The Singapore Cybersecurity Strategy 2021 announcement recognised the need for a ‘’zero-trust’’ mindset approach to protecting organisations from new technological exploits and malicious actors.
This couldn’t be timelier – the supply-chain and ransomware attacks over the past year on JBS, SolarWinds, the Australian Parliament and AXA highlighted that we’re now in a cyber pandemic, and existing cybersecurity management strategies are not effective enough for the new normal.
Prasad Mandava, MD India, VP of Engineering at Akamai, noted that with the shift to the work from home (WFH) model, the pandemic accelerated digital transformation for many organisations globally and in APAC.
However, the accelerated activity has also attracted criminal elements. “The rising connectivity has also resulted in a greater attack surface for cybercriminals to exploit, and we are seeing more phishing, ransomware and supply chain attacks as organisations struggle with the migration to the cloud, skill shortages, increased attack activity and new security developments,” he continued.
He did, however, acknowledge one upside in all this. It has increased awareness of the importance of upgrading cybersecurity strategies and tools to adapt to new threats, and that will help organizations move forward and build a culture of security in the future.
Fit for purpose
Mandava commented that the shift to hybrid work and the increased use of a multi-cloud environment has meant that the old perimeter-centric security approach is no longer viable.
He opined those organisations shift their focus towards securing the edge and work with a cybersecurity provider which has an integrated platform, can address security needs from the edge and understands complexities arising from the new world.
“I would also suggest organizations future proof themselves with strategies like Zero Trust, where you never trust, always verify, and make sure access is only given to the right people,” he continued.
Security investment strategies
Adopting the belief that a security breach is inevitable while also recognizing a need to continue to innovate digitally while protecting valuable data, Mandava said the most critical step organizations can take is to put in place a strategy to minimise the risk of cybercriminals gaining access to different systems and reaching critical assets.
“With the new threats out there, they would need Edge security, a security provider to be close to their endpoints, users and applications and to put in place various strategies like Zero Trust,” he suggested.
Security is a journey
Mandava proposed that security is not a product and that the process of securing an enterprise is a journey. “We believe organisations willing to shift from a static approach, into one that views their cybersecurity strategy as an ongoing journey with multiple steps, will have an easier time when it comes to transitioning their workforce securely into a hybrid world,” he explained.
“At a high level, they should start off by understanding the external threat landscape and which threats are of relevance to their organisation, and assess if their existing cybersecurity provider, tools, and measures are sufficient.
“Most importantly, they must treat their cybersecurity strategy as a live document to be reviewed regularly and keep abreast of cyber threats and events relevant to their industry and location. On a quarterly basis, the relevance of the strategy to the current threat climate should be assessed. Finally, a culture of security should be created across the organisation.
“I would also say it goes in order of awareness, education, then budgeting for strategy, followed by step-by-step execution. Organisations can start with a pilot, where they choose to secure valuable assets first, and then go on from there,” advocated Mandava.
Security is a business imperative
According to Mandava, cybersecurity is not a cost proposition but a business imperative. When explaining to the board or senior management, one suggestion is to present threat scenarios to management on what happens if valuable organisational assets get compromised, and how it can impact the company’s reputation and revenue.
2022 security strategy
He advocated approaching cybersecurity with a mindset that users, the devices, the applications, and the threats are anywhere and everywhere.
“It’s essential for the CISOs, CIOs to look at securing themselves from the edge, look for a cybersecurity partner who can secure at the edge and then future proof the business through security strategies, like the Zero Trust model,” he concluded.
Click on the PodChats player above and listen to Mandava elaborate on the
- How would you describe cybersecurity management prior to and during the pandemic?
- How should organisations adapt their cybersecurity management strategy for the new normal?
- How difficult do you think it would be for APAC businesses to transition? How can organisations adopt this effectively?
- How can the CIO/CISO sell the need for these security measures to the CEO/CFO and the Board? How do I sell an ROI/TCO story for this zero trust?
- 2022 is coming. What should the CISO and the CIO be doing to get their security frameworks up to par with current conditions?