This roundtable debate centers around CISOs and what kind of leadership strategies are used to tackle security issues, particularly in the Asia-Pacific region.
Technology leaders and CISOs are becoming increasingly aware of their security system’s vulnerabilities and the idea that cyber attacks are simultaneously becoming more advanced.
The panelists of this roundtable debate discuss their region’s awareness of cybersecurity. They focus on the challenges they face in their sectors and assess their situation compared to other global regions.
The speakers at this roundtable include Lauro Matias, Chief Information Officer at Philippines-based construction company EEI Corporation, and Krishnamurthy Rajesh, the Director of Information Technology at the New Delhi-based warehouse robotics company GreyOrange, as Mark Chillingworth moderates.
“Whether we like it or not, hackers are actively collaborating together. We’re at a disadvantage if we don’t collaborate as well”, said Lauro.
Krishnamurthy also believes that cybersecurity is “everyone’s responsibility”. He explained that one of the most important stages of the cybersecurity process is how quickly a company’s CERT responds to an incident.
“How much information can they extract about the nature of the attack?”, he asked.
“The days are gone where you say you are following a particular framework or standard”, Krishnamurthy said. He believes that cybersecurity cannot be observed from one industry’s perspective; this alone would not be enough to reduce the damage caused.
Current security and leadership strategies
Elsewhere in the debate, the two security leaders also commented upon visible changes to the CISO role.
“There is a very visible evolution that is happening right now”, said Lauro. He stated that the majority of companies in his region are still adopting the reactive security approach – setting security parameters covering the entire area.
Meanwhile, there are companies taking on the Zero Trust security model. According to Lauro, the Zero Trust strategy is getting “a very good bandwagon effect” in the region.
Cybersecurity is no longer about focusing on the entire perimeter; now it hones in on defending what is considered important. Lauro states that as a result, measures have gone from reactive to proactive.
Krishnamurthy said that data privacy is becoming more important in his region, with more focus on taking multiple preventative measures.
“Start-ups are coming in and helping automate a lot of processes”, he said, “ and organizations are taking this on a serious note”.
Krishnamurthy added that there should be a focus on those directly responsible for security and leadership strategies. His view is that they are susceptible to human error.
He believes it boils down to one question: How do you set a parameter to ensure that you perform these tasks in an objective and efficient way?
The answer is to start thinking about identifying the risk and taking the appropriate action. Krishnamurthy said that companies need to start thinking about utilizing the automated tools they have on hand — more specifically, AI.
Importance of budget
Lauro stated that one of the main challenges he experiences in his region is the limited budget set for security purposes. The budget is the key to getting your company the right resources and tools to fortify the security perimeter.
Krishnamurthy agreed that budget allocation is crucial to a company’s security component: “We want to have some budget set aside for certain activities”. Nevertheless, he revealed that going to the company’s board to get the “right set of budget and right set of talent” is always a challenge because of their reactive mindset.
He explained how companies in his region, rather than putting more effort into prevention, focus their teams on reacting to the aftermath of an attack.
The pandemic and security
Lauro believes that the pandemic forced a different way of working.
From a local perspective, “it has put a spotlight on cybersecurity to the extent that it has raised a sort of awareness”. He explained that this new awareness would drive companies to take precautions and provide more cybersecurity. This in turn encourages the company to leverage the extra budget they have acquired. This new addition can help prevent any attacks from happening in the future.
Krishnamurthy said: “The words information security and data privacy are used to create fear rather than actually giving a solution”. He went on to describe how the issue isn’t regarded as a high priority.
Krishnamurthy has asked us to look at the issue from a security and leadership perspective. There are certain features in a product that are meant for a global standard. These features don’t benefit smaller organizations with different ecosystems. When vendors approach companies they, “come to sell a product but will never sell a solution”.