Find out what the concerns are, and what solutions lay ahead as CISOs juggle tight budgets with escalating cyber threats

With the current headwinds – Russian-led war with Ukraine, labor and supply chain challenges, on top of a looming recession, business leaders should still recognize that cybersecurity cannot be compromised, even as they find ways to reduce spending and find cost-efficiencies amid uncertainty.

For Chief Information Security Officers (CISOs) and their equivalent, some surveys in the region indicated that 88% of respondents have the support of their executive leadership around budget, strategic vision and buy-in.

Leonardo Hutabarat, Director Solution Engineering (APJ), LogRhythm

With that optimism aforethought, what issues remain their top concerns?

    • Doing more with less, under constant cost pressures
      In tough economic times, an organization’s C-suite will be focused on cutting what they perceive as non-essential costs and carefully analyze what they would choose to protect from a business perspective

      However, as organizations balance between international turning points and scaling down operations, threats will inevitably continue to evolve as cybercriminals take this chance to up their attack game during the recession.

      For CISOs, taking on proactive security strategies, adopting frontline prevention and detection technologies together with other security tools that provide preemptive capabilities will remain a key priority.

      Building system resilience will continue to be crucial in ensuring cybersecurity readiness and safeguarding data from any potential threats. Most importantly this will instill confidence and trust among customers as well as stakeholders.

    • Wide cybersecurity talent gap in APAC
      Addressing the cybersecurity talent shortage is also a key focus point for CISOs in APAC. A survey from (ISC)² asserted that 60% of APAC respondents reported a shortage in the cybersecurity workforce, with the region seeing the largest gap worldwide in 2022.

      CISOs in APAC not only need to find ways to attract cybersecurity talent, however they also need to nurture their existing cybersecurity teams. They will need to work closely with the human resources team to offer learning and development opportunities that relate to fast-evolving cybersecurity technology, to ensure that the existing workforce stays ahead of cyber threats. Where possible, CISOs are concerned with embracing advanced cybersecurity technology to eliminate laborious and repetitive tasks of cybersecurity teams, to drive further efficiencies.

    • Driving cybersecurity awareness among the rank-and-file
      With more organizations falling victim to social engineering attacks over the past year, more CISOs will look to invest in employee training programs.

      Apart from software, investing in the people and incorporating cybersecurity education is just as important. While an estimated 95% of cybersecurity incidents are linked to human error, only a handful receive the security awareness training required.

      Employees play a critical role in the resistance against cyber threats. When they are equipped with the skills to detect, interpret and prevent threats from malicious hackers, they can help their organization avert costly breaches.

    • More attention on impending security standards
      The US Department of Commerce will partner with the ASEAN Consultative Committee on Standards and Quality (ACCSQ) to co-develop programs on digital trust and cybersecurity standards, with the goal of strengthening ASEAN’s digital trade ecosystem and enhancing regional connectivity.

      As new standards governing AI security are rolled out, the process of reaching full regulatory compliance can be tricky. The complexity, along with the growing push for federal-level enforced compliance, suggests more CISOs globally will be striving to attain compliance with these new security standards for their organizations.

The goal of a CISO is ultimately to secure the organization’s data, IT assets and infrastructure. To meet this goal amid an ever-evolving and increasingly complex cybersecurity landscape, CISOs will need to stay nimble and keep pace with the emerging challenges in the year ahead.