HWM (Singapore)

Cybersecur­ity and you: The iceberg e ect

- By Zachary Chan

In a recent study by Microsoft partnered with Frost & Sullivan titled “Understand­ing the Cybersecur­ity Threat Landscape in Asia Pacic: Securing the Modern Enterprise in a Digital World” (mouthful, I know). 1,300 IT decision makers, including CIOs and IT directors, across 13 Asia Pacic markets were surveyed, and the main takeaway was that cybersecur­ity threats have potentiall­y cost an economic loss in Asia Pacic to a tune of US$1.745 trillion in 2017, or about 7% of the region’s total GDP.

In the report, Microsoft alluded to what they call an Iceberg Effect, where the direct nancial losses from cyberattac­ks, such as nes or clean up costs are just the tip of the iceberg. Often, indirect and induced losses are farther reaching. Indirect losses refer to opportunit­y

costs for an organizati­on such as loss of customers and reputation. Induced losses can even affect the entire economy, such as reduced consumer spending and job losses. The report indicates that a large sized organizati­on

(of 500 employees or more) could potentiall­y lose US$30 million in a single cybersecur­ity incident. Of this number, the clearly visible direct loss only amounts to about US$3.4 million, while indirect losses could add up to US$9.7 million, with an induced loss of US$17.2 million.

Sobering, yes, “but what has this got to do with me?”, you’re asking right now. This isn’t something that you, or I for that matter, are particular­ly bothered by dayto-day. If news broke tomorrow that Microsoft lost some millions because of a security breach, and was ned by some governing body, you’d probably think that they deserved it.

But what if it was? While the report is squarely aimed at enterprise cybersecur­ity, the Iceberg Effect is very much true for the average person as well. Many of its ndings, both impact-wise as well as attitude towards cybersecur­ity can be applied right down to an individual perspectiv­e. Think about it.

The direct cost of a malware attack, such as ransomware, is usually an immediate loss of privacy, data, or the incapacita­tion of your device which you’ll likely have to spend extra cash to salvage. And this cost only spirals outward. In a personal capacity, the indirect cost is where your productivi­ty is affected during the recovery phase. Whether it means formatting and scrubbing your devices, or having to re-authentica­te and reapply for services and accounts that may have been affected, it all translates to loss of time and personal effort you’ll have to make up for at a later date.

What of induced losses? Surely, one person won’t affect the economy right? Well, in Microsoft’s report, another statistic that stood out was that 67% of their survey respondent­s, or about 7 in 10 companies affected by cybersecur­ity incidents resulted in job losses. What if you happened to be that guy? What if it was you that opened the email and became the vector for attack in your company? You could be facing disciplina­ry action and lose your job. That in turn affects your livelihood, family, future job prospects and spending power.

These are grim and extreme scenarios surely. You may even call me a doomsday prophet, but it does get one thinking that cybersecur­ity shouldn’t just be an afterthoug­ht that you can deal with, if, and when, it happens to you. Because by that time, it’s already too late to stop the outward ripple.

There was another part of Microsoft’s report that resonated with me on a personal level. 52% of the companies surveyed throughout Asia Pacic have either had a cybersecur­ity incident or worse yet, not even sure if they’ve been breached because they’ve never had a forensics assessment done. And yet, despite attacks, only 25% of these organizati­ons considered cybersecur­ity as essential to their digital transforma­tion projects. On the other end of the spectrum, 59% of respondent­s have said that they’ve put off or were cautious of digital transforma­tion initiative­s within their companies because they fear increased cyber-risks.

I know of so many people who wouldn’t enhance their personal cybersecur­ity with simple measures such as two-factor authentica­tion, regular data backups and keeping devices/apps/services updated for similar reasons. They either don’t feel the need to, or have become so risk-adverse that they’d rather put off adopting newer technologi­es to avoid the hassle of cybersecur­ity in the rst place.

I feel the recommenda­tions made by the Microsoft survey holds true down to the individual level because as tech becomes pervasive, we really cannot afford cybersecur­ity to be an afterthoug­ht. Just like how a the Iceberg Effect shows that cyberattac­ks can have far greater impact beyond what’s immediatel­y noticeable, securing against cyberattac­ks isn’t all about large enterprise­s with million-dollar security solutions. Even Microsoft’s report acknowledg­es that over 90% of cyber incidents can be averted with individual basic best practices.

Yes, that means you, me, everyone.

 ??  ??
 ??  ??

Newspapers in English

Newspapers from Singapore