• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Board thinks security pros exaggerate threats and issues

FutureCIO Editors by FutureCIO Editors
April 12, 2022
Photo by Kampus Production from Pexels

Photo by Kampus Production from Pexels

The Sophos report, Future of Cybersecurity in Asia Pacific and Japan, reveals a lack of boardroom awareness of cybersecurity, and a broad assumption from executives that their company will never get attacked, despite rising ransomware incidences, impact, and cost.

Cybersecurity education starts at the top

The top two attack vectors of concern for Asia-Pacific and Japan (APJ) organisations are directly addressable by ongoing education and awareness campaigns: phishing or whaling attacks, and weak or compromised employee credentials.

Despite cybersecurity expenditure and self-assessed maturity rising over the past 12 months, only 37% of companies surveyed in Singapore believe their board truly understand cybersecurity.

The top frustration expressed by cybersecurity professionals in Singapore is that executives assume cybersecurity is easy and cybersecurity professionals exaggerate threats and issues. Of Singapore respondents, 89% believe cybersecurity vendors do not provide them with the information they need to help educate executives, and 75% agree their biggest security challenge in the next 24 months will be the awareness and education of employees and leadership.

Aaron Bugal

Aaron Bugal, global solutions engineer, APJ, at Sophos says with ransomware attacks continuing to become more complex, organisations need a genuine, actionable cybersecurity education program. He added that the current reactionary tendencies we’re seeing have created an ‘attack, change, attack, change …’ cycle regarding cybersecurity strategies, which is putting cybersecurity teams constantly on the backfoot.

“Shifting priorities to become more proactive must start at the top and requires direction from executives, including investments in awareness and education across entire organisations,” he continued.

The skills shortage continues to wreak havoc

The skills shortage continues to be a key focus area in organisations across the region as well as in Singapore. About 72% of Singapore firms surveyed expect to have some problems with recruiting cybersecurity employees over the coming 24 months; 21% expect to face a major challenge.

With recruiting continuing to pose issues, companies have identified the priority areas they feel skills and capabilities need to be increased for internal security specialists. These include:

  • Cloud security policies and architecture
  • ‘Train the trainer’ employee and executive cybersecurity training skills
  • Software vulnerability testing
  • Staying up to date with the latest threats
  • Policy compliance and reporting

Cybersecurity professionals’ top frustrations

The survey also highlights that cybersecurity professionals face a variety of challenges and frustrations in their roles, most of which are related to awareness, perception, messaging, and education. The top three frustrations in Singapore are:

  1. Executives assume cybersecurity is easy and cybersecurity personnel over exaggerate threats and issues
  2. An over-reliance on fear and doubt messaging makes it hard to educate executives
  3. Cybersecurity is frequently relegated to priority

Additional frustrations experienced by cybersecurity professionals across the region include:

  • Executives think there is nothing that can be done to stop attacks
  • Inability to keep up with the pace of security threats
  • Not enough investment and time into training general staff

According to Bugal, cybersecurity professionals continue to face many frustrations in their roles this year, with many feeling their warnings and messages fall on deaf ears. Apart from lacking skilled security specialists, many of the other frustrations are directly addressable through education and awareness programs, starting at the executive and board level.

“The challenge for cybersecurity professionals faced with low levels of security understanding among company boards is that many are unlikely to invest in the necessary programs to alleviate these frustrations,” he added.

“The issue isn’t technology, it’s education. Increasing spending on cybersecurity won’t help unless organisations understand from the top down the true nature and critical threat that cyberattacks constitute to their organisational capabilities, their customers and their own existence.”

Cybersecurity education must become a focus.

A five-step approach to bring organisations up to speed on cybersecurity education

  1. Boards need help to understand it’s impossible to protect everything and learn to prioritise the most critical information, data and systems to protect.
  2. Education courses on basic principles, the genuine likelihood of an attack, attack vectors, threat actors, and other terminology should be available to all staff.
  3. Once basics are clearly defined, organisations need to develop strategies and integrate them with digital transformation programs.
  4. The focus then becomes more operational in nature: applying legislation, breach response protocol, ransom payment policy, gap assessments, and future roles and obligations.
  5. Businesses need to clearly understand compliance, the regulatory environment under which the business operates, what’s legally required when breached and what are the appropriate controls around data security and management.
Related:  Why passwords should die
Tags: cybersecuritySophos
FutureCIO Editors

FutureCIO Editors

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe