HA NOI (Biz Hub) — The Institute of Chartered Accountants in England & Wales (ICAEW) has emphasised the need for businesses and organisations to improve their understanding of cybersecurity.
This should help businesses take better advantage of the opportunities brought by global IT trends while effectively managing their associated risks. The topic was raised at the ICAEW Thought Leadership Roadshow, which brought together IBM Vietnam, Ernst & Young (E&Y) Vietnam and the State of Audit.
Enabled by the enormous growth in computing power and storage in recent years, the world is now producing enormous amounts of data, characterised by high velocity and complexity. These days, the capability of businesses to capture and process entire data sets and even handle unstructured data has improved greatly. As more and more areas of business operations move online, many high-profile security breaches have occurred as a result of vulnerabilities in supply chains, opening up access to the systems of larger businesses. This can cause serious damage to their reputation, heavy costs for breaches and loss of their competitive edge.
"In this challenging environment, there is growing pressure for companies to better articulate their management of cyber risks, provide greater transparency on mitigating actions and strengthen lines of accountability," said Kirstin Gillon, a technical manager with the ICAEW IT faculty at the roadshow in Ha Noi and HCM City this week.
Coping with breaches requires organisation-wide capabilities that go far beyond technology and IT departments. It is therefore important to consider the whole value chain of the organisation."
"As such, cyber security needs to be treated as a high priority that requires the attention of companies at the management board level," she said.
According to a report released by Viet Nam's Public Security Ministry late last year, Viet Nam placed 7th in Asia for use of the internet. About 50 per cent of Vietnamese enterprises are using e-commerce and 100 per cent of companies use the internet for their business. Last year, 2,045 agencies and business websites were hacked, of which 220 websites were attacked by Chinese hackers. However, the number of cyber security experts was too few to cope with all of these incidents.
In his keynote presentation at the roadshow, Henri Hoang, ITRA partner, E&Y Vietnam, pointed out that "in such an environment where 68 per cent of 18- to 24-year-olds engage in risky online behavior, only 32 per cent take the right steps to protect themselves -amongst the lowest in the Asia Pacific region."
However, awareness of cyber security has improved, as 87 per cent of Internet users in Viet Nam admitted they were worried about it, the report said.
"Regardless of the company's organisational structure or risk management approach, corporate risk governance needs to be extended to all levels in the organisation. The effective use of committees can be a bridge and coordination tool between multiple levels of the organisation," Hoang added.
According to ICAEW, the corporate finance community is the custodian of large amounts of sensitive information on the activities, strategies and financial details of companies and is seen by those with malicious intent as a valuable source of information waiting to be mined.
Furthermore, in his meeting with the State Audit of Vietnam on April 4, ICAEW President Andrew Ratcliffe pointed out that the current auditing standards had never envisioned the emergence of data analytics. "The regulators need to keep abreast of how auditing is developing in order to adapt accordingly. It is in no one's best interest for innovation to be frustrated by regulation that is no longer fit for the purpose," Ratcliffe said.
Hence, he said it was crucial for those engaging in corporate finance to strictly comply with good security processes throughout the due diligence process, whereby vast quantities of information will be gathered, collated and circulated to inform the relevant participants, such as suppliers, buyers and investors, and to verify information. This could include strategic information on pricing, valuable IPs, customer and supplier data and personal financial data.
Speaking of solutions to address cyber threats, Luu Danh Anh Vu, Country Manager for Cloud, IBM Vietnam, suggested that a key step for businesses to protect themselves against increasing cyber risks would be to infuse business processes run on a hybrid cloud with a cognitive capability that can sense, respond and learn about suspicious online behaviour.
The guidelines issued today are a significant step forward in managing cyber risks. Besides this, Kirstin Gillon urged businesses to accept the reality that their security might be compromised and to consider the cyber aspect in all their activities as well as focus on protecting their critical information assets. — VNS