'Talent gap' is no excuse for lax cybersecurity

'Talent gap' is no excuse for lax cybersecurity

The Edge Singapore
16/10/18, 08:09 am

SINGAPORE (Oct 15): Cyberattacks could very well “blow us up”, says Ian Bremmer, president of political risk consultancy Eurasia Group. Bremmer, who was speaking at the ANZ Finance & Treasury Forum in Singapore on Oct 10, warned that cyberattacks pose major near-term risks to organisations and society across the globe. Indeed, the risks could be more severe than anticipated, with companies doing all they can to not disclose breaches or other lapses when they do occur.

All this is taking place amid concerns that organisations are woefully ill-prepared for cyberattacks in the first place. This has been attributed partly to the apparent gap between the growing need for cybersecurity professionals and the talent that is available. According to consultants PwC, the global cybersecurity workforce gap will widen to 1.5 million job openings by 2019, up from one million last year.

Experts The Edge Singapore spoke to point out that the shortage of skilled cybersecurity professionals is only growing. “In many countries, the education system is struggling to catch up. People have to get training on the job, and this makes experienced candidates even more valuable,” says David Maciejak, director of security research at Fortinet.

Artificial intelligence and machine learning have been touted as ways to plug the talent gap. But they are still only tools. Rather, the increasingly complex attack signatures call for critical thinking and creativity. “Companies have to respond to automated attacks with automated mitigation, but most of the time, humans are still needed to plan for a long-term remediation strategy,” Maciejak adds.

Further, the people in charge of building a cybersecurity defence for an organisation would need to have a deep understanding of the company, and combine that understanding with their technical skills. “It’s been a massive evolution,” says Michael Fey, CEO of cybersecurity software company Symantec. “We went from cybersecurity as a kind of black art that few people know, to where there’s this structure and deep training and education that has to occur to deliver it well across a large organisation.”

To be sure, there is unlikely to be an infrastructure that is 100% secure against cyberattacks. But that also means the responsibility for protecting an organisation against a breach cannot be left only to the techies. Indeed, it is worrying that many assume cybersecurity is the responsibility of only skilled tech professionals or a sophisticated technology system.

As in the case of the recent hack into Sing­Health’s databases, it was established that a series of staff missteps, including poor decisions by decision makers, contributed to what was Singapore’s worst breach to date. 

“While technology can help to identify the looming security threats, the lapses in processes and oversight of IT professionals or decision makers often exacerbate the cybersecurity problem. It is imperative for employees to adopt good personal data hygiene habits as the first line of defence,” says Ravi Rajendran, managing director, Asia South Region, Veritas Technologies.

Indeed, the key issue is how organisations, and their leaders, are only eroding the trust that consumers and individuals have in them, first by being lax about the personal data that they hold in allowing a breach, then by being shifty about the attack later on, either by delaying a disclosure or trying to lay the blame on others.

With the ubiquity of instant news and information, it is just not possible for organisations to hide their mistakes anymore. Indeed, consumers are not necessarily upset with the mistake made by an organisation. Rather, it is the cover-up that follows a mistake, observes Erik Qualman, tech expert and author of Socialnomics: How Social Media Transforms the Way We Live and Do Business, who was at the ANZ forum. “Organisations have to recognise that reputation and integrity are now the same thing.”

This story appears in The Edge Singapore (Issue 852, week of Oct 15) which is on sale now. Subscribe here

Right timing: STI stays intact, but Hong Fok is at extreme overbought high

SINGAPORE (Mar 23): Although quarterly momentum appears ambivalent as it is consolidating beneath its own moving average, prices are intact. They have established support at the confluence of the 50- and 200-day moving averages which are moving into an increasingly positive stance at 3,217 and 3,186 respectively. The index may well be able to regain its 50-day moving average as short term stochastics is turning up from the bottom of its range. Since medium term indicators are neutral and drifting sideways, short term indicators could keep the STI afloat. However the range is likely to be ....

EY Singapore launches 18th edition of Entrepreneur Of The Year awards

SINGAPORE (Mar 22): The search has started for the 18th EY Entrepreneur Of The Year, as part of the bid to promote entrepreneurship and shape a new role model for the business community. Ernst & Young LLP, organiser of the annual awards, observes that entrepreneurs in Singapore, and the world, have built some of the world’s most enduring companies. The businesses they build don’t just create employment and contribute to the GDP. “Their creativity, tenacity and courage serve as an inspiration for many. In many ways, the way they overcome the odds, the power of their influence, a....

Challenger Tech's 2.94% shareholder says offer price too low, calls for higher dividend payouts

SINGAPORE (Mar 22): Pangolin Investment Management, which holds a 2.94% stake in Challenger Technologies through its Pangolin Asia Fund, is calling on other shareholders to reject Digileap Capital’s delisting offer at the company’s upcoming EGM.   Pangolin says the offer price of 56 cents per share, which translates to a price-to-earnings ratio of 9.9 times, is too low and thus unfair to minority shareholders. In a letter sent to The Edge Singapore on Friday, Pangolin explains its reasons for strongly advising other Challenger shareholders to reject the offer, which it deems “....