Geo Focus: Asia , Geo-Specific , Security Awareness Programs & Computer-Based Training

APAC Leaders Tackle the Top CISO Strategies in the Region

C-Suite Must Take the Lead to Establish a Strong Security Culture, Say Experts
APAC Leaders Tackle the Top CISO Strategies in the Region
Singapore skyline at sunrise (Image: Shutterstock)

As businesses face sophisticated cyberattacks and deal with complex regulatory environments in the Asia-Pacific region, cybersecurity leaders say organizations have to frequently fine-tune their cybersecurity training and practices to stay viable.

See Also: OnDemand | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

In a panel discussion on the top leadership traits of chief information security officers at Information Security Media Group's Virtual Southeast Asia Summit on Thursday, cybersecurity leaders from the region discussed the top priorities for CISOs in 2024 amid the regulatory environment.

Sourabh Chitrachar, the regional vice president and head of Asia for technology strategy and operations at Liberty Mutual Insurance, said organizations should account for regulatory compliance rules and local businesses environments and tweak their strategies accordingly.

Chitrachar said security leaders must enable a security culture through simulation-based training that mimics real-world experiences - as opposed to traditional classroom-based security awareness training.

The right approach also depends on the employee demographics in certain locations and regional cultures. "Demographics play a very important role in terms of what's the maturity, openness to doing things, etc. Based on a mixture of these factors, companies try out different tactics. There's a huge learning experience out of this: How do you perform the next round of training?" he said.

Justin Ong, APAC CISO and chief privacy officer at Panasonic Asia Pacific, advised cybersecurity leaders to view cyberattacks from the perspective of business impact rather than from an IT security angle because of the real-world operational effects a successful attack can have.

Ong said the top management needs to lead from the front to minimize risks, and this makes employees at lower levels understand that security is a management priority. At the same time, security leaders must simplify training practices to keep workers attuned to organizational goals.

Jagathesh Rajavasagam, risk and cybersecurity officer at Abbott, said the most sophisticated state-sponsored cyberattacks are coming from four countries: Russia, China, Iran and North Korea.

He called for a high level of clarity among security leaders on ensuring absolute visibility over the business operating environment and aligning their practices with regulatory rules in countries of operation.

"Enterprise security leaders have to focus on implementing security by design, privacy by design, changing the organizational security culture and setting the tone right at the top in terms of establishing security awareness," he said.

Rajavasagam said prevention solutions will not always succeed, and attackers will eventually find a way to penetrate organizational defenses. To prepare for that, security leaders have to continuously sharpen their incident response strategies based on the threat environment; the vulnerability of installed systems, including legacy systems; and the risks posed by emerging technologies such as quantum computing.

"If your organization is in the banking and financial services industry, you as a security leader should focus on three things - confidentiality, integrity and availability," he said.

About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.