Cybersecurity success goes beyond technology

Cybersecurity is one of the most pressing issues for organisations around the world today. Recently in Singapore, there was a spate of cyberattacks targeting household-name brands, including Sephora, Foodpanda and Ikea. These attacks demonstrate that no company is immune to cyberthreats. Therefore, it is important to look at the whole picture to see how vulnerable companies in Singapore – and across ASEAN – actually are and what can be done about it. 

In our recent report, The Future of Cybersecurity in Asia Pacific and Japan – Culture, Efficiency, Awareness, we spoke to a cross-section of firms in Singapore, Malaysia, the Philippines, Australia, India, and Japan to assess their cybersecurity readiness for the next two years. We found there is still a great deal to be done.

At present, companies are too focused on patching up short-term problems. However, the success of an organisation’s cybersecurity investment lies in more than technology adoption. Overall, businesses across the region should focus on a top-down approach by investing in and creating a strong security culture, educating employees and establishing a path-to-purchase to ensure robust cybersecurity capabilities to protect against today’s continually evolving threat landscape.

Perception versus reality in Singapore

While Singapore has a high level of cybersecurity maturity, the highly publicised attacks on well-known companies in Singapore are not surprising when you consider more than a quarter of organisations in the country have reported security breaches in the past 12 months. With a figure this high, something is definitely amiss.

Furthermore, according to the 100 business decision makers in Singapore, the most serious attacks they face come from ransomware, artificial intelligence and machine learning, and even attacks carried out by malicious employees.

Cybersecurity shortcomings: Communication, culture and technology

Across the Asia Pacific region, some trends stood out that explained the discrepancy between perceived and actual cybersecurity maturity levels. Specific to Singapore, a main problem is that less than half (46 per cent) of the organisations do not have a dedicated cybersecurity team that can effectively detect, investigate and respond to threats.

Many companies are unable to take necessary action due to lack of budget, shortage of talent, and the difficulty of staying up to date with cybersecurity issues. Indeed, only a third of organisations have a dedicated cybersecurity budget and, in most cases, cybersecurity is included under the overall IT budget. All these indicate that much more work is required to improve security posture across the board.

Beyond just technology: What can be done? 

The cybersecurity journey is constantly changing. Even though organisations recognise that technology will play a critical role in their organisation’s security in the next 24 months, many still face frustrations in educating employees and leadership, securing budget to hire skilled employees and to spend on effective technology solutions, and the lack of focus on security by management.

To address these issues, we need to look beyond just technology. Education employees and management on cybersecurity should be a priority for every organisation regardless of size or industry. Around half of the incidents reported are caused by internal employees and partners, whether deliberate or accidental. As a result, employees should be encouraged to take part in cybersecurity training courses, which could also be incentivised by rewards or enhanced with gamification to boost engagement and improve understanding.

Companies also need to nurture a culture of awareness about cybersecurity threats and issues, and to ensure that everyone buys in. This is not a quick fix. Fundamentally changing company culture takes time and, for it to be truly effective, all stakeholders must embrace the new culture and values. This includes everyone from the CEO to the latest graduate new-hire. Over the long term, however, putting cybersecurity at the core of a firm’s culture by making it a central pillar of the employee value proposition, or through compelling internal communication campaigns, will instil greater awareness, reduce incidents and save resources (and reputation!)

The future of security

Overcoming these challenges won’t be easy. Today’s cybersecurity teams must be proactive in their response to cyberthreats. This requires having both technical tools and non-technical skills. Put simply, companies in Singapore need the right resources to keep pace with the number, regularity and sophistication of cyberthreats.

The current security reality is this: without improved efficiency and effectiveness of cybersecurity investments, organisations will continue to slip into a downward spiral of chasing quick-fixes for new threats. Companies will experience sub-optimal results for spending and struggle to be proactive, rather than repeatedly reacting to incidents and breaches.

The Singapore government’s Smart Nation vision will change the way we live, work and play thanks to the digital revolution as a result, Singapore is quickly embracing digital transformation across all aspects of society. This is a great opportunity for companies to take advantage of this evolution by focusing on the intelligent deployment of technology, embracing education and repositioning their culture so that cybersecurity becomes a central pillar.