Article Summary
The article in question focuses on issues associated with cyber security in the business world, with a focus on emerging markets. The author stresses that Asian countries are entering the global arena as strong competitors, but their vulnerability to cyber-attacks may undermine their success (“Cyber Risks in Emerging Markets” 1). The article includes a description of major threats and concerns, as well as particular recommendations as to companies’ (and countries’) further development in the area of cyber security.
A stunning example of the problem is Malaysia, which alone lost more than $560 million of the country’s GDP in 2013 due to cybercrime (“Cyber Risks in Emerging Markets” 4). Companies lose money as a direct consequence of cyber-attacks, and they may also suffer other types of losses (for example, reputational). Multinationals, as well as local enterprises, have invested a lot in their cyber security. However, they are still vulnerable, due to insufficient regulations and the inability of smaller companies to ensure their (and their partners’) cyber security.
Remarkably, the nature of cyber-attacks is changing; companies are not common targets, since it is much easier to attack a supply chain. New entrants (these are often small-medium enterprises) fail to address cyber issues and are easy targets to use as a path toward their multinational partners’ data. While ways to reach the target are changing slightly, the major goals remain the same. Thus, attackers tend to aim at “financial services (Internet banking and brokerage)”, manufacturing, oil, and energy production (“process control networks”), large corporations (intellectual property, information on upcoming acquisitions and mergers), and “government (state secrets, identity theft)” (“Cyber Risks in Emerging Markets” 6).
Some examples of such attacks are the notorious cases of Target and Fuji Xerox. The companies had strong cyber-security policies and tools in place, but attackers managed to install their malware on computers of a supplier of air-conditioning systems. Notably, the attackers were aware of the security system of the multinational as well as Target’s business operations. The company’s point-of-sale system was attacked, and the attackers managed to obtain information concerning the credit cards of Target’s customers.
There are more examples of cyber-attacks that became successful, due to a focus on the supply chain rather than a multinational. It has been estimated that usual losses approximate $600,000 per instance, as a “price tag” for an IT incident, and more than 770,000 people may be affected (“Cyber Risks in Emerging Markets” 9).
As has been mentioned above, multinationals and large companies invest billions of dollars in cyber security, while smaller enterprises fail to implement effective cyber-security procedures and policies. Several risk factors associated with emerging markets have been identified: cost considerations and lack of funds, the lack of understanding of the risk and potential outcomes, insufficient awareness of supply chains, ineffective legal frameworks, and the spread of technology combined with inadequate or no defense tools (“Cyber Risks in Emerging Markets” 10).
However, these risks can be addressed effectively. Companies should include certain cyber-security standards in their supply chain contracts, develop specific cyber-security norms and frameworks, carry out and require networks’ monitoring and audits, and provide limited access to certain information.
The article in question includes a description of risk factors associated with regulations. It notes that companies may invest a lot in cyber security, but they will remain vulnerable as long as regulations are ineffective. The issue of regulations differs between developed countries and emerging markets. A major trend in developed countries is the use of strict regulations. Thus, EU companies are required to comply with specific standards. Clearly, this is associated with additional costs, but companies often agree to follow the rules, as they are eager to operate in the EU and the global market. However, when it comes to emerging markets, regulations are less strict, even absent.
Governments are afraid to impose some restrictions and requirements, as they fear that companies and their countries will lose their investment. This is an important risk factor to keep in mind, but emerging markets fail to take into account the negative outcomes associated with their decisions. Companies still lose millions operating in emerging markets, which can lead to their unwillingness to work with local companies, which, in turn, will have an adverse impact on the development of the economy.
The authors provide a set of recommendations that can help emerging markets address cyber-security issues. There are six building blocks, which include developing cyber hygiene, assigning a senior leader to focus on such issues, creating particular mechanisms, sharing information with other companies, making use of effective practices, and developing threat intelligence (“Cyber Risks in Emerging Markets” 13). It is crucial to have a set of measures aimed at ensuring cyber security.
These measures should be deeply incorporated into the organizational culture. Companies should also have a leader who is aware of threats, and strategies to address them. Of course, audits and constant monitoring are key elements of cyber-security policies. Companies should also share knowledge, as this will eliminate or at least diminish their vulnerability. Thus, companies should show methods for protection against cyber-attack to their partners who are a part of their supply chain. Of course, companies should be aware of particular threats they may face, and ways to address them. Finally, such policies as the use of certification can help companies to address cyber-security issues and improve their competitiveness.
In conclusion, it is possible to note that emerging markets are vulnerable to cyber-attacks. A lack of resources, information, and commitment contribute to the development of favorable conditions for cyber attackers. However, governments and companies have all the necessary tools to eliminate existing threats.
Work Cited
Cyber Risks in Emerging Markets 2015. Web.