Jeff Chau - Hong Kong Computer Society (HKCS)More Blogs
What is Cybersecurity and why does it matter?
Cybersecurity is by no means one of the hottest topics in the Information and Communications Technologies industry. The “New Normal” business environment, which increased the adoption of working from home and cloud computing, has shifted Cybersecurity’s importance to the forefront.
For most of the organisations, Cybersecurity is about the protection of information / company assets regardless whether it is in digital form stored in a desktop/server (data at rest), in transit over a network (data in motion) or being displayed on screen (data in use).
For industries such as financial services whose operations are subject to regulatory requirements, Cybersecurity professionals play a vital role in ensuring that the setup of Cybersecurity architecture can comply to the regulations to protect their businesses, customers and stakeholders.
Indeed, Cybersecurity is essentially a business enabler that can help organisations growing their scales. One of the examples is multi-factor authentication mechanism that allows only the authenticated and authorized user can get access to the required resources / website / application via something the user knows (password) and the user possesses (security token). Without it, services such as smart banking / e-trading would not be made conveniently available.
What are the trends in Cybersecurity and the impacts?
In today’s Cybersecurity domain, its capability has already widened from data protection to vulnerability management and continuous threat monitoring and response. It is evident by the change of business model – more IoT new devices, vulnerabilities from outdated system and ineffective management, risks through increased work from home, denial of service attacks and ransomware attacks and data privacy are the highlighted trends only.
It is worth noting the following two examples of Cybersecurity incidents that created severe business impacts to the society.
On December 13, 2020, hackers used a method known as a supply chain attack to insert malicious code into the SolarWinds Orion system (an American company that develops software for businesses to help manage their networks, systems and IT infrastructure). A supply chain attack works by targeting a third party with access to an organisation’s systems rather than trying to hack the networks directly. The attack caused costly inconvenience to tens of thousands of SolarWinds customers, who had to check whether they had been breached, and had to take systems offline and begin months-long decontamination procedures as a precaution1.
On May 07, 2021, another highly publicised case – Colonial Pipeline, an American oil pipeline system mainly serving Southeastern United States, suffered from a ransomware cyberattack that impacted computerised equipment managing the pipeline and halted operation for 6 days and caused gasoline shortage national-wide2.
The key point is Cybersecurity has a vital role to play in safeguarding organisational assets and business operations and continuity – essentially an inseparable business function.
What is the challenge and opportunity in Cybersecurity?
As digital business has driven most organisations to adopt to the new business practices, organisations should carefully evaluate and incorporate Cybersecurity into their business design – that is integrating Cybersecurity into the business and technology environments; from business requirements, application development, testing and use and disposal of business components.
The obvious challenge is skills and knowledges in current Cybersecurity domain that have changed rapidly from the traditional ways – strategy and governance, design and engineering, operation support and incident response. According to results of the 2020 (ISC)3 Cybersecurity Workforce Study (from 3,790 security professionals from small and medium and large organisations globally) that 64% had experienced shortage in Cybersecurity professionals.
Opportunity is huge in Cybersecurity field. Hence Cybersecurity professionals should raise their skillsets to upkeep their knowledges and capabilities in this critical domain. Resources such as National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organisation for Standardization (ISO) 27001 Information Security Management are some of the useful tools to help professionals understand and improve their organisations’ Cybersecurity risks and postures.
To conclude, if you are interested in or already in the Cybersecurity field, you are in the right track.
Source 1, 2 & 3: Wikipedia.
About the author:
Jeff Chau is member of executive committee of Cyber Security Specialist Group, Hong Kong Computer Society and Director, Digital Transformation in Information Union World Company Limited, specializing in cybersecurity consulting and transformation. Jeff is a seasoned Digital Transformation professional across sectors in Financial Services, Insurance and Enterprises. With passion in Cybersecurity, Jeff advocates “Cyber Health” for better cyber wellbeing through risk rating and Third Party Risk Management programmes to facilitate Regtech adoption and address governance, risk and compliance requirements.