerability assessments, mitigate the immediate risks first as they are typically leveraged by hackers nowadays.
Secondly, enterprises are obliged to adhere to relevant laws & regulations such as GDPR, CSL, DSL and PIPL to safeguard sensitive data and stakeholder privacy.
Once enterprise has the initial experience on cybersecurity control, they can consider building the governance framework to enhance the overall agility on the security measure and risk management.
“We developed our service cycle with the goal of easy adoption.” explained Skittle Wan, Manager of Security Technology & Architecture. “This aligns with our primary strategy: fixing the basics first.”
Unfortunately, cyber incidents may still incur as there won’t be 100% guarantee in anything. Therefore, a comprehensive incident response plan and in-time response should be prepared in advance to minimize the loss.
In fact, cybersecurity aims to proactively mitigate risks in a timely manner, rather than questioning the IT capability. The ultimate goal is to allow the enterprise operating in optimized efficiency and security. Evading the issue and diverting attention would not help solve the problem. It is more productive to acknowledge and confront them directly.
Recognize the shared foe, forge a unified defense line against external threats.