Bill: Almost every day, the media uncovers a new massive data breach or cyber security incident. Most cyber attacks involve cross-border criminal activities and can take place anytime. So it’s really a question of when a cyber breach will occur, not if.
While everyone accepts this, many companies still don’t quite know where to start in terms of protecting themselves and are simply not doing enough. In fact, many are still leaving cyber security to their technical staff. We believe leadership from the top is essential. Everyone needs to know what the risks are and what they should do to manage risk effectively. A lot is at stake here. Cyber breaches can affect operations, cause the loss of intellectual property or market-sensitive information, reputation and even enterprise value.
Bill: For starters, board members have to work closely with top management to understand the value of the company’s data, the associated risks and impact of losing key data within their overall enterprise risk management framework. They also need to understand how their data is being protected and who has access to it. This way, they can make accurate cyber risk assessments and implement appropriate defence strategies.
Next, they should assess cyber security capabilities within the company to ensure there is enough bench strength to mitigate the cyber risks. The reality is few boards and management have such expertise.
Bill: Yes. Company leaders need to invest in training in areas such as risk assessment and mitigation. They also need training in crisis management and communications, which are crucial in today’s world of instant news and active social media.
But classroom training can only do so much. You need highly realistic simulations where board members, C-suites and technical staff are made to work together to manage a cyber incident. This is the true test of a company’s cyber preparedness. We’ve been conducting such simulations at the Singtel Cyber Security Institute, which was set up to educate and train companies to better handle cyber breach incidents.
Bill: Cyber resilience requires active participation by all members of staff. Company directors and top management need to create a culture of cyber preparedness and sound security practices. Given how quickly cyber threats evolve, they also need to regularly review and update their cyber defence strategies across all levels of their operations. This means ensuring adequate funding and resources to support such strategies.
Top management should also examine their organisations’ supply chain, to assess the cyber risk posed by their contractors and suppliers. The negligence and lapses of supply chains have been known to contribute to serious breaches as well.
Bill: With cyber threats increasing in frequency, scale and sophistication, the reality is no single company or country can address these cyber threats alone. Many companies also lack the manpower to maintain an effective 24/7 cyber defence. The good news is, they can tap on the resources and capabilities of credible managed security services providers (MSSPs) that are global, have highly-trained cyber security professionals and offer real-time intelligence on cyber threats.
MSSPs themselves collaborate with global providers of cyber security technology solutions. This gives companies the convenience of dealing with only one party instead of multiple providers, each offering its solution to only one particular form of cyber threat.
This trend of engaging MSSPs has already caught on globally. We have seen more and more companies taking up partnerships with cyber security firms to install, monitor and maintain their cyber defence systems. Singtel’s cyber security arm, Trustwave, has reported that the number of companies worldwide that are partnering MSSPs has risen from 24% in 2015 to 33% in 2017.
Bill: Our cyber security solutions and services cover everything a company needs before, during and after a cyber breach. Managed advanced threat prevention and threat protection for a comprehensive range of endpoint devices and DDoS protection are just some of the solutions we offer. Our services include cyber security readiness assessment, vulnerability and penetration testing, incident response and forensic investigation.
Bill: It’s true that there is a severe shortage of trained cyber security professionals around the world, not just in Singapore. Some ways to address this is to retrain mid-career IT staff in cyber security, or partner institutions of higher learning to sponsor students in cyber security studies. They can also provide internship opportunities.
But the grooming process takes time. Singtel has been working closely with various government agencies and educational institutions to boost our force of more than 2,000 cyber security professionals globally.
We also launched the NUS-Singtel Cyber Security R&D Lab last year to conduct research on next-generation cyber security technologies, a facility that will no doubt be cultivating and attracting top security talent to Singapore.
