SINGAPORE (Oct 15): Cyberattacks could very well “blow us up”, says Ian Bremmer, president of political risk consultancy Eurasia Group. Bremmer, who was speaking at the ANZ Finance & Treasury Forum in Singapore on Oct 10, warned that cyberattacks pose major near-term risks to organisations and society across the globe. Indeed, the risks could be more severe than anticipated, with companies doing all they can to not disclose breaches or other lapses when they do occur.
All this is taking place amid concerns that organisations are woefully ill-prepared for cyberattacks in the first place. This has been attributed partly to the apparent gap between the growing need for cybersecurity professionals and the talent that is available. According to consultants PwC, the global cybersecurity workforce gap will widen to 1.5 million job openings by 2019, up from one million last year.
Experts The Edge Singapore spoke to point out that the shortage of skilled cybersecurity professionals is only growing. “In many countries, the education system is struggling to catch up. People have to get training on the job, and this makes experienced candidates even more valuable,” says David Maciejak, director of security research at Fortinet.
Artificial intelligence and machine learning have been touted as ways to plug the talent gap. But they are still only tools. Rather, the increasingly complex attack signatures call for critical thinking and creativity. “Companies have to respond to automated attacks with automated mitigation, but most of the time, humans are still needed to plan for a long-term remediation strategy,” Maciejak adds.
Further, the people in charge of building a cybersecurity defence for an organisation would need to have a deep understanding of the company, and combine that understanding with their technical skills. “It’s been a massive evolution,” says Michael Fey, CEO of cybersecurity software company Symantec. “We went from cybersecurity as a kind of black art that few people know, to where there’s this structure and deep training and education that has to occur to deliver it well across a large organisation.”
To be sure, there is unlikely to be an infrastructure that is 100% secure against cyberattacks. But that also means the responsibility for protecting an organisation against a breach cannot be left only to the techies. Indeed, it is worrying that many assume cybersecurity is the responsibility of only skilled tech professionals or a sophisticated technology system.
As in the case of the recent hack into SingHealth’s databases, it was established that a series of staff missteps, including poor decisions by decision makers, contributed to what was Singapore’s worst breach to date.
“While technology can help to identify the looming security threats, the lapses in processes and oversight of IT professionals or decision makers often exacerbate the cybersecurity problem. It is imperative for employees to adopt good personal data hygiene habits as the first line of defence,” says Ravi Rajendran, managing director, Asia South Region, Veritas Technologies.
Indeed, the key issue is how organisations, and their leaders, are only eroding the trust that consumers and individuals have in them, first by being lax about the personal data that they hold in allowing a breach, then by being shifty about the attack later on, either by delaying a disclosure or trying to lay the blame on others.
With the ubiquity of instant news and information, it is just not possible for organisations to hide their mistakes anymore. Indeed, consumers are not necessarily upset with the mistake made by an organisation. Rather, it is the cover-up that follows a mistake, observes Erik Qualman, tech expert and author of Socialnomics: How Social Media Transforms the Way We Live and Do Business, who was at the ANZ forum. “Organisations have to recognise that reputation and integrity are now the same thing.”
This story appears in The Edge Singapore (Issue 852, week of Oct 15) which is on sale now. Subscribe here