By Denise A. Valdez
ALTHOUGH THE Philippines may have a lot of work to do to ensure cybersecurity, one of the best ways to begin is by clustering data to easily identify assets that need intensified safeguarding, consulting firm McKinsey & Company said.
In an email interview with 大象传媒, McKinsey Philippines associate partner Boris Van said the Philippines has 鈥渁 lot to catch up on,鈥 despite cybersecurity being a global concern among firms.
鈥淟earning how other countries are tackling these challenges and collaborating with other governments/cyber agencies to counter cyber-attacks is important,鈥 he said.
McKinsey Singapore associate partner Aman Dhingra said companies must have a change of perspective regarding ensuring cyber safety, moving instead to a more focused approach to what is most important in a company鈥檚 set of assets than just 鈥渢hrowing money at a problem.鈥
鈥淩ather than starting with technological vulnerabilities (say, the insufficient patching of servers or routers), they should first protect the most critical business assets or processes (such as customer credit card information),鈥 he said.
鈥淎lready, many large institutions have implemented multiyear programs to classify corporate data so they can focus cybersecurity efforts and policies on their most critical information assets,鈥 Mr. Dhingra added.
KNOW WHERE TO SPEND
He said usually half of the data assets of companies are not 鈥渕ission critical鈥 — therefore, firms must learn to identify the cyber risks per set of information and direct efforts to ensuring security of the crucial data. He noted doing so may reduce cybersecurity costs by 20%.
鈥淲e surveyed 45 of the top 500 companies globally and found that more security spending does not lead to high risk management maturing — some companies spent huge sums, but were not necessarily protecting the right information assets. Therefore, it is important to know where and how much to spend,鈥 he said.
He added, 鈥淎pplying the same cybersecurity controls to all assets creates extra effort and expense. Vital assets should be protected more strongly than less important ones.鈥
Mr. Dhingra also said taking a more proactive than reactive stance against cyber criminals may be more effective in dealing with an ever-evolving threat.
鈥淐ompanies can thwart hackers more effectively if they understand how they behave. Leading companies鈥aintain up-to-date intelligence on cyber criminals鈥 capabilities and intentions — and sometimes even their identities,鈥 he said.
Mr. Van said ensuring data privacy is becoming more and more tricky now that digital data is increasing its value, the distinction between work and private devices is starting to blur, data sharing is becoming more open among businesses and their clients, and cyber criminals are growing more gimmicky.
鈥淧rofessional cybercrime organizations, political 鈥榟acktivists,鈥 and state-sponsored groups have become more technologically advanced, in some cases outpacing the skills and resources of corporate security teams,鈥 he said.
He noted that the passing of the national identification system law by President Rodrigo R. Duterte last month is 鈥渁 major opportunity but will also naturally expose more citizen data online.鈥
鈥淭he key is to rapidly be secure without slowing down the adoption of technology/digital initiatives,鈥 Mr. Van said.
Mr. Dhingra said while inadequate preparation may risk the leak of important business information, excessive and misplaced data security efforts could also hamper the conduct of work in a company.
鈥淐ompanies need to make cybersecurity a broad management initiative with a mandate from senior leaders in order to protect critical information assets without placing constraints on business innovation and growth,鈥 he said.

RELATED ARTICLESMORE FROM AUTHOR