SINGAPORE--The "day is coming" when cybercriminals increasingly target Asia for financial gain, but the region's businesses are still not proactive at preventing data leakage, according to a Cisco Systems executive.
The financial services and government sectors have traditionally paid more attention to safeguarding data, but many companies in the region "have a lot of work to do" as cyber thieves shift their attention from targets in the United States and Europe, Patrick Peterson, Cisco Fellow and vice president of technology at IronPort, told ZDNet Asia in an interview Monday.
"I'm not seeing enough proactive response...they (businesses in Asia) need to get ahead of the curve."
At risk are "virtual banks"--smaller companies that "have a tremendous amount of valuable data passing through their organization, and have barely taken the first step or two" in securing that information, he pointed out. Retail stores for instance, he added, would not consider themselves as banks or see the need to be highly secure.
"In reality, the criminals can probably make ten or hundred or thousand times more attacking one of them than they can make off a traditional bank robbery. They can certainly do it with a lot less risk--no one's ever been shot breaking into the payment processing of a grocery store," said Peterson.
A key issue impacting the data security of businesses today is the disconnect between the IT department's lack of understanding perception of how employees are using technology, and how workers are actually using them, said Peterson.
Citing a recent study by Cisco, he noted that 71 percent of Chinese IT decision makers believed their employees were using non-approved applications on their company-issued computers--a close match with the proportion of IT users who indicated so. On the other hand, a significant number (36 percent) of IT administrators in India did not believe their users were running non-approved programs, which suggested they were "living in a fantasy land". Knowing and understanding the problem is half the battle won, Peterson pointed out.
IT departments also need to stop wearing the hat of a "policeman", and instead cultivate a relationship with users so that employees would heed their advice, said Peterson. "Our opinion is that, all too often, IT staff just...say 'Ok we have a new policy, you cannot do this.' But they're not looking at solving the problem--they're not really partnering the employees."
Using a stick approach, according to Peterson, may also backfire with Gen Y workers who may increasingly demand the use of their own devices in the workplace. To retain talent, companies should look beyond a one-size-fits-all security policy and instead focus on risks associated with various job functions. Employees who do not have access to sensitive information can be associated with a less vigorous security profile, he explained.