This year’s Cybersecurity Awareness Month theme, “Secure Our World,” underscores the pressing need for organisations to reinforce their defences amid an expanding landscape of cyber threats. Beyond basic cyber hygiene, how can firms cultivate resilience and safeguard themselves against these ever-evolving risks?
Michel Borst, Area Vice President, Asia at Commvault:
Cybersecurity Awareness Month serves as a timely reminder for organisations to understand that cyber resilience is paramount. Going beyond traditional practices, cyber resilience is about ensuring an organisation’s ability to recover quickly and completely from a cyber attack, minimising downtime and data loss.
To attain true resilience, enterprises must build a holistic cyber recovery strategy that extends beyond data backups and encompasses a full system recovery, ensuring comprehensive business continuity. Regularly and comprehensively testing incident response plans is crucial as frequent drills and updates ensure a swift, effective response to any cyber incident.
Prioritising cyber maturity and implementing key capabilities, such as early warning and detection systems, isolated recovery environment (Cleanroom), air-gapped data protection and GenAI co-pilot, not only mitigate risks but significantly lessens the impact of any potential breach.
C-Suite plays a pivotal role in fostering a security-first culture, leading to advancements in security and compliance within the organisation. Ultimately, it’s about understanding your “house” and protecting what’s inside it.
See also: Alibaba anoints new chief in revamp of stalling commerce arm
Paul Tan, head of Systems Integration, Ensign InfoSecurity:
Beyond maintaining cyber hygiene, organisations must take a comprehensive, proactive approach to cybersecurity that extends beyond technical measures. Cybersecurity today is not just about protecting systems. It is about protecting what defines us -- our reputation, trust, and core values in a digital world. Each organisation requires a customised strategy, tailored to its unique vulnerabilities and operations, rather than a one-size-fits-all approach.
These include deploying advanced threat-hunting systems, automated patch management, and continuous employee training. But equally critical is establishing a robust incident response plan. An assumed breach position is prudent and how an organisation responds directly impacts its reputation and stakeholder trust.
A strong incident response plan includes clear internal and external communication protocols, impact-based incident classification, containment strategies, root cause analysis, and post-incident reviews. By embedding cybersecurity into the framework of their business strategy, organisations can safeguard both their operations and the trust that underpins their brand.
Tony Anscombe, chief security evangelist, ESET:
Protecting a business against cyber threats requires more than good cyber hygiene. It demands a shift to a secure-first mentality. Businesses should adopt a "secure by design" approach, considering cybersecurity at every level.
See also: Break up Google? What’s at stake in antitrust action
Understanding and addressing risk will also allow a business to build a resilient environment that ensures minimum disruption should a cyber incident occur; this should involve the creation and adoption of an incident response plan. This allows teams to quickly and efficiently identify, contain and recover from attacks.
As bad actors increasingly adopt AI-based tools to assist in the creation of malware and attacks, companies must defend themselves with advanced technologies such as end-point detection and response. Advanced technologies such as end-point detection and response offer businesses a sophisticated protection platform against adversaries that are using advanced persistent threat-type tactics to breach and take hold of their networks and data and to respond accordingly.
Paul Wilcox, vice president of APJ, Infoblox:
“Secure Our World” is about seeing the whole picture and staying one step ahead.
You can’t protect what you can’t see. Modern multi-cloud and heterogeneous environments are becoming increasingly complex, making organisations vulnerable. Blind spots are a hacker’s playground, and at Infoblox, we believe that having a crystal-clear view of your entire digital estate isn’t just nice to have — it is mission-critical.
Organisations need a real-time, unified platform that provides shared visibility and control, to give networking and security teams a clear view of all their assets. It’s not just about spotting threats faster; it’s about transforming how the entire organisation operates. Teams collaborate seamlessly, threats are neutralised before they cause damage, and the business doesn’t just run — it thrives.
Cybersecurity isn’t only IT’s job anymore. It’s everyone’s business. By embracing this holistic approach, we’re not only securing organisations, but we’re building a more resilient and innovative digital future.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
Andrew Lim, managing director for Asean, Kyndryl:
It’s more important than ever for organisations to have confidence in the protection of their critical infrastructure in today’s interconnected world. One major gap in many organisations’ security strategies is the lack of resiliency planning. While security response retainers help in the event of an incident, they don’t address recovery after a breach.
To strengthen cyber resilience, organisations need to go beyond traditional cybersecurity and include business continuity, disaster recovery, and meeting compliance regulations. A key challenge is outdated technologies. Many organisations still rely on legacy systems, increasing inefficiencies and heightening risks of cyberattacks and hardware failures. Hiring talent with expertise in these older systems is also becoming difficult.
Enhancing resilience also requires collaboration across teams. Cybersecurity, IT operations, compliance, and business continuity must break down silos and work together. This holistic mindset of cyber resilience ensures organisations can anticipate, protect against, withstand, and recover from cyber threats while keeping critical operations running smoothly.
Ben Goodman, Senior Vice President and General Manager, Asia Pacific & Japan, Okta:
Organisations need to stay vigilant against the rise of post-authentication attacks, as threat actors shift their tactics away from traditional pre-authentication methods like phishing and credential stuffing. These new attacks, often targeting session tokens issued after a successful login, pose a significant risk because they can bypass even the most advanced authentication methods, including multi-factor authentication, hardware keys, and passkeys.
To safeguard against these threats, it’s essential that organisations implement strong, continuous monitoring and response mechanisms to protect critical assets after access is granted. This includes setting user sessions to expire after a certain period of inactivity, providing users with specific application entitlements based on their role or project, and enforcing re-authentication when users attempt to access new applications.
As cybercriminals continue to evolve their methods, it’s crucial for organisations to stay ahead by continuously refining their security strategies.
Sheena Chin, managing director for Asean, Rubrik:
Businesses aren’t the only group shifting their focus to the cloud. Cyber attackers are following suit. Over two-thirds of cyber incidents reported by organisations in Singapore last year involved the cloud, according to Rubrik’s latest Zero Labs findings. Much of this vulnerability arises from security blind spots, particularly in object storage data, which constitutes around an estimated 70% of all cloud data and lacks robust security measures.
Cyber resilience and an “assumed breach mindset’ must be embraced to mitigate cyber threats. This approach requires an organisation to accept that successful attacks are inevitable and prioritise rapid recovery through strategies such as Zero Trust data security, logical air gaps, and data immutability.
Further, continuous threat monitoring is essential for enhancing data visibility and an approach such as Data Security Posture Management (DSPM), which helps provide a comprehensive overview and control over data across on-premises, cloud, and SaaS environments, allowing for early threat detection and swift risk mitigation before any attack occurs.
