CyberArk Regional Director ASEAN Teck Wee Lim discusses how businesses can help mitigate against evolving cybersecurity threats.
By Teck Wee Lim
Network security breaches have become more time consuming for companies to combat as networks have grown more complex. Security vendors have, in turn, relied more heavily on technology to enhance solutions and services in conjunction with rising risk levels.
Despite these efforts and multiple competitive offerings available in the marketplace, cyber attacks largely continue unabated. In Singapore, experts have noted that human lapses can be as much to blame for this as network vulnerabilities.
In light of these challenges, the task of protecting Singaporean corporate networks can appear daunting for IT executives, and, the industry needs to have the answers to this seemingly endless cat and mouse game.
Tech talent gap remains gargantuan
With the rapid evolution of technology, companies have been challenged to fill roles related to the cloud, data analysis and networking with skilled professionals. The security profession is no different, as this talent crunch affects the entire global industry.
An overwhelming number (93%) of Singaporean IT leaders agreed that the country does not have the talent available to achieve its Smart Nation goals according to a Robert Half survey.
According to the survey, companies are failing to find the best tech talent to drive innovation and business growth due to the widening skills gap, exacerbated by increased demand and intense labour market competition. Employers are struggling to fill specific functional areas, namely IT security (59%), cloud technology (36%), business intelligence (28%), IT management (27%) and business analysis (25%).
To help alleviate this global issue, the Economic Development Board and Enterprise Singapore have introduced a new initiative to help companies gain access to the talent they need across borders.
Digitalisation is a strategic priority for a majority of forward-thinking companies, but so their employees must keep their skills updated to match the pace of change.
Traditional IT workers have also taken on new roles, as security responsibilities rise higher on their checklists. In modern IT organisations, the reality is that all professionals need to be aligned with the digital journey businesses are taking.
This requires working across the organisation to help deliver desired business outcomes while reducing risk. It is not about perfect security but setting a risk profile for the business based on its appetite for risk, industry sector and the types of threats it faces.
Vulnerabilities in systems and network infrastructure
IT leaders and security industry professionals must come to terms with the fact that systems and network infrastructure vulnerabilities are continuing to increase and act on it.
Across security applications, endpoints and network infrastructure there will always be vulnerability but what is important is the actions we take as an industry to combat them. That means considering what is exploitable, what is realistic and the various ways the business can be impacted by a security breach. Answering these questions will help IT leaders determine where the department’s time and money should be invested.
This is a vastly different approach than what was historically practiced in IT. Before, security was predicated on a situation where only on-premises hardware had to be considered in the security sense. Now, much of an organisation’s critical assets and data are scattered across various cloud providers in several countries.
Future of identity and data
In light of this new reality, two areas of security are going to become the cornerstone of successful IT security strategies going forward. The first is identity, or the management of who has access, what they have access to (and when) and how that access is managed. Second is the data itself. That includes managing where it is located, who has access and determining what is most valuable.
Modern companies on the road to digital transformation must protect the most valuable of its data at all costs to maintain trust, grow revenue and support on-going operations.
The key to both security strategies is privileged access, or the special permissions humans, applications or machines need to manage and control critical assets. In nearly every breach, privileged access is compromised in order to assume identities and access data. It is critical to manage and protect privileged access wherever high value identities and data reside – whether that is on-premises or in the cloud.