What Keeps APAC CISOs Awake at Night: Addressing the 4 Key Concerns

by Teong Eng Guan, Regional Director, Southeast Asia and Korea, Check Point Software Technologies

In today’s rapidly evolving tech world, the role of Chief Information Security Officers (CISOs) is more crucial than ever. These individuals are responsible for safeguarding their organisations’ digital assets and protecting against cyber threats. This is not an easy task, just looking at the sheer volume of data to comb through, and the ever-persistent attack surface.

However, a recent IDC survey found that the CISO role has been evolving. CISOs today are expected to balance dual responsibilities as both a cybersecurity leader and a business enabler. In fact, 38% of the respondents in the survey agree that they are expecting changes in their work scope in the next 12- 24 months to accommodate more business-focused responsibilities.

As if they didn’t already have a mountain of tasks to tackle! Those are quite some shoes to fill, even more so for the Asia Pacific (APAC) region.

According to Check Point Intelligence, an organisation in APAC has been attacked on average 1,937 times per week in the last 6 months. This average is 68% higher than the global average of 1,151 attacks per organisation. Check Point’s latest Q1 cyber attacks report further underscores this concerning trend, revealing a 16% year-on-year rise in cyberattacks in the APAC region. With statistics like these, it is no wonder CISOs often find themselves grappling with challenges that keep them up at night.

Today, we delve into 4 key concerns that occupy the minds of CISOs and outline strategies to address them effectively.

1. Cyber resilience
In an era plagued by daily cyberattacks, safeguarding your company’s assets is paramount. Global cyberattacks in Q1 2024 have seen a 5% uptick compared to last year’s figures, and a whopping 28% increase in attack volume as compared to the previous quarter.

With the interconnectedness of IT systems and the evolving threat landscape, the ability to anticipate, respond to, and recover from cyberattacks is critical and essential for maintaining business continuity. To address this concern, CISOs should focus on:

• Business Resilience: Implement a robust business continuity and disaster recovery plan that ensures the organisation can continue its essential functions during and after a cyber incident.

• Proactive Intelligence: Adopt a proactive approach by leveraging threat intelligence to identify and mitigate potential threats before they impact the organisation. Regularly update incident response plans to align with emerging threats.

• Building Customer Trust and Confidence: Communicate transparently with customers about cybersecurity measures in place, demonstrate commitment to data protection, and invest in technologies that enhance customer trust, such as encryption and secure authentication methods.

2. Talent
The 2023 ISC2 Cybersecurity Workforce Study estimated a record-high workforce gap of 2.6 million in the APAC region. Despite increased demand, there is a severe shortage of cybersecurity professionals in the market. The report estimated that the region only has a workforce of 960,231 currently. 41% of the APAC organisations surveyed also felt that they were not adequately equipped to respond to cyber incidents in the next 2-3 years.

As with supply and demand, attracting, developing, and retaining top cybersecurity talent becomes an ongoing challenge for CISOs. Some tips that may help smoothen this process include:

• Attractive talent packages: Offer competitive salaries, benefits, and professional development opportunities. Foster a culture of continuous learning and provide avenues for employees to enhance their skills.

• Educating and training the next generation of professionals: Initiatives like collaborating with schools through cybersecurity educational programs can help future-proof the cybersecurity talent pool. With exposure to the subject from a young age, students can help foster interest and accessibility of the skill. It is important to encourage a safe environment for exploration and learning, through cybersecurity clubs or connecting students with mentors and role models in the industry.

• Culture: Create a positive and inclusive work environment that promotes creativity, innovation, and a strong sense of purpose. Recognise and reward achievements to boost morale and job satisfaction.

3. Cyber at the speed of business
In a world where businesses are constantly adopting new technologies and engaging in digital transformation, “cyber at the speed of business” emphasises the importance of security measures that can keep pace with the dynamic nature of modern business operations. It signifies the imperative for cybersecurity to support the business at the pace of technological advancements and business innovations, without hindering or slowing down business processes.

While this might seem like a tall order, it is possible. CISOs can address these concerns through:

• Scalable Security Architecture: Implement security solutions that can scale with the organisation’s growth. Adopt cloud-native security practices and solutions and leverage automation to efficiently manage security at scale. Embracing AI-powered platforms and defensive assets to guard against today’s ever-growing AI cyberattacks is also a step in protecting the future.

• Digital Transformation Security: Integrate security measures into digital transformation initiatives from the outset. Ensure that security is not an afterthought but an integral part of the development lifecycle.

• Securing the Supply Chain: Assess and monitor the cybersecurity posture of third-party vendors and partners. Establish robust contractual agreements that prioritise security standards and conduct regular audits to ensure compliance.

• Cyber Transformation: Continuously evolve cybersecurity strategies to keep pace with emerging threats. Regularly update technologies, conduct risk assessments, and engage in cyber threat hunting to stay ahead of potential vulnerabilities.

4. Demonstrating Cyber Risk
As if it weren’t tough enough already, effectively demonstrating cyber risk to boards and key stakeholders is an additional responsibility shouldered by CISOs. This demands a delicate balance between technical depth and accessible communication, requiring them to distil complex cybersecurity concepts into clear narratives that resonate with non-technical audiences.

• Confidence of Boards and Regulators: Develop clear and concise reporting mechanisms to articulate cyber risks, mitigation strategies, and incident response plans to boards and regulatory bodies.

• Risk and Compliance Management: Establish a robust risk management framework that aligns with industry standards and regulatory requirements. Conduct regular risk assessments and ensure compliance with relevant data protection laws and regulations. It is critical to ensure that decision-makers grasp the potential impacts on business operations, reputation, and financial well-being.

Amidst the ever-evolving landscape, CISOs serve as both guardians and educators, reinforcing the need for continuous evolution, proactive strategies, and a resilient cybersecurity posture. It is through these efforts that organisations can navigate the complexities of the digital realm and safeguard their invaluable assets in the face of escalating cyber threats.