Being in IT is an unenviable task, and the job is further complicated by cybersecurity concerns—of which there are many. Preventing your organisation from becoming the next victim of a cyber breach is becoming an increasingly challenging notion. So, what are the top cybersecurity must-haves for today’s IT leaders?
It is a question we asked our expert friends in cybersecurity, and below are their answers. We hope these will give you the insights you need to equip your team—and your organisation—with the right tools, strategies, and best practices for better cybersecurity.
Build a Cyber Aware Culture
“IT leaders play crucial roles in educating their teams. Instead of just deploying different types of training, advocate a culture of transparency on cyber matters and lead it by being a good example. IT leaders in private and public sectors need to collaborate to combat cybercriminals. Trust and cooperation critically depend on the willingness to work together and by doing what is needed to prove that you are trustworthy. For us, transparency is needed to know who you can trust especially in cybersecurity.”
– Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky
Trust No One
“To better protect against the rapidly emerging and complex threats such as deepfakes and lateral movement, security teams must adopt more comprehensive defence strategies to increase and sustain their resilience to cyber attacks. Embracing Zero-Trust principles emphasises stronger threat hunting and Incident Response (IR) capabilities with broad visibility for the assumption of a breach, as well as robust identity and access management. This method enables attribution management of every interaction between users and resources and among resources themselves, therefore reducing the blast radius of an attack by disabling any east-west spread to other systems. Organisations must analyse and understand the inner workings of their entire workloads, instead of just searching for anomalies and vulnerabilities at entry points. Knowing what’s normal allows for faster detection and remediation of both malware and non-malware-based threats. Lastly, organisations must equip their employees with adequate cybersecurity training and awareness to mitigate them before they escalate. Cyber vigilance is paramount, and we must invert the security paradigm to defend from within.”
– Denis Donnelly, Director, Security Business Unit, South East Asia & Korea, VMware
Focus on Raising Awareness
“Many Malaysian companies are still lagging when it comes to strengthening cybersecurity in the workplace. There is a need to boost awareness and invest in cybersecurity programs to alleviate risks. The latest Sophos Managed Detection and Response (MDR) is a fully managed 24/7 service delivered by experts to detect and remediate attacks with speed and precision across diverse customer operating environments.”
– Sandra Lee, Managing Director for Greater China, Southeast Asia & Korea, Sophos
Move Towards a Risk-Based Approach to Security
“In today’s challenging economic climate, organisations should prioritise proactive cybersecurity investments to ensure continuous business growth and operations. In conjunction with ‘Cybersecurity Awareness Month,’ Trend Micro encourages IT leaders to move towards a risk-based approach to cybersecurity by adopting a unified cybersecurity platform to minimise visibility gaps and protect the organisations’ growing digital attack surface.”
Accelerate Your Cyber Response Capabilities
“Nearly two-thirds of IT and business leaders globally have admitted that they have security blind spots, leaving them vulnerable to cyber attacks. These exposures can be mitigated when organisations leverage a unified cybersecurity platform backed by security capabilities like XDR, to deliver adaptive and proactive risk management that enables an acceleration in response against cyber threats.”
– David Ng, Country Manager for Singapore at Trend Micro
Get Your Basics Right
“Hackers and cybercriminals are not the biggest problems in cybersecurity today. It is actually the gap found between cybersecurity, IT and business entities within an organisation. The control deficiencies operated by multiple stakeholders (IT, OT, DevOps, Shadow IT), within a complex business environment, have provided opportunities for threat actors to compromise data or create disruptions for business-critical operations. Basics in security hygiene – such as awareness, asset inventory, patching, secure coding and configuration, detection and response, etc. – are critical to closing security gaps and tackling the cybersecurity threats of today and tomorrow.”
– C.K Chim, Field Chief Security Officer APAC, at Cybereason
Prioritise Three Critical Components
“There are three critical components that IT leaders must prioritise in their cybersecurity strategies and the tools they implement to ultimately achieve cyber resilience – protection, recoverability, and adaptability. If these pieces of the puzzle are in place, organisations will be well placed to accelerate trust, reliability, and survivability in times of uncertainty and crisis.”
– Jeffrey Neo, Managing Director, Southeast Asia & Korea, Micro Focus
Good Foresight and Ample Preparation
“With the increasingly complex cyber threat landscape, a must-have for IT leaders of today is foresight and preparing for the prevention of attacks. For many security operations teams, detecting threats can prove challenging and efforts can be unfruitful, as critical attacks are sometimes missed until it is too late. Good foresight will bring leaders to adopt centralised visibility and a prevention-first security approach for efficient monitoring and threat hunting.”
– Teong Eng Guan, Business Leader, ASEAN & Korea, Check Point Software Technologies
Prepare, Prevent, Detect and Respond
“A cyber resilience strategy is a must-have as it recognises that because of the ever-evolving threat landscape, things can, and will, go wrong and an effective model should comprise of four main areas: Prepare (also identify or discover), Prevent (or protect), Detect, and Respond (also recover) aspects.
IT leaders can help their organisations improve their cyber resilience posture with these 10 points:
1. Identify your risks.
2. Quantify the Impact of disruption on your business.
3. Train all your staff frequently.
4. Create a secure culture.
5. Architect critical systems for resilience.
6. Leverage the cloud.
7. Ensure compliance is an ongoing activity.
8. Test business continuity and disaster recovery plans.
9. Design, document and test your cyber resilience processes.
10. Recover from a cyber breach.”
– Stanley Hsu, Regional Vice President of Asia, Mimecast
Security Must Not Be An Afterthought
“Security is a must-have and not an afterthought. Large-scale data breaches have become increasingly common today. IT leaders must take a proactive approach to cybersecurity including developing capabilities, such as threat hunting, to identify anomalies and potentially malicious activities in their system – by both internal and external actors - that might lead to data breaches.”
– Beng Hai Sim, Head of Technical Sales – APAC, ESET ASIA PTE LTD
Complete Integration of Security and Technology
“With the increased adoption of connected assets, from medical devices to operational technology robots in manufacturing, we are witnessing a push to completely integrate security and technology. The perimeter-less hybrid world will keep growing, making unified security control and scalable process management top priorities for the C-suite.”
– Nadir Izrael, Co-Founder and CTO, Armis Security
Build Preventative Measures to Limit the Risks
“No one can be fully secured from cyber-attacks. So, we focus on cyber resiliency solutions with the philosophy of “when” not “if”. The “must-haves” are cyber incident response on 24/7 via cyber insurance where financial losses are mitigated by the policy in a cost-effective manner. Like any risk of fire, the most first important “must-have” is having firefighters on 24/7 standby. Similarly, we build on preventative cybersecurity measures to help limit the risks step-by-step.”
– Gene Yu, Founder and CEO of Blackpanda Group
Double Down on Cyber Resilience and Readiness
“While process safety is often the top priority, cyber resilience and readiness are relatively nascent. Cyber attackers can target employees to steal personal information, disrupt production processes, or even tamper with key safety controllers to cause emergencies. With the increasing connectivity of industrial control systems and operational technologies, protection from cyber attacks and reliable safety-related automation solutions should be included.”
– Friedhelm Best, Vice-President Asia Pacific, HIMA
Cybersecurity Must Become a Boardroom Priority
“It is critical for business leaders to make cybersecurity a boardroom priority, considering the monetary, and reputational fallouts of cyber attacks. Optimising the available cybersecurity investment options by prioritising countermeasures can help derive maximum returns and cost-effectiveness in a dynamic threat environment.”