8:39:22 PM | 4/7/2016
The Institute of Chartered Accountants in England & Wales (ICAEW) on April 4 emphasized the imperative for businesses and organizations to improve understanding of cyber-security. This should help businesses better take advantage of the opportunities brought about by global IT trends while effectively managing their associated risks.
The topic was raised at the ICAEW thought leadership roadshow which was joined by IBM Vietnam, Ernst & Young Vietnam (E&Y), and the State of Audit in both Hanoi and Ho Chi Minh City.
Enabled by the enormous growth in computing power and storage in recent years, the world is now producing enormous amounts of data which is characterized by high velocity and complexity. These days, the capabilities of businesses to capture and process entire data sets and even handle unstructured data have also improved greatly. As more and more areas of business operations move online, many high-profile security breaches have occurred as a result of vulnerabilities in supply chains, opening up access into the systems of larger businesses; which can cause serious reputational damage, breach costs and loss of competitive edge.
“In this challenging environment, there is a growing pressure for companies to articulate their management for cyber risks better, provide greater transparency over mitigating actions and strengthen lines of accountability. Coping with breaches requires organization-wide capabilities which go far beyond technology and IT departments.It is therefore important to consider the whole value chain of the organization.” said Kirstin Gillon, a technical manager in the ICAEW IT faculty at the roadshow in Hanoi and Ho Chi Minh City.
“As such, cyber-security needs to be treated as a high-priority that requires attention of companies at management board level” she stressed.
According to a report released by Vietnam’s Public Security Ministry late last year, Vietnam is placed 7th in Asia for using internet and about 50% of Vietnamese enterprises are using e-commerce and 100% of companies use the internet for their business. Last year, 2,045 agencies and business websites were hacked, of which 220 websites by Chinese hackers, but the number of cyber security experts was too low to cope with all of these incidents.
In his keynote presentation at the roadshow, Henri Hoang, ITRA partner, Ernst &Young Vietnam pointed out that “In such an environment where 68% of 18-24 year-olds engage in risky online behavior, only 32% take the right steps to protect themselves, amongst the lowest in the Asia Pacific.”
However, awareness of cyber-security has improved as 87% of internet users in Vietnam said they were worried about cyber-security, the report said.
‘Regardless of the organizational structure or risk management approach, corporate risk governance needs to be extended to all levels in the organization. Effective use of committees can be a bridge and coordination tool between multiple levels of the organization’ Hoang added.
According to ICAEW, the corporate finance community are custodians of large amounts of sensitive information about the activities, strategies and financial details of companies and seen by those with malicious intent as a deep seam of information waiting to be mined. Furthermore, in his meeting with the State Audit of Vietnam on April 4, ICAEW’s President, Andrew Ratcliffe pointed out that the current auditing standards never envisaged the emergence of data analytics. The regulators need to keep abreast of how auditing is developing in order to adapt accordingly. The last thing anyone would want is for innovation to be frustrated by regulation that is no longer fit for purpose. Hence, it is crucial for those engaging in corporate finance to strictly comply with good security processes throughout the due diligence process, whereby vast quantities of information will be gathered, collated and circulated to inform the relevant participants, such as suppliers, buyers, and investors and to verify information. This could include strategic information on pricing, valuable IP, customer and supplier data and personal, and financial data.
Speaking of solutions to address cyber threats, Luu Danh Anh Vu, Country Manager for Cloud, IBM Vietnam, highlighted one of the key steps for businesses to protect themselves against increasing cyber-risks would be to infuse business processes run on hybrid cloud with cognitive capability that can sense, respond and learn about suspicious online behaviors.
The guidelines issued today are a significant step forward in implementing the management of cyber risks. Besides, Kirstin Gillonalso urged businesses to accept a reality that their security might be compromised and consider 'cyber' in all their activities as well as focus on their critical information assets.
Nam Pham
Vietnamese
