iTnews Asia
  • Home
  • News
  • Security

Lack of business alignment 'Achilles Heel' of cyber security, says SCS expert

Lack of business alignment 'Achilles Heel' of cyber security, says SCS expert

It is no longer just an IT issue.

By Amit Roy Choudhury on Mar 17, 2022 10:47AM

Singapore firms need to elevate cyber security and align it more closely with business strategy instead of perceiving it to be a “technology problem” and addressing it as such, long-time CISO Huang Shao Fei says.

Huang is currently a principal security architect with AWS and a former 12-year security executive of the Land Transport Authority (LTA) Singapore.

He’s also a member of the cyber security chapter of Singapore Computer Society (SCS) and Association of Information Security Professionals, (AiSP), two top IT-related trade associations in Singapore, each with thousands of professionals as members.

Speaking in his capacity as a member of SCS’ cyber security chapter, Huang told iTnews Asia that while cyber security is technology-driven, the impact and consequence of a breach go far beyond IT systems.

Lack of alignment between cyber security and the business strategy is often “the Achilles Heel that lands businesses in unfavourable situations,” he continued.

While cyber security roles and functions have traditionally sat in IT departments and organisations, it’s clear that cyber security is no longer just an “IT issue”.

With the digitalisation and the "deep merging" of cyber security into how businesses operate and thrive, “cyber defence requires the currency and proficiency of skill, knowledge and experience – much like a doctor or a lawyer,” Huang said.

Like most countries in the world, Singapore has seen a steep spike in cyber attacks over the past two years, driven mainly by increased digitalisation induced by the global Covid-19 pandemic.

Accenture’s state of cyber resilience report noted that Singapore witnessed an 89 percent spike in attacks per company in 2021.

Accenture’s Southeast Asia (SEA) managing director, and security lead, Mark du Plessis, said with SEA being home to some of the fastest-growing digital economies in the world, “cybercriminals are not resting on their laurels when it comes to exploiting cyber vulnerabilities”.

Du Plessis added that in order to “gain an upper hand over cyber criminals”, it’s important to understand the popular as well as nascent methods of attack being employed by hackers.

Huang said poor cyber hygiene practices persisted in some Singapore-based businesses. 

He also said there were issues with sourcing cyber security talent “to ensure a robust cyber defence” posture.

In addition, he said, less-resourced businesses may not have the budget or capability to validate the security of all services or products they make use of.

"Whole-of-nation" imperative

Huang also said there is a need for both the government and industry “to elevate cybersecurity as a key enabler of the economy and more importantly, whom businesses and organisations should appoint and trust to lead cyber security”, he said

Huang said the tagline “cybersecurity is a team sport” is often used and the “team” should not be confined to any one business, organisation or industry vertical.

Instead, he said, there needs to be a “whole-of-nation” imperative and approach to cyber security defence, augmented and “supported by efforts from non-profits like SCS and other trade associations.”

“While the Cyber Security Agency of Singapore (CSA) has multiple initiatives in this regard, the larger government and industry could also add value by engaging their customers and users on cyber security,” Huang said.

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
© iTnews Asia
Tags:
aisp breach cybersecurity hackers opinions ransomware scs security software solarwinds supply chain

Related Articles

  • Your organisation’s physical security can be a gateway for cybercriminals
  • The best way to outsmart your threat actors is to think like one
  • How cybercriminals are exploiting LLMs to harm your business
  • Is identity now the next parameter of cybersecurity breaches?
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Your organisation’s physical security can be a gateway for cybercriminals

Your organisation’s physical security can be a gateway for cybercriminals

Malaysia's Maxis Berhad investigates claims on alleged data breach

Malaysia's Maxis Berhad investigates claims on alleged data breach

DBS plans US$58 million investment to improve technology resilience

DBS plans US$58 million investment to improve technology resilience

The best way to outsmart your threat actors is to think like one

The best way to outsmart your threat actors is to think like one

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.