Startups and small businesses need business continuity in the face of potential security and other digital disasters
The APEC SME Digital Resilience Training Workshop was co-hosted by APEC SME Crisis Management Center and VICGO on August 29th, 2018. It welcomed people from the whole Vietnam and from around Asia.
Four guests attended the workshop and participated to the panel discussion. Dr. Jason Kao, the director of APEC SME Crisis Management Center; Mr. Rick Yvanovich, Founder and CEO of TRG international; Mr. Kato Akinori, PMO Manager of Vitalify Asia AND Mr. Vu Minh Tri, Vice president of Cloud Service of VNG Corporation, former CEO of Microsoft Vietnam.
There is any room for doubt that Digital economy is a double-edged sword. Indeed, it can be depicted both as opportunities and threat for SMEs which are an easy target for cyber-attacks.
According to Dr. Jason Kao, the director of APEC SME Crisis Management Center, SMEs are the backbone of economic prosperity for APEC countries. The digital revolution has changed the way SMEs and business used to work. Digitalisation not only gives them many opportunities but also challenges, one of the toughest is Cyber Security. However, digital security still lacks of attention and cyber-attacks turn out to be cancerous and really harmful for SMEs. Cyber security has a cost for private sector not only for big corporation but also for SME. This is the very reason why SMEs need to give a proper response to cyber-attacks. The APEC training workshop aims at joining efforts and settling an active participation.
The Panel Discussion held by our guests enabled the audience to learn many interesting points about cyber security and digital resilience. The goal of it was to raise awareness of the threats SMEs are facing in the digital era.
Many interesting points were raised by Mr. Rick Yvanovich. First, he insisted that ASEAN countries are a prime area for cyber-attacks. Indeed, 68% of ASEAN’s SMEs are unprepared for cyber security threats and the lack of institutional oversight does not help. The problem is that companies think hacks are a matter with computer. But they forget that hacks involving people and business. As a result, there is an urgent need to upgrade digital security, especially in Vietnam.
Mr.Rick Yvanovich claimed that digital security ”does not have to be such complicated but SMEs have to take the problem very seriously and do the basic procedures to prevent consequences from happening.” Saving and protecting data properly is not that much of an intimidating challenge as SMEs just have to be aware of not downloading cracks, not opening attachments until confirming the person is trustworthy, having constant backups of data, making sure all Windows updates are installed, etc.
Mr. Kato Akinori, PMO Manager of Vitalify Asia, focused on the question “What are security issues?”
The first one concerns racking the servers. Indeed, hackers attack into servers and then have access to many information such as emails address, credit card number, passwords, phone number … He gave the example of Dixons Carphone, which suffered from a cyber-attack on customer data — 5.9 million of credit cards data have been compromised and 10 million customers record may have been hacked.
This example given by Mr. Kato Akinori points out the danger of cyber-attacks. Firms lose profits, reliance and credibility. The measures for this first issue are simple: Protecting database, encrypting the important data in a database, protecting message and using SSL on all connections.
The second security issue raised are viruses. Indeed, many hackers use viruses to infect developers’ computer. This is the reason why cracking software such as Office is dangerous as software and apps are an opening door for viruses.
The third issue given by the speaker involves “bad code”. In order to prevent digital attacks, engineers must learn Secure and High-Performance setting on AWS together with latest security issue as crackers are always using new methods. Companies should also make sure to attend specialised seminar to learn technology and security with their team.
Mr. Vu Minh Tri, Vice president of Cloud Service of VNG Corporation, asserted that digitalisation is changing how business gets done. Airbnb, Facebook, and Uber stand as striking examples of how the digital area transforms the way business used to work: technology is forcing business to go digital. As a result, SMEs have to implement a security posture to give a proper response in case of crisis.
Indeed, one incident and you can go to zero, regardless of the size or the advancement of your business. SMEs need to use targets signals and behavioural monitoring and machine learning, so as to detect the threats. Closing the gap between discovery and action is also of paramount importance to respond to an eventual attack. SMEs must be aware of the threats and not lower the aftermaths.
Question & Answer
Given that SMEs have limited resources and that cyber-security involves a huge cost, is it better to invest in business or security? What choices should we make as start-ups?
Mr. Vu Minh Tri answered the question by highlighting that Cloud services are safe enough and take care of the security very well. SMEs can rely on those services to protect the data. Their services are very flexible and can suit different types of needs. So SMEs should obviously pay for their security, but they can reduce their costs by using properly the existing solutions.
SMEs and start-ups use different types of online services, what should we do to reduce the risks of cyber-attacks?
Mr. Vu Minh Tri answered first this question by acknowledging that this is an usual cases for start-ups. Indeed, online services are the easiest way for SMEs to transform an idea into a concrete project. According to him, the problem is that SMEs have no general view of all of the services they use. He gave the example of Cloud optimisation that provides a connection to all of the service used: It is a good way to improve the efficiency of your Cloud usage.
Mr. Jason Kao then insisted on the importance of ID security. Digital security is crucial, and you have to be aware that you are threatened by attacks. From the beginning of your business creation, you have to prepare yourself. There is any room for doubts that, compared with big corporation, SMEs have limited resources and can’t afford the same kind of things. For instance, many startups crack software such as Adobe because they have no option. But, if you start building that kind of habits and mentality, you should keep in mind that digital resilience should remain a priority.
At a certain stage of your company development, you should start thinking about the cost and benefits of digital resilience. If you don’t block access to your data, sometimes, one day, you are going to lose everything, and not only you but also your customers are going to be affected. The bigger your business is, the more likely you will be hit by an attack. Machines can encouter errors, but you can correct it. But most of security attacks take advantage of a human error (such as bad code, or non-updated software). Many SMEs think they are at a lower level of risk, but they are wrong.
Which industries are usually targeted? I work in medical sector and there are debates about having medical information online. What is your opinion?
Mr. Rick Yvanovich first answered. According to him, it is normal to have medical information online. Indeed, in Estonia for instance, at the time a person is born, they have a digital identity and all the information is in the cloud. It is just a matter of time before all medical data is accessible online. But what you have on your phone is already on the Could, you have a wealth of information there. So, the question is more of: “How can you do to protect those data?” SMEs and industries have to understand the potential business threats of online data: What is the risk for your business if those data are hacked? What are the damaged if your business can’t protect patient data and information?
Mr. Vu Minh Tri added then that by doing so, customer records will be exposed to public, and for a hospital, business may turn more difficult. So, there is a huge need to protect properly the information.
A guest shared then one of her experience in the USA: Her company made cybersecurity tests for the employees and such tests turn out to be really useful and valuable.
Group Training on APEC Guidebook on SME Digital Resilience
To introduce the third session of the workshop, Mr. Jason Kao gave us a broader glance of the APEC willingness to support SME with digital resilience. Ten years ago, after the tsunami in Japan, the APEC recognised that businesses got hit, particularly the SMEs. Big corporations have the resources to come back, but SMEs would never come back after the natural disaster. Most companies were held by families and SMEs do not have resources to restart their business.
Teaching SMEs how to establish security in the company has become of prime importance at the APEC. But now, it is a digital disaster. With its training workshop, the APEC wants to teach SMEs how they can have backups and make their company more resilient. Digital Resilience has a high cost, but the APEC trainings are free and the guidebook is available in different languages.
The third session has turned out to be very instructive and educational. Interactive activities where participants work on digital resilience within a realistic simulated environment were held. Participants learnt cyber security fundamentals through their participation in these activities.
e27 publishes relevant guest contributions from the community. Share your honest opinions and expert knowledge by submitting your content here.
The post In a recent APEC workshop, we learned that SMEs must learn to “survive” digital attacks appeared first on e27.