Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

Into the world of security, CIOSEA News, ETCIO SEA | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | #hacking | #aihp


In today’s ever-growing threat landscape, the concerns of security and foolproof cyber posture strategies need to be linked to an organisation’s central business objectives in order to mitigate threats, risks, and any harm that can take a toll on businesses.

What are some of the most eminent cybersecurity trends? How did the threat landscape evolve this year? What are the best practices security leaders are advocating? We spoke to several technology and security experts to decode these questions and more, while organisations globally navigated uncertainties in the cyber world in 2023.

Here’s a crisp wrap-up of the most insightful conversations we have had with CISOs this year.

‘Secure by design’ needs to be incorporated in business strategy from beginning: Justin Ong, APAC Chief Information Security Officer, Panasonic Asia Pacific

For CISOs, security is paramount but today it is not only about protecting systems. It is more about ensuring business continuity and enterprise risk management that every company needs to address now. Unlike other traditional risk management processes, when we talk about disaster management, cybersecurity has to align with the business strategy today from the beginning itself. Businesses are changing very fast and quickly and the security approach also needs to change in the same way.The concept of secure by design and security engineering from the start needs to be incorporated, thus moving up security to the higher value chain rather than just staying on keeping things safe. So security today is more about adding value to the business rather than just keeping the house safe. This requires more time and engagement with business, and this is where technology and automation can play a big role in traditional security operation and compliance. Hence security needs involvement not only from IT but rather a multi-stakeholder approach.

Cybersecurity is a group activity; there is little chance for success if we do not communicate and collaborate: Andre Shori, Chief Information Security Officer, Schneider Electric

“Cybersecurity is a continuous journey, and I continue learning and growing and doing the best that I can with the resources that I have to ensure that I have truly done all that is humanly possible, individually and together with my colleagues as a group. Also, cybersecurity is a group activity; there is little chance for success if we do not communicate and collaborate. It is everyone’s responsibility, from the brand-new additions to our company up to senior leadership. Is this a high standard to strive for? That’s hard to say, as the variables and landscape are constantly shifting like grains of sand in a sandstorm, but we can only do our best and understand that we are learning and growing every day and that the Chinese symbol for “crisis” is also the symbol for “opportunity.””

Probably the best investment a CISO can make today is in themselves. Get out there, invest time to build your professional network, and actively participate in national-level engagements and activities with the biggest ROI. Evolving into the trusted business partner that CISOs are expected to be is more than just effective risk management; it’s also seeing opportunities for growth, efficiencies, and differentiation in a safe, risk-managed, mature environment.

Leaders need to stop looking at cybersecurity as a collection of point solutions: Pepijn Kok, Head of Cybersecurity, Advanced Info Services

“There has to be a paradigm shift-thinking along the route of zero trust. I’m not simply saying implement SASE products. But zero trust is a strategic way of thinking, it is a mentality shift. Even if you don’t implement zero trust products, shifting to that way of thinking is the way forward- assuming breach because the patching cycles and the exploitation cycles are no longer going to match,” shared Pepijn.

Thinking of cybersecurity as a separate bucket of activities is also not going to help you improve your posture. We need to look at cybersecurity as a platform like everything else is a platform. It doesn’t mean that you have to have the best in breed technologies. The most important thing is does it work, does it integrate, and does it simplify things for you. So while building on the foundation of simplified security that is applicable everywhere, work on your culture shift. It might take you two or three years but then you would have fixed your foundation and that is a great starting point to drive the rest of your strategy.

Attempting to eliminate every potential risk is a proven recipe for inefficiencies and financial waste: Darren Argyle, Non-Executive Chairman, Cyber Leadership Institute and Group Chief Information Security Risk Officer, Standard Chartered Bank

An effective cyber resilience strategy is one tightly tied to strategic business goals. Getting this right requires the CISO to develop an in-depth understanding of the business value chain and ruthlessly prioritise limited resources towards the protection of digital crown jewels – systems that underpin competitive advantage, the most profitable business lines and products customers value the most. Getting this right requires the CISO to consult intensively with key stakeholders and build their views into the strategic agenda. This creates a shared sense of purpose and secures strategic support from key decision-makers.

Once you have identified your crown jewels, the next step involves implementing a set of non-negotiable cyber security controls that, if designed, implemented, and operated effectively, will significantly reduce your cyber risk profile. These include multi-factor authentication, data encryption, offline backups, privileged access management, 24/7 monitoring and application whitelisting. Focusing on what matters while refusing to be enticed by every bleeding-edge concept reduces the cost of security and maximises the effectiveness of controls. Attempting to eliminate every potential risk is a proven recipe for inefficiencies and financial waste.

The relationship between security, IT and risk is what guides an organisation to success: Manan Leo Qureshi, APAC Regional Security Leader at Yum! Brands for KFC and Pizza Hut

“Before you can build up any of the technological innovations and policies which are required for being cyber resilient, I think there are a couple of things which are the bedrock of a strong cyber resilience strategy. One of them is having continuous management approval and buy-in and support. Security hierarchy has to be structured in a way that empowers it with the necessary independence and access to senior stakeholders. The relationship between security, IT and risk is what guides an organisation to success. So, the structure has to be such that your guiding North Star is risk based and risk, IT and security have a very constructive relationship and can work together. That interplay is where the most inertia emanates because sometimes these functions tend to be overly adversarial and they don’t have to be,” shared Manan.

Also, the cybersecurity talent crunch is everywhere. Countries are in dire need for cybersecurity folks. Manan further added, “I think cultivating your existing talent and giving them pathways to improve themselves is a key to success for having a mature cybersecurity posture — invest in your people. Give them pathways to upward mobility and upskill them wherever you can, and your culture should be such that folks continue to stay with a company for the long haul.”

Cybersecurity is a collective effort, and a well-prepared workforce is your strongest asset in maintaining a resilient security posture: RB Banez, Head of Information Security, Easy Equities

Focusing solely on cybersecurity is insufficient to combat cyberattacks because it mainly deals with known threats, not the ever-changing nature of cyber dangers. To effectively tackle the evolving threat landscape, organisations must develop a cyber resilience strategy. This approach goes beyond cybersecurity by including proactive measures for readiness, swift response, and quick recovery from cyber incidents. Cyber resilience enables organisations to adapt and sustain critical operations even when facing sophisticated and unpredictable cyberattacks, reducing harm and downtime.

“It’s important to understand that cyber resilience is an ongoing process, and no country is completely safe from cyber threats. The Philippines has made progress in enhancing its cyber resilience, but there’s always more to do. To strengthen cyber resilience in today’s digital era, we need a comprehensive and ongoing approach that includes education, regulations, collaboration, and technology adoption,” reflected RB Banez.

With that, we come to an end in wrapping up what 2023 encompassed for security in various industries, with a focus on Southeast Asia. Here’s hoping 2024 will see more secure and evolved industries to further business success.

  • Published On Dec 27, 2023 at 05:00 AM IST

Join the largest community of IT industry professionals in Southeast Asia

Subscribe to our newsletter to get latest insights & analysis.

Get updates on your preferred social platform

Follow us for the latest news, insider access to events and more.

Click Here For The Original Source.


————————————————————————————-

Translate