Responsible Cyber
Published in

Responsible Cyber

Building and having a cyber ready and resilient business is a competitive advantage

Contributions from Wen Sin Lim

As organizations increasingly deploy new technologies and focus on cloud adoption, artificial intelligence, and blockchain business implementations to enhance their products and services, their attack surface rises with new cyber risks. The current transformation from traditional business models to fully digitalized ones require businesses to consider security and privacy by design in order to become cyber-ready and build their cyber resilience.

The interconnected ecosystem brought by digitalization and the lack of borders on the Internet carries to the business stakeholders additional significant challenges, going from compliance with local privacy regulations to assurance of efficient security controls to protect their own digital assets. In this shifting landscape, where the interconnections go beyond technology, and impact partners, clients and vendors as well, businesses require a more mature approach to cyber security where the three major pillars: people, process and technology are implemented efficiently avoiding a check-the-box exercise.

Building a business cyber resilience entails the management involvement and willingness to understand the importance of cyber risks and define them as one of the top enterprise risks. Cyber resilience is — in my opinion — equivalent of a maturity level where the organization itself is fully conscious of the implications of the technology adoption, and under-stands its risks, accordingly, avoiding a focus ONLY on technology, and ensures an adequate incident management process. It never was IF but is always WHEN the company will be under attack.

As per the current head titles in the news, data breaches are becoming a popular topic, and it does not seem to decrease over the days. Therefore, a layered defense - including people, process and technology controls -is the only way to achieve resilience for businesses.

Cybersecurity is sometimes just seen as a pure necessity or annoying duty. How can organizations make more of it? How can they use it proactively as a competitive advantage? Could this be the key to become a winner of digital transformation?

Online fraud, scams and identity thefts are growing at an increasing rate, in alignment with the growing number of cyber-attacks and data breaches. According to a survey released by RSA Security and LightSpeed Research already several years ago, consumers were happy to increase their online transactions if the companies ensured them strong authentication. The responders also confirmed that they were willing to switch companies having stronger authentication methods.

Business is all about trust and this trust needs to be provided to customers, in general. Thus, can organizations be trusted in an era where the data is completely digitalized if they do not implement the right controls to ensure confidentiality, integrity and availability of the data? As per a PwC consumer intelligence report, nearly 87% of consumers say they will take their business away if they don’t trust a company is managing their data responsibly. And, only 25% of respondents have confidence in companies handling their sensitive personal data responsibly.

In nowadays world, building and having a cyber ready and resilient business is a competitive advantage and should be a business priority. If your customers are not able to trust you, they will not be able to continue doing business with you.

What are the biggest security challenges organizations will face during the upcoming 12 months and how can they best possible master them?

As per ENISA’s report, the upcoming cyber threats for the next years are crypto mining, malware including ransomware and phishing. Those are the most popular type of attacks that I have been seeing across industries.

Every day, we have around 350 000 new malware that are released by cyber criminals, and therefore this numbers proves that this particular threat is definitely not stopping. Ransomware has been popular in Asia, and the polymorphic nature of the malware makes it very hard for technology alone to address the attack in a timeline manner. That said, the security challenges that organizations are facing are in particular due to a lack of understanding of their cyber risks, lack of efficiency of security controls, and new technologies adoptions without analyzing the associated risks and attack surface increase.

The forecasts for 2025 include as well additional challenges related to Internet of Things, Artificial Intelligence, Machine Learning, and Quantum Technology. The implementation of quantum computing capabilities raises important questions about cur-rent security controls, including for example cryptographic algorithms and their resilience. It also raises questions about the practical implementation as the technology development might be faster in some geographical areas vs others, creating important disparities between organizations, and countries as well. This accelerates as well ethical, economic and other sociopolitical concerns including worldwide criminal activities.The Internet of Thing would create an immense network of data flows across the global ecosystem that would require either strict regulation or imposed security framework to enhance the overall security of those new connected devices.

Predictions show that machine learning will have an important impact on the human part, with an increasing automation around processes. This might help efforts in the area of identity theft, fraud and data breaches. However, at the same time the technology might be as well used for bad by the criminal groups.

Original Article was supposed to be published on Command Control.

Who am I ?

I am a keynote speaker, a serial entrepreneur and a senior cyber security expert.

I am a strong activist for women in security, and I founded the Women on Cyber, supporting female professionals in the industry.

I am a member of the Advisory Board for the Executive Summit at Black Hat Asia, and I am the co-founder of Responsible Cyber Pte. Ltd., a Singapore-based start-up with NUS Enterprise, the entrepreneurial arm of the National University of Singapore, and Singtel Innov8, the venture capital arm of the Singtel Group, as its shareholders. The company has been valued at 7 Million SGD in May 2020.

I have a PhD in Telecommunication Engineering issued by Telecom SudParis and speak fluently 5 languages.

My research topics have been focusing on Cyber Security, the future of localisation and positioning, education and more. My writings around cybersecurity have been featured by IEEE, RSA Conference, CYBERSEC, World Congress on Internet Security (WorldCIS-2016), CYBER RISK LEADERS Magazine, among others.

My research is published gradually on Google Scholar: https://scholar.google.com/citations?user=FcFGzMAAAAAJ&hl=en

I speak about cybersecurity in general with a focus on cyber risk management, hacking and diversity and inclusion in the field.

I welcome you to watch some of my insights on Channel News Asia for a Documentary on the Dark Web (at 18:09mn approx): https://www.channelnewsasia.com/news/video-on-demand/the-dark-web

Follow me on Social Media:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dr Magda CHELLY, CISSP, PhD

Dr Magda CHELLY, CISSP, PhD

Cyberfeminist | Entrepreneur | Former CISO | PhD, CISSP, S-CISO | CoFounder @R3sp_Cyb3r | @womenoncyber | Documentary The Dark Web on @myCanal