'Talent gap' is no excuse for lax cybersecurity

'Talent gap' is no excuse for lax cybersecurity

The Edge Singapore
16/10/18, 08:09 am

SINGAPORE (Oct 15): Cyberattacks could very well “blow us up”, says Ian Bremmer, president of political risk consultancy Eurasia Group. Bremmer, who was speaking at the ANZ Finance & Treasury Forum in Singapore on Oct 10, warned that cyberattacks pose major near-term risks to organisations and society across the globe. Indeed, the risks could be more severe than anticipated, with companies doing all they can to not disclose breaches or other lapses when they do occur.

All this is taking place amid concerns that organisations are woefully ill-prepared for cyberattacks in the first place. This has been attributed partly to the apparent gap between the growing need for cybersecurity professionals and the talent that is available. According to consultants PwC, the global cybersecurity workforce gap will widen to 1.5 million job openings by 2019, up from one million last year.

Experts The Edge Singapore spoke to point out that the shortage of skilled cybersecurity professionals is only growing. “In many countries, the education system is struggling to catch up. People have to get training on the job, and this makes experienced candidates even more valuable,” says David Maciejak, director of security research at Fortinet.

Artificial intelligence and machine learning have been touted as ways to plug the talent gap. But they are still only tools. Rather, the increasingly complex attack signatures call for critical thinking and creativity. “Companies have to respond to automated attacks with automated mitigation, but most of the time, humans are still needed to plan for a long-term remediation strategy,” Maciejak adds.

Further, the people in charge of building a cybersecurity defence for an organisation would need to have a deep understanding of the company, and combine that understanding with their technical skills. “It’s been a massive evolution,” says Michael Fey, CEO of cybersecurity software company Symantec. “We went from cybersecurity as a kind of black art that few people know, to where there’s this structure and deep training and education that has to occur to deliver it well across a large organisation.”

To be sure, there is unlikely to be an infrastructure that is 100% secure against cyberattacks. But that also means the responsibility for protecting an organisation against a breach cannot be left only to the techies. Indeed, it is worrying that many assume cybersecurity is the responsibility of only skilled tech professionals or a sophisticated technology system.

As in the case of the recent hack into Sing­Health’s databases, it was established that a series of staff missteps, including poor decisions by decision makers, contributed to what was Singapore’s worst breach to date. 

“While technology can help to identify the looming security threats, the lapses in processes and oversight of IT professionals or decision makers often exacerbate the cybersecurity problem. It is imperative for employees to adopt good personal data hygiene habits as the first line of defence,” says Ravi Rajendran, managing director, Asia South Region, Veritas Technologies.

Indeed, the key issue is how organisations, and their leaders, are only eroding the trust that consumers and individuals have in them, first by being lax about the personal data that they hold in allowing a breach, then by being shifty about the attack later on, either by delaying a disclosure or trying to lay the blame on others.

With the ubiquity of instant news and information, it is just not possible for organisations to hide their mistakes anymore. Indeed, consumers are not necessarily upset with the mistake made by an organisation. Rather, it is the cover-up that follows a mistake, observes Erik Qualman, tech expert and author of Socialnomics: How Social Media Transforms the Way We Live and Do Business, who was at the ANZ forum. “Organisations have to recognise that reputation and integrity are now the same thing.”

This story appears in The Edge Singapore (Issue 852, week of Oct 15) which is on sale now. Subscribe here

DBS kept at 'buy' with still more upside expected ahead: RHB

SINGAPORE (Jan 21): RHB Research is maintaining its “buy” call on DBS Group Holdings with an unchanged target price of $29.80. This comes on the back of expectations of still more upside ahead, led by widening net interest margin (NIM). Analyst Leng Seng Choon notes that the 3-month SIBOR has been on a rising trend. It currently stands at 1.89%, after hitting an average of 1.73% in 4Q18 – some 0.1 percentage point higher than the preceding quarter. While he explains that there is some lag effect from the SIBOR rise to filter through to NIM widening, Leng believes DBS’ 4Q18 NIM....

Temasek ramps up pressure over Standard Chartered turnround: FT

SINGAPORE (Jan 21): Standard Chartered’s largest investor Temasek has grown frustrated with the slow pace of chief executive Bill Winters’ turnround, according to a report by The Financial Times of UK, and is stepping up pressure on the UK-listed bank ahead of his pivotal strategy update in February. The Singapore state investment company, which owns about 16% of StanChart, was reported by FT to be asking for more frequent and detailed briefings from top executives and even floated the prospect of taking a board seat in a meeting last year, two people with knowledge of the discussion to....

Ascendas-Singbridge properties to house public EV charging network with help from SP Group

SINGAPORE (Jan 21): Ascendas-Singbridge Group is appointed as Singapore Power (SP) Group’s first major location partner in its plans to build “Singapore’s largest and fasted public EV charging network” with 1,000 charging points island-wide by 2020. Under the partnership, 24 charging points were installed in six buildings owned by Ascendas-Singbridge – Hyflux Innovation Centre at  80 Bendemeer Road, Corporation Place, Techlink, Techplace I, The Capricorn and The Kendall – with operations commencing in phases since Dec 2018.   Main image: SP Group CEO Wong Kim Yin (l....