'Talent gap' is no excuse for lax cybersecurity

'Talent gap' is no excuse for lax cybersecurity

The Edge Singapore
16/10/18, 08:09 am

SINGAPORE (Oct 15): Cyberattacks could very well “blow us up”, says Ian Bremmer, president of political risk consultancy Eurasia Group. Bremmer, who was speaking at the ANZ Finance & Treasury Forum in Singapore on Oct 10, warned that cyberattacks pose major near-term risks to organisations and society across the globe. Indeed, the risks could be more severe than anticipated, with companies doing all they can to not disclose breaches or other lapses when they do occur.

All this is taking place amid concerns that organisations are woefully ill-prepared for cyberattacks in the first place. This has been attributed partly to the apparent gap between the growing need for cybersecurity professionals and the talent that is available. According to consultants PwC, the global cybersecurity workforce gap will widen to 1.5 million job openings by 2019, up from one million last year.

Experts The Edge Singapore spoke to point out that the shortage of skilled cybersecurity professionals is only growing. “In many countries, the education system is struggling to catch up. People have to get training on the job, and this makes experienced candidates even more valuable,” says David Maciejak, director of security research at Fortinet.

Artificial intelligence and machine learning have been touted as ways to plug the talent gap. But they are still only tools. Rather, the increasingly complex attack signatures call for critical thinking and creativity. “Companies have to respond to automated attacks with automated mitigation, but most of the time, humans are still needed to plan for a long-term remediation strategy,” Maciejak adds.

Further, the people in charge of building a cybersecurity defence for an organisation would need to have a deep understanding of the company, and combine that understanding with their technical skills. “It’s been a massive evolution,” says Michael Fey, CEO of cybersecurity software company Symantec. “We went from cybersecurity as a kind of black art that few people know, to where there’s this structure and deep training and education that has to occur to deliver it well across a large organisation.”

To be sure, there is unlikely to be an infrastructure that is 100% secure against cyberattacks. But that also means the responsibility for protecting an organisation against a breach cannot be left only to the techies. Indeed, it is worrying that many assume cybersecurity is the responsibility of only skilled tech professionals or a sophisticated technology system.

As in the case of the recent hack into Sing­Health’s databases, it was established that a series of staff missteps, including poor decisions by decision makers, contributed to what was Singapore’s worst breach to date. 

“While technology can help to identify the looming security threats, the lapses in processes and oversight of IT professionals or decision makers often exacerbate the cybersecurity problem. It is imperative for employees to adopt good personal data hygiene habits as the first line of defence,” says Ravi Rajendran, managing director, Asia South Region, Veritas Technologies.

Indeed, the key issue is how organisations, and their leaders, are only eroding the trust that consumers and individuals have in them, first by being lax about the personal data that they hold in allowing a breach, then by being shifty about the attack later on, either by delaying a disclosure or trying to lay the blame on others.

With the ubiquity of instant news and information, it is just not possible for organisations to hide their mistakes anymore. Indeed, consumers are not necessarily upset with the mistake made by an organisation. Rather, it is the cover-up that follows a mistake, observes Erik Qualman, tech expert and author of Socialnomics: How Social Media Transforms the Way We Live and Do Business, who was at the ANZ forum. “Organisations have to recognise that reputation and integrity are now the same thing.”

This story appears in The Edge Singapore (Issue 852, week of Oct 15) which is on sale now. Subscribe here

Hyflux gets non-binding letter of intent from China suitor

SINGAPORE (June 15): Hyflux has received another non-binding letter of intent (LOI) for a potential investment in the group by an investor based in China. In a Friday night filing, Hyflux says the investor is a subsidiary of a state-owned enterprise in the industrial field which works on a global scale to provide comprehensive power services. “Other fields of expertise of the investor’s holding company include wind and solar energy solutions, nuclear industry, medical technology and agriculture,” says Hyflux. See: Rags-to-riches tale goes sour for Hyflux founder Olivia Lum Se....

Hong Kong suspends China extradition bill

(June 15): Hong Kong’s leader suspended efforts to pass a bill allowing extraditions to China, in a dramatic reversal that she said was necessary to restore order in the Asian financial hub and avoid further violence and mass protests. Carrie Lam, Hong Kong’s chief executive, announced the legislative “pause” at a news conference Saturday, even as activists asked hundreds of thousands of residents who marched in protest last weekend to return to the streets and demand her resignation. Lam acknowledged that debate had shattered a period of relative calm in the former British colony, ....

Chip Eng Seng in joint $47.5 mil investment of China distressed property company

SINGAPORE (June 15): Chip Eng Seng and controlling shareholder Haiyi Investment are jointly investing RMB240 million ($47.5 million) in a distressed property company based in Taicang city in Jiangsu province, China. Chip Eng Seng says the investment will enable the project company to discharge its outstanding liabilities such that its assets will be unsealed and restart a project involving the development and construction of a residential development on a land area of 38,000 sqm, with a gross floor area of 111,111 sqm. The project company, effective controlled by local shareholder Ren We....