DHL Asia Pacific CIO tells how not to be a victim of cyber-attacks at CA Sri Lanka CEOs Forum
Chief Information Officer of the world’s largest logistics specialist, DHL Supply Chain on Monday urged Sri Lankan corporates to increasingly invest on protecting systems, in the backdrop of growing cyber-attacks on organisationsas more and more businesses become vulnerable to such attacks.
Mr. Steve Walker, Chief Information Officer, Asia Pacific; Global Warehouse Management COE at DHL Supply Chain speaking on “What CEOs should know about Cyber Risk” at the CEOs Forum organised by the Institute of Chartered Accountants of Sri Lanka (CA Sri Lanka) underscored the importance of making ‘security’ a priority in companies if they were to prevent such attacks.
Quoting a study by Russian multinational cybersecurity and anti-virus provider Kaspersky, he said that out of 4000 businesses in 25 countries, 38% came under cyber-attack, while data was removed from 25% of these company during such attacks.
He pointed out that the culprits of cyber-attacks were no longer young kids doing it for a laugh, but were attacks that were carried out by highly organised, sophisticated businesses. “These attacks are no longer carried out by young kids looking for a bit of laugh but instead the culprits are highly organised people looking to make serious amounts of money or governments doing it for political reasons or movements doing it for moral reasons, whatever the motive, these people are serious and they have the ability to get into your system and exploit it,” he warned.
Mr. Walker said that to prevent such attacks, companies must make security a priority. “In our business at DHL, security is a priority. Safety is number 1 and so is security. Our business and reputation as an organization will be damaged significantly if we don’t make security an important priority,” he said.
“We also have a cyber security dashboard which looks at all aspects of our security and allows us as people who run the business to make decisions where we need to make investments and focus on time and energy to ensure we are fully protected at all times,” he said.
Mr. Walker also called on the top management including the Chief Executive Officers who were present at the forum to invest on a Security Operations Centre also known as SOC, which is a centre that monitors systems 24/7, and utilizes tools to see what is happening in various systems to determine if there is any unusual activity going on.
“People with SOC have far less likeliness of being hacked, as possible hacks are detected early, and so steps can be taken to isolate and ensure it doesn’t impact the business in a wrong way,” he said.
He said that the two biggest causes of malware going into the system was through memory sticks and clicking on attachments that are received via email. Therefore, Mr. Walker emphasized that it was important to educate the staff on this, and their role in ensuring their organisations stay protected.
“It is also important to work with your suppliers and customers in this area, particularly, suppliers of IT, and make sure they are complying with your high standards,” he said. Mr. Walker also adviced companies to move away from simple passwords, and to authenticate users and make sure default passwords are changed.
“Preparing for attacks is really important because when it happens it happens at the most inconvenient time, and you need to know your plan. Also have someone who is responsible for data security. If things go wrong, there must be someone to drive the way forward,” he said.
He said at DHL Supply Chain there was a protocol in place where if something happens, the company will not communicate via email or through any channel within the company’s system.
“Some people employ outsiders to come and take a look at their systems, so they can receive an outsider’s perspective,” he said. Mr. Walker said that almost every single large organization will probably be not experts in every element of data and cyber security. “There will be some aspects where you may need help and if that is the case, go get help,” he added.
Meanwhile, CA Sri Lanka President Mr. Lasantha Wickremasinghe addressing the event said that technology has impacted everyone, both at a personal and professional, and along with these development also comes the downfalls, and cyber threat no doubt tops the list of challenges organisations face in today’s fast phased technologically advanced world.
“The world we operate in is facing increasing risks of frauds, and security threats. We need to invest to ensure that the systems in place are not only the latest but are also well secure,” he said.
He said that the business world no longer have the option of ignoring changes, but instead are compelled to embrace changes and trends and also be educated on the risk and how to mitigate risks. “The truth is there is a technological revolution and this is not going to stop. So we as professionals need to keep up. Whether we are accountants, marketers or even IT professionals, we have to be future ready, we have to learn faster and be smarter,” Mr. Wickremasinghe added.