Whilst cybersecurity is crucial for every organisation, it is especially important for those that operate critical national infrastructure. For these organisations, a cyber incident may have serious consequences to national, or even international, economies.
As one of the world's largest port operators, PSA International falls into this category, employing over 30,000 people across the globe, with terminals in Europe, Asia, and the Americas.
With so many employees, such geographically dispersed operations and such critical operations to the global supply chain, PSA International has developed an impressively mature cybersecurity strategy to manage these risks.
To learn more, we spoke with Steven Sim who leads the PSA Group's IT Security Centre of Expertise (CoE), which assists with the franchising of good cybersecurity practices to PSA offices and terminals around the globe.
Richard Pain: How do you disseminate cybersecurity best practices to PSA departments around the world?
Steven Sim: Just like with everything to do with cybersecurity, there's no silver bullet, so we use a variety of methods.
At a strategic level, PSA International has a high regard for cybersecurity and it's a board-room conversation. IT security stakeholders already feed into group IT security standards, use policy and advising the best means and preferred technologies to be rolled out group wide. With this model, IT and security practices are harmonised across the company.
When it comes to the operational level, we host quarterly webcasts with various IT security offices across the globe to fill them in on the latest cybersecurity updates, the level of security posture to adopt and how to handle such threats. We have also developed a knowledge exchange platform between our various locations, so if something happens in one part of the world, the rest of the teams are alerted immediately.
Communication is key and it has to be at all levels, not just to end users but across all different levels, from the board level to the system users who are monitoring the logs for intrusions. It has to be a holistic and multi-faceted program.
The effectiveness of IT security within an organisation depends on the ability to support it with auxiliary processes as well. I have seen organisations that simply purchase technology to solve problems, but this does not work unless it's sustained with strong processes and people with trained skillsets.
Sign up for CIO Asia eNewsletters.