SINGAPORE Cyber Security CONFERENCE
// End-to-End Cyber Security: Business Recovery and Security-by-Design World Economic Forum’s Cybercrime Dialogue By Jane Lo, Singapore Correspondent
C
yber Attacks on businesses by sophisticated hackers demand organisations to embed security principles in the design of digital systems, but also to build capacity and resiliency to recover from these attacks. Two conferences held in Singapore during August address these topics. The Asia Risk & Resilience Conference (ARRC) 2017 (24th – 25th August, Marina Bay Sands Convention Centre), a collaboration between BCP Asia (Business Continuity Planning Asia Pte Ltd Organiser for ARRC), RIMAS (Risk and Insurance Management Association of Singapore) and IAEM (International Association of Emergency Manager), focused on the theme of “Risk and resilience – From Strategy to Reality”. The conference aimed to enhance the awareness and promote the growth of ERM, BCM and Emergency Management in the region. The dynamism and complexity of the digital inancial ecosystem and security considerations were a focal point at the FinTech Security Summit. The event, held at Shangri-La Hotel (25th August), was an opportunity to debate on topics such as building a safe Financial Center,
28 | Australian Security Magazine
strengthening Cloud and IoT security, and reducing the surface for Cyber Attacks and crime through a Security-by-Design approach. Business Recovery and Continuity from Cyber Attacks: Most businesses plan for recovery from hazardous events or natural disasters that cause physical damage to buildings, transportation, infrastructure or critical facilities. However, increasingly, Cyber related: Cyber Attack, Data Breach and Unplanned IT and Telecom Outages are cited as Top 3 Areas of Concern by respondents in a 2017 survey conducted by BCI (Business Continuity Institute). In his Welcome Address, Mr. Sean Chan (President, RIMAS, Singapore) cited the growth of Cyber Attacks, in particular Ransomware, which reached more than 4000 per day in 2016, a 300% increase since 2015. News headlines on disruptions from Cyber Attacks no longer provoke surprises. As we increasingly digitalise our daily interactions with devices, objects, social and business networks, we also as a consequence expand and grow the surface for adversaries to launch Cyber Attacks. The case, for preparing and planning for business
continuity and recovery from Cyber Attacks is thus urgent and needs to be taken seriously. Why Plan? Mr Brian West (Global managing Director, Crisis Management, FleishmanHillard Singapore) highlighted key statistics that support the case for planning: • 75%of companies without business continuity plans fail within three years of being affected by a disaster • 25% of businesses do not reopen following a major disaster • Companies that cannot resume operations within 10 days of a disaster’s first impact are unlikely to survive • Saves money ($1 in DRR saves $4 to $7 in response) A Public Relations strategy is a necessary component of the business recovery plan. He gave an example of Nestle’s loss of 50% market share in India, following Nestle’s challenge to the report by Indian government on the excessive levels of MSG and lead in the instant noodles products. Nestle’s response contrasted with the PR messages sent by Air Asia following its 2014 crash. The CEO showed “authentic leadership” with regular and personal updates on the situation, which resulted in positive public