What APAC IT teams should learn from the recent ransomware attacks

Gianfranco Casati, group chief executive for growth markets, Accenture

Internet technology teams have been stretched this past week. Many corporate teams, tasked with cyber security, spent the weekend and late nights trying to make sure their company was protected against what has been described as one of the biggest ransomware attacks ever.

But while this has strained IT teams, and made headlines, it isn’t entirely surprising. Such attacks are a case of “when” not “if”. Protection is always based, in part, on the dictates of the previous attacks layered with efforts to forestall future ones that are as of yet, not dreamed up.

Cybersecurity is top of mind – even when it’s not in the news. Twenty-five percent of the 201 mining and metals executives surveyed for Accenture’s Digital Technology in Mining report said they are testing pilot programs for cyber security, and 33% have developed or are defining strategies for it. As we see an increasing uptake of technologies like cloud computing, the Internet of Things and the convergence of IT/OT, the industry recognize its rising exposure to cyberattacks. The value proposition is clear – more data means more timely, informed and better decision, but it also increases cyber risk.

Figure 1: Cybersecurity lessons from mining industry

Cybersecurity lessons from mining industry

Source: Digital Technology in Mining, Accenture

This isn’t limited to resources companies. Our report on cybersecurity strategies for banks, Building Confidence: Solving Banking’s Cybersecurity Conundrum,  based on a global survey of 275 senior security executives across the banking and capital markets sectors, found that 78% of executives surveyed expressed confidence in their overall cybersecurity strategy, with more than half the respondents indicating high levels of comfort in their ability to identify the cause of a breach, measure the impact of a breach and manage the financial risk due to a cybersecurity event.

However, the analysis also points to ongoing security challenges for banks. For example, in addition to the many phishing, malware and penetration attacks that banks around the world receive each day, on average, respondents reported that their banks had experienced 85 serious attempted cyber breaches each year. Of these, about one third (36%) were successful, that is, at least some information was obtained through the breach. In these instances, it took 59% of banks several months to detect breaches that occurred.

What can companies in Asia-Pacific do to protect themselves?

Make cybersecurity a company-wide objective. That requires developing and implementing the right governance model to drive a holistic approach to cybersecurity. Developing effective capabilities should be driven by a two-pronged strategy: focused cybersecurity assessments on one hand and comprehensive testing on the other.

Figure 2: Cybersecurity strategy for financial institutions starts with appropriate investment to strengthen resilience

Invest to strengthen resilience

Source: Building Confidence: Solving Banking’s Cybersecurity Conundrum, Accenture

And learn from these attacks. Each new cyber-security attack offers a lesson. While your IT team may have protected your company this time, it doesn’t mean their work is over. Studying the methods used and looking for internal weaknesses is an ongoing process.