What if your job security depends on keeping your organization secure, yet your cannot achieve this until a cyberattack has occurred?

When Jonathan Tan, Managing Director (Asia), Trellix, casually noted a trend where Singapore CISOs were seeking help after their firms had suffered a cyber incident, he commissioned a survey to dig deeper.

The finding was that, only after a major incident were management boards granting CISOs the resources to invest in extra cybersecurity help.

This is what CybersecAsia.net found out about an apparent lag in Singapore organizations’ preemptive defense cyber posture…

CybersecAsia: Can you share your organization’s own metrics about the trend that CISOs may receive increased board support only after a cybersecurity attack?

Essentially, we have identified that there is a clear need for a proactive, board-supported approach in Singapore (and other countries) that lays the groundwork for a robust cyber defense mechanism. We believe that it is not just about fortifying defenses; it should center on integrating cybersecurity as a strategic imperative deeply woven into the organizational fabric.

CybersecAsia: What do you surmise are the rational reasons for such a lack of board support despite widespread cyberattacks around the world? Are they mainly small firms without the budget, or large corporations whose board members are unaware of the regulatory and fiscal impacts of demonstrating poor diligence in maintaining a strong cyber posture?

JT: The simple truth is that organizations of various sectors and sizes typically adopt a reactive stance toward cybersecurity, which, in the context of today’s digital age, can no longer be employed. 

The increasing sophistication and diversity of cyber threats necessitates a shift towards a more proactive defense strategy. 

Recognizing this, organizations should fortify their defenses comprehensively, treating each threat with equal seriousness. Rather than focusing on predicting specific attacks, it is crucial to establish a dynamic defense system that can withstand the entire spectrum of cyber threats.

This challenge extends beyond financial limitations; there is also a notable lack of understanding among stakeholders regarding the benefits of robust cybersecurity solutions like extended detection and response (XDR). Addressing this issue requires effective communication and influence strategies to enlighten stakeholders unfamiliar with these challenges. 

CybersecAsia: From your own professional experience, how does implementing XDR drastically reduce cyber risks in those organizations that have not been attacked or successfully breached yet?

JT: An XDR platform provides comprehensive threat visibility, advanced detection and response capabilities, making it a valuable tool for organizations of all sizes.

By consolidating multiple products into a cohesive, unified security incident detection and response system, XDR holds the promise of reducing cyber risks, optimizing security operations center resources, and stopping cyberattacks before they happen.

CybersecAsia: In a holistic, strong cyber posture, what other measures besides XDR are available that can supplement or complement an organization’s infrastructure defense?

JT: We wanted to understand this same scenario: what the cybersecurity challenges are that organizations face, what are the stresses they endure, and what are the tools that would make their lives easier. Naturally, we turned to CISOs as they would know best.

For CISOs looking to build a robust security infrastructure, they need a comprehensive solution that can integrate multiple tools into a single platform, streamline operations and provide a holistic view of an organization’s security posture to protect against the most sophisticated cyber threats.

Ultimately, a strong cyber posture involves continuous evolution and adaptation to the evolving threat landscape.

CybersecAsia thanks Jonathan for sharing his cyber insights with readers.