SINGAPORE: Awareness and investment in cybersecurity may have grown in recent years, but the longer-term strategy of embracing the issue remains a challenge for many, said Mr Low Chee Juee, chief technologist of the cybersecurity practice at consulting firm Booz Allen Hamilton.
Speaking at the tech risk conference during the Singapore Fintech Festival on Thursday (Nov 17), Mr Low said embracing cybersecurity remains a challenge even though organisations could reap the potential benefits of lower costs and improved organisational efficiency.
"In terms of action, we're still a step behind in a lot of areas where we need to be ahead. If we're looking at it from a scale of one to 10, with 10 being 'ready', I think we're still at 'four' in terms of where we've engineered a change," Mr Low said.
“It’s still not part of the corporate DNA, it’s not part of the business intent. It is just another project, and projects come and go. So do we want to run massive, multimillion dollar projects that just come and go, or do you want this investment to be something that’s a lot more sustainable, long-lasting, and give you returns many more years into the business?”
PREPARING PEOPLE, NOT JUST TECH
Singtel security enterprise architect Freddy Tan, another speaker at the conference, said with the cyber threat landscape evolving rapidly, it was important that organisations constantly test not just their technology, but the processes they have put in place to ensure staff are prepared and have the necessary skills to identify new attack methods.
Mr Tan said such preparations could be done through the setting up of a cyber range - an environment where teams simulate the various kinds of cyberattacks on a system, learn and practise the appropriate responses in a timely and adequate manner.
“In the real world one of the reasons why we do drills is that we want to reduce the possibility of what we call mass hysteria or panic, which can unfortunately sometimes result in more lives being lost," he said.
"Similarly in the cyber world, when an incident happens, you want to make sure that everybody understands their role. They are equipped to perform their role. The last thing you want is people getting panicked and reacting irrationally which may unfortunately cause more damage to the systems, and more importantly, also have an adverse effect on the brand reputation of the organisation.”