This year's Cybersecurity Awareness Month theme, "Secure Our World," underscores the urgent need for organisations to bolster their defences against a growing array of cyber threats. Besides maintaining cyber hygiene, how should organisations protect themselves from cyber threats and be resilient?
Conrad Tan, ESG Analyst, Bloomberg Intelligence:
A surge in cyber threats forces organisations to rethink and redesign defences around Zero Trust principles to continuously verify digital interactions within their networks or with known vendors. This redesign approach helps limit damage from intruders and is increasingly seen as best practice, especially combined with least-privilege access policies for sensitive data (or restricting access to fewer people and granting users only temporary access to needed data). Moving away from traditional cybersecurity practices based on defending a trusted perimeter requires new processes, tools and training — usually a multi-year journey.
We see more companies updating governance structures to make cybersecurity the explicit responsibility of top management and appointing new executives with cybersecurity expertise. Many now have a dedicated chief information security officer (CISO), separate from others responsible for technology and information systems. To limit financial harm, some firms use cyber insurance. A few are deploying post-quantum encryption algorithms to resist quantum-based attacks.
Abhishek Kumar Singh, head of Security Engineering for Singapore, Check Point Software Technologies:
In today’s landscape, operational technology (OT) networks are more flexible, especially with cloud connectivity, introducing new cybersecurity challenges to safeguarding these systems. Following Cyber Security Agency of Singapore's (CSA) 2024 OT Masterplan, companies should strengthen their OT security talent and foster real-time intelligence sharing to stay ahead of emerging threats. Additionally, developing robust incident response plans, monitoring network traffic, and ensuring the physical security of OT environments are crucial for enhancing cyber resilience.
See also: Alibaba anoints new chief in revamp of stalling commerce arm
Organisations should prioritise their approach towards “Secure By Deployment”, including secure by design principles that integrate security from the ground up, ensuring resilience against traditional and advanced cyberattacks. It is equally important to secure physical access to OT environments and conduct regular stress tests to uncover vulnerabilities before attackers do. Lastly, engaging trusted security vendors aligned with these principles will fortify OT systems, ensuring companies remain agile and resilient in today’s complex threat landscape.
Jennifer Cheng, director of Cybersecurity Strategy for Asia Pacific and Japan, Proofpoint:
In the age of AI, a human-centric approach to cybersecurity is more essential than ever. Cyber attackers increasingly shift their focus from exploiting network vulnerabilities to targeting individuals, recognising that human error is at the heart of most security breaches. The majority (95%) of cybersecurity issues can be traced back to human mistakes, and in Singapore, 67% of CISOs agree that these errors remain the primary vulnerability.
See also: Break up Google? What’s at stake in antitrust action
Organisations must prioritise protecting people, not just systems. Unlike networks, people cannot be locked down — they work in varied ways, using diverse tools to stay connected. Security measures should encompass the full range of communication channels, including emails, collaboration tools and cloud services. Leveraging artificial intelligence (AI) and large language models to monitor and protect these channels is vital.
To defend against digital threats, organisations need to adopt identity-based approaches, using AI-driven insights to guide user behaviour in real-time — acting like a “digital guardian” to reduce risk. This proactive, human-centric strategy is critical to building a more resilient security posture.
Robert Pizzari, group vice-president, Strategic Advisor Apac, Splunk:
Leaders cannot protect what they cannot see. As such, it is imperative that organisations work towards gaining a complete understanding of their assets. As cyber threats rapidly evolve, any gaps in knowledge can be catastrophic.
While conventional monitoring has worked, organisations should consider taking the leap to enhanced observability. Unified with security processes and bolstered by AI and machine learning tools, this will enable significantly greater end-to-end visibility and protection across all systems.
AI, though discussed ad nauseam — and for good reason — has significantly expanded the attack surface, making cyber threats increasingly sophisticated. However, when properly harnessed, AI has proven to be a powerful tool that enhances threat detection and response accuracy — automating routine tasks and aiding users to work more efficiently so we can secure our world with ease. In today’s complex environment, organisations must strive for complete visibility into their systems and leverage cutting-edge technologies such as AI to be resilient.
Beni Sia, general manager and senior vice president for Asia Pacific and Japan, Veeam Software:
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Starting at the boardroom, find and know your allies. Securing the enterprise takes a village, including the board, the chief information officer, CISO, and both IT and security teams. It is too late to start building these relationships when cyber threats or disruptions hit. Businesses must plan for resilience, and importantly, rehearse that prep work so that every stakeholder knows precisely what to do. This is what creates resilient teams that know how to work with each other and to their expectations. Leaders must create a strong culture and organisational structure that reinforces shared responsibility at every level.
Externally, that also means having a trusted and comprehensive ecosystem of partners that businesses know they can work with and their capabilities. Teams that are better aligned for preparedness and who are armed with the right blend of backup, protection and incident recovery partners will be best positioned to practice effective data resilience.
Annette Lee, head of Global Enterprise for Asia Pacific, Verizon Business Group:
A largely remote workforce for many organisations means that traditional network security solutions, such as VPNs, are no longer sufficient at providing the protection, control, and visibility needed.
We see organisations moving toward a more modern approach that utilises a Zero Trust framework, which verifies trust at every access point and interaction. With Zero Trust Architecture embedded in the network, all users are isolated from the corporate network but can still directly access their authorised applications. It is all about protecting corporate data and enabling people to do their job.
From a high level, a Zero Trust platform continuously makes per-request access decisions using predetermined criteria and role-based access policies each time a transaction to sensitive apps occurs. Doing so helps reduce security risks by blocking access to sensitive data and apps as soon as a device is determined to be infected by malware or ransomware.
