SG Companies Need to Go Long for Digital Security
- By Sumit Bansal, Sophos
- September 19, 2019
Cybersecurity is one of the most pressing issues for organizations around the world today. Recently in Singapore, there was a spate of cyberattacks targeting household-name brands, including Sephora, Foodpanda, and Ikea. These attacks demonstrate that no company is immune to cyberthreats.
Therefore, it is essential to look at the whole picture to see how vulnerable companies in Singapore – and across ASEAN – actually are and what can be done about it.
In our recent report, "The Future of Cybersecurity in Asia Pacific and Japan – Culture, Efficiency, Awareness", we spoke to a cross-section of firms in Singapore, Malaysia, the Philippines, Australia, India, and Japan to assess their cybersecurity readiness for the next two years. We found there is still a great deal to be done.
At present, companies are too focused on patching up short-term problems. However, the success of an organization’s cybersecurity investment lies in more than technology adoption.
Overall, businesses across the region should focus on a top-down approach by investing in and creating a strong security culture, educating employees, and establishing a path-to-purchase. These ensure robust cybersecurity capabilities for protecting against today’s continually evolving threat landscape.
Perception Vs. Reality in Singapore
While Singapore has a high level of cybersecurity maturity, the highly-publicized attacks on well-known companies in Singapore are not surprising when you consider more than a quarter of organizations in the country have reported security breaches in the past 12 months. With a figure this high, something is definitely amiss.
Furthermore, according to the 100 business decision-makers in Singapore, the most serious attacks they face come from ransomware, artificial intelligence, and machine learning, and even attacks carried out by malicious employees.
Cybersecurity Shortcomings: Communication, Culture, and Technology
Across the Asia Pacific region, some trends stood out that explained the discrepancy between perceived and actual cybersecurity maturity levels. Specific to Singapore, the main problem is that less than half (46%) of the organizations do not have a dedicated cybersecurity team that can effectively detect, investigate, and respond to threats.
Many companies are unable to take necessary action due to lack of budget, shortage of talent, and the difficulty of staying up to date with cybersecurity issues. Indeed, only a third of organizations have a dedicated cybersecurity budget and, in most cases, cybersecurity is included under the overall IT budget. All these indicate that much more work is required to improve security posture across the board.
Beyond Just Technology: What Can Be Done?
The cybersecurity journey is continually changing. Even though organizations recognize that technology will play a critical role in security in the next 24 months, many still face frustrations in educating employees and leadership, securing budget to hire skilled employees and to spend on effective technology solutions, and the lack of focus on security by management.
To address these issues, we need to look beyond just technology. Education employees and management on cybersecurity should be a priority for every organization regardless of size or industry. Around half of the incidents reported are caused by internal employees and partners, whether deliberate or accidental. As a result, employees should be encouraged to take part in cybersecurity training courses. Rewards or gamification can boost engagement and improve understanding.
Companies also need to nurture a culture of awareness about cybersecurity threats and issues, and to ensure that everyone buys in. This is not a quick fix. Fundamentally changing company culture takes time and, for it to be beneficial, all stakeholders must embrace the new culture and values. This includes everyone from the CEO to the latest graduate new-hire.
Over the long term, however, putting cybersecurity at the core of a firm’s culture by making it a central pillar of the employee value proposition, or through compelling internal communication campaigns, will instill greater awareness, reduce incidents and save resources (and reputation!)
The Future of Security
Overcoming these challenges won’t be easy. Today’s cybersecurity teams must be proactive in their response to cyberthreats. This requires having both technical tools and non-technical skills. Put simply, companies in Singapore need the right resources to keep pace with the number, regularity, and sophistication of cyberthreats.
The current security reality is this: without improved efficiency and effectiveness of cybersecurity investments, organizations will continue to slip into a downward spiral of chasing quick-fixes for new threats. Companies will experience sub-optimal results for spending and struggle to be proactive, rather than repeatedly reacting to incidents and breaches.
The Singapore government's Smart Nation vision will change the way we live, work, and play. The country is also quickly embracing digital transformation across all aspects of society.
This is an excellent opportunity for companies to take advantage of this evolution by focusing on the intelligent deployment of technology, embracing education, and repositioning their culture so that cybersecurity becomes a central pillar.
Sumit Bansal, senior director of ASEAN and Korea at Sophos, wrote this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.