Singapore firms need to elevate cyber security and align it more closely with business strategy instead of perceiving it to be a “technology problem” and addressing it as such, long-time CISO Huang Shao Fei says.
Huang is currently a principal security architect with AWS and a former 12-year security executive of the Land Transport Authority (LTA) Singapore.
He’s also a member of the cyber security chapter of Singapore Computer Society (SCS) and Association of Information Security Professionals, (AiSP), two top IT-related trade associations in Singapore, each with thousands of professionals as members.
Speaking in his capacity as a member of SCS’ cyber security chapter, Huang told iTnews Asia that while cyber security is technology-driven, the impact and consequence of a breach go far beyond IT systems.
Lack of alignment between cyber security and the business strategy is often “the Achilles Heel that lands businesses in unfavourable situations,” he continued.
While cyber security roles and functions have traditionally sat in IT departments and organisations, it’s clear that cyber security is no longer just an “IT issue”.
With the digitalisation and the "deep merging" of cyber security into how businesses operate and thrive, “cyber defence requires the currency and proficiency of skill, knowledge and experience – much like a doctor or a lawyer,” Huang said.
Like most countries in the world, Singapore has seen a steep spike in cyber attacks over the past two years, driven mainly by increased digitalisation induced by the global Covid-19 pandemic.
Accenture’s state of cyber resilience report noted that Singapore witnessed an 89 percent spike in attacks per company in 2021.
Accenture’s Southeast Asia (SEA) managing director, and security lead, Mark du Plessis, said with SEA being home to some of the fastest-growing digital economies in the world, “cybercriminals are not resting on their laurels when it comes to exploiting cyber vulnerabilities”.
Du Plessis added that in order to “gain an upper hand over cyber criminals”, it’s important to understand the popular as well as nascent methods of attack being employed by hackers.
Huang said poor cyber hygiene practices persisted in some Singapore-based businesses.
He also said there were issues with sourcing cyber security talent “to ensure a robust cyber defence” posture.
In addition, he said, less-resourced businesses may not have the budget or capability to validate the security of all services or products they make use of.
Huang also said there is a need for both the government and industry “to elevate cybersecurity as a key enabler of the economy and more importantly, whom businesses and organisations should appoint and trust to lead cyber security”, he said
Huang said the tagline “cybersecurity is a team sport” is often used and the “team” should not be confined to any one business, organisation or industry vertical.
Instead, he said, there needs to be a “whole-of-nation” imperative and approach to cyber security defence, augmented and “supported by efforts from non-profits like SCS and other trade associations.”
“While the Cyber Security Agency of Singapore (CSA) has multiple initiatives in this regard, the larger government and industry could also add value by engaging their customers and users on cyber security,” Huang said.