Cybersecurity is at the top of the agenda today in many boardrooms and executive suites. Two recent books of essays published by Forbes, in association with Palo Alto Networks—Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers—Australia and Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers—Singapore—offer expert guidance. This advice is tailored for directors and officers of Australian and Singaporean companies and organizations.
Bad actors can now find a way into a system through the most obscure and innocent means: a click-through on an emailed photo of your daughter’s soccer match, the billing system of a trusted vendor—even systems that were not meant to be connected to the public Internet, such as an industrial control system or an MRI machine.
One example of the way these guides are tailored to issues in their respective regions: the Australia guide includes an essay on the cybersecurity skills gap. The lack of skilled and experienced cybersecurity professionals is a concern, yet career paths within the field remain unclear and job titles can be confusing. There is often a discrepancy in compensation expectations between employers and applicants. Rather than building talent from within, many organizations poach from each other, which merely shuffles the existing talent pool.
Yet recruitment agencies don’t do much head-hunting overseas to fill these positions in Australia, and cybersecurity is still not on the list of professions for skilled migrants, despite Australia’s location near Asia, which has many skilled cybersecurity workers. In fact, there has been something of a brain drain in the field, mostly to the U.S., where cybersecurity superstars can earn huge salaries. Given the rapidly rising demand for these skills, all these factors must be addressed.
Another example: the Singapore guide includes an essay on the threat to public transportation systems and Singapore’s National Cybersecurity Approach. “Air-gapped” networks, not connected to the public Internet, used to present enough of a barrier to protect them from viruses and hackers, but they are no longer immune. Advanced Persistent Threats, often orchestrated by state actors, show that perimeter security controls no longer guarantee safety, and the consequences of a cyberattack on a rail or subway system, for example, could be deadly. The essay outlines the challenges and the steps to be taken to ensure an effective security program for public transportation.
Like any business risk, cyber threats are evolving—and so should your organization’s response. Security risk should be a top concern of executive management and the board of directors in order to protect your business and your customers. Too often, business leaders view security as a matter of compliance and control, which can set up a clash between the needs to protect assets and to foster productivity.
However, cybersecurity can support the goals of senior executives to keep the company running and profitable. The insights in these guides include advice and best practices from Australian, Singaporean and international thought leaders who are chief executive officers, chief innovation officers, CISOs, lawyers, consultants, and former and current government officials. At the heart of every business should be effective risk management, a thorough understanding of the risks, as well as pragmatic solutions, which include better training and awareness.
These experts also share their expertise and insights about the levers of control that boards and executives can exercise when it comes to cyber risk, as well as practical advice on how organizations can cut through the hype, prioritize what to protect, build cyber intelligence through greater cooperation and make their organizations more resilient.