Cybersecurity should be an organizational concern in the digital age, but lax company policies remains a key threat among firms, experts said.
While cyber-attacks are widely recognized as a real threat to businesses and individuals today, a panel of experts recently observed the gap between awareness and action taken by companies here.
Panelist Raju Chellam, Fellow of Singapore Computer Society, urged companies to make cybersecurity “the responsibility of every employee” and take actions to demonstrate consequences of non-compliance with company policies.
“Having a malware on an individual’s device may pose little immediate danger to the individual,” Chellam said, speaking at the MDIS event.
“However, most hackers are just looking for that one right chance, when the individual plugs his device to a company network to find a wealth of important data that may give him the financial gain he’s looking for.”
He added that firms, particularly small and medium enterprises (SMEs), tend to be “lax” when enforcing strict cyber policies. This is not the case in other advanced markets.
“My research in Israel showed a serious attitude among companies there on their view of cybersecurity practices,” he said. “Employees can be dismissed on grounds of poor cyber hygiene that may compromise a company’s system.”
Companies should step up efforts, as 53% of cyber incidents were caused by employees either through administrative errors or through the loss of a company device, according to the 2019 Chubb survey in Singapore.
Anthony Lim, Director – Research & Alliance, at Centre for Strategic Cyberspace + International Studies Singapore, agreed that every individual of the organization has a role to play.
He reminded companies of basic cyber hygiene that every individual of the organization must practice as a form of safeguard. This could be something as simple as good password management.
Staying abreast with the latest cyber development is also essential for companies to identify how their cybersecurity solutions must evolve to respond to increasingly sophisticated threats.
The breakneck speed of digital transformation also adds great stress to businesses in adapting their cybersecurity approaches, said Dr Lee Hing-Yan, Executive Vice President, APAC, at Cloud Security Alliance, a not-for-profit organization.
“The irony of having more digital solutions is the opening up of new or evolving threats,” Dr Lee said.
“Organizations, even when they can afford the expenses, tend to see cybersecurity as a cost and not an investment that brings value to the business.
“It is thus important for companies to undertake risk assessment to analyze the potential business losses in the event of not having cybersecurity in place.”