The shift from siloed cybersecurity efforts – within and outside of an organization – is a necessity in light of the cyberthreat landscape ahead of us.
The growth of the digital economy has brought about escalating digital threats, where damage from cyberattacks could amount to about US$10.5 trillion annually by 2025 – a 300% increase from 2015 levels.
In the face of the looming cybersecurity challenges ahead, NCS has entered seven transformative partnerships with Dell Technologies, Mandiant, and Visa as well as AI Singapore, Assurity Trusted Solutions, Globe Group (Philippines) and Singapore Institute of Directors.
These partnerships are aimed at providing enterprises and governments the combined expertise of industry leaders and best-in-class solutions, and enable them to harness cybersecurity, generative AI and other technologies with confidence, so they develop the resilience to thrive in a rapidly evolving business landscape.
To understand what collaborative cybersecurity hopes to address, how it works, the impending change in the CISO’s role, and the dynamics within and without an organization, CybersecAsia sought out some insights from Foo Siang-Tse, Senior Partner, Cyber, NCS.
Do you see a shift from siloed cybersecurity efforts to a collaborative ecosystem in today’s digital landscape? How are organizations going about doing this, especially in Asia Pacific?
Foo: Definitely. The ecosystem — comprising of governments, regulators, organizations, product vendors and tech services firms like NCS — has come a long way. There are complexities on many fronts; cybersecurity threats have grown increasingly sophisticated and digital systems are extremely interconnected. With cyberthreats transcending geographical boundaries and industry sectors, the traditional approach of tackling cybersecurity in isolation is no longer effective.
This transformation towards collaboration is evident in recent initiatives within the Asia Pacific (APAC) region. A notable example of this shift can be illustrated by our two recent strategic partnerships with Mandiant and Assurity Trusted Solutions to leverage collective expertise and resources and create advanced cybersecurity solutions that secure enterprises’ digital infrastructure.
Such collaborations are a testament to the region’s commitment to building a more resilient and interconnected cybersecurity ecosystem to effectively mitigate evolving cyberthreats.
With the increasing complexity of cyberthreats, how do you see the transition from isolated efforts to collaborative approaches benefiting businesses and their cybersecurity strategies?
Foo: The cyber landscape is too vast and complex for any single stakeholder to have complete visibility. Hence, it is a win-win for all parties to collaborate on building a robust information and intelligence ecosystem to support each other.
Furthermore, the cybersecurity community remains a very small, tight-knit group of professionals, partly borne from the skills shortage in this domain. That is why we believe that there is a need to collaborate and work together to harness technology to effectively counter the increasing complexity of today’s cyberthreats, secure the digital economy and create positive impact in our communities – to make tomorrow safer and resilient.
The rise in collaborative approaches is benefiting businesses in three ways:
- Comprehensive Threat Intelligence: In today’s interconnected and interdependent world, the security of one organization can impact the security of others. For instance, supply chain risks are a key consideration in any cybersecurity strategy. In a collaborative ecosystem, organizations can collectively identify vulnerabilities, deploy effective safeguards, and respond swiftly to emerging threats. Organizations can serve as one another’s “early warning” system.
- Cross-Sector Insights: Cybersecurity has transcended its traditional role as a purely technical concern and has evolved into a strategic imperative that needs to be seamlessly integrated into all aspects of an organization. Cross-sector information sharing helps businesses understand industry-specific threats as well as those that may originate in other sectors but have potential impacts on their operations.
- Enhanced Innovation: The product lifecycle in the cyber domain is very short, reflecting the speed of innovation among product vendors. Hence, a forward-looking approach is crucial to assess new technologies. Collaboration encourages the sharing of innovative ideas and solutions. By building an ecosystem of collaboration, businesses can explore and co-create solutions that harness new digital technologies to create new value propositions that may not have been possible in isolation.
How has the expansion of the CISO’s role beyond cyber-defense to Enterprise Risk Management shaped the way organizations approach and mitigate cyberthreats?
Foo: Cybersecurity is a delicate balancing act, as organizations are faced with the challenges of managing risk while grappling with constraints such as limited budgets, manpower, and time. Where traditional cybersecurity approaches are centered on safeguarding digital assets and countering cyberthreats, we find that Enterprise Risk Management (ERM) offers a more holistic perspective in these areas:
- Organization-Wide Involvement: Effective cybersecurity extends well beyond the purview of technology teams or the Chief Information Security Officer (CISO). While IT departments often lead these initiatives, cultivating a shared, organization-wide understanding of cybersecurity is mission-critical. The human factor is often regarded as the most vulnerable area of security, with social engineering attacks on the rise. Recognizing that people can be both the strongest and weakest links in the security chain, the goal of ERM is to nurture a risk-aware culture throughout the organization.
- Strong Integration of Cybersecurity within Overall Operations: Traditional cybersecurity efforts have a primary focus on implementing technical controls to protect digital assets. In contrast, ERM encompasses a wide spectrum of risks that organizations face, including strategic, operational, financial, and compliance risks. It sees the integration of cybersecurity considerations into the broader framework of organizational operations, ensuring that security measures align with and support overall business objectives.
By expanding the CISO’s role to encompass ERM, organizations can better navigate the complex and dynamic landscape of cyberthreats. ERM not only enhances cybersecurity practices but also contributes to a more robust and resilient approach to risk management, aligning cybersecurity efforts with broader business strategies and requirements.
We see a need for organizations to recognize that the responsibility for cybersecurity does not rest only with the CISO. All stakeholders, such as board members and management teams, need to ask the right questions to identify what matters the most to an organization, from a business purpose, strategy and risk management perspective.
In a landscape where cyberattacks can lead to significant financial losses, how can businesses in the region strike a balance between investing in cybersecurity and ensuring a healthy bottom line?
Cybersecurity essentially presents a trilemma involving convenience, cost, and security coverage. It is often a trade-off where one can achieve two out of these three aspects but rarely all three simultaneously. Businesses must strike a balance that safeguards both their assets, reputation and profitability.
At NCS, we advise our clients to invest wisely, not extravagantly. Cost-effective cybersecurity requires a strategic approach, where risk analysis drives investment decisions. We also advise clients to develop an in-depth understanding of top risks faced and analyze their potential impact. By aligning cyber-risk management with business needs, organizations can build a security profile that aligns with the defined risk appetite. This process requires strong collaboration across the CISO, the chief technology officer, and chief information officer functions.
Against the backdrop of rising inflation and a macroeconomic downturn, the biggest question many business leaders face is how to maintain effective cybersecurity with limited resources. To protect your organization’s bottom line, we would advise to avoid overspending on solutions that are too complex for your current needs and opting for scalable cybersecurity solutions that can adapt to your organization’s growth. It is important to go to the fundamentals and ask the right questions with internal and external stakeholders to advance a safer, empowered and collaborative tomorrow.