The CSI also runs a programme for management, which teaches not just IT security, but also the necessary steps to take when an incident happens such as when to make a police report, when to start speaking to the media and what information to share. "This is crucial because these things can affect not only your brand reputation it can also affect your share value," explains Tan. "TalkTalk, a telco in the UK is one example. They had a breach and initially their assumption was that it was something major. Fortunately this was not the case, but the news was already out and the damage was done. As a result they lost customers who no longer had confidence in the way TalkTalk secured their information."
What then for the future of cybersecurity? With a greater focus on cybersecurity from the onset of a new project, is the future secure? "We see hundreds of cybersecurity companies and start-ups coming out with new solutions," says Tan. "Unfortunately it's not going to make cybersecurity simpler, it's going to make it more complex." This is a problem that organisations are already wrestling with and by the sounds of it, one that is unlikely to go away. In response, Tan suggests outsourcing certain aspects of IT security to a trusted third party. "Organisations need people who are adequately trained and up-to-date with the latest attacks, techniques and tools. Unfortunately, bringing that in-house is not something every organisation can do because it's very expensive. What I see is that companies will start looking for specialised security solution providers to complement their existing security team and provide that additional protection, as well as remove the complexity from the solutions perspective, so that their employees can focus more on compliance, ISO, audit requirements and so on."
Tackling the new cybersecurity landscape requires a new approach in terms of preparing your organisation as though being breached is an inevitability, incorporating cybersecurity from the onset of project planning, raising awareness throughout your organisation and outsourcing certain aspects of cybersecurity. Assistance to help adopt this new approach is available and the need to make this change has never been greater, the only question is whether you will be the one to drive this change and fundamentally enhance your organisation's cybersecurity.
Sign up for CIO Asia eNewsletters.