Only 5 percent of observed companies were found to have well-positioned security programmes in place capable of effectively defending IT assets against advanced threats; and critical infrastructure industries were found to be the most at-risk, with 50 to 80 percent of government, finance service and telecommunications organisations facing significant risk exposure. Should there be any prolific breaches in terms of those vertical industries, such as politically motivated threats, attacks on payment systems or the leaking of confidential customer information, countries would be severely impacted economically and socially. Still, organisations overemphasise protection and prevention over detection and response, despite the fact that the former alone is essentially incapable of fighting the cyber threats of today.
The cybersecurity landscape is fast becoming a no-safe zone; but the good news is that it is possible to put up a good fight with a change of mindset and the realignment of security strategies to properly attack these cyber enemies before they even pose a threat. The technologies and software available currently are capable of delivering true visibility and threat intelligence to effectively manage digital and business risk.
Thus, it is critical for organisations to invest in such technologies to proactively identify and respond to threats, instead of relaying so predominantly on protection and prevention. The government and private sector should collaborate at the national level with initiatives and efforts that can provide both cyber resilience capacities and best practices across sectors. Across Asia Pacific, there is an upsurge of collaboration efforts.
Singapore has introduced a five-year National Cyber Security Masterplan 2018 to bolster the nation's cybersecurity by intensifying coordination efforts between the public, private and people sector. This is only the beginning as other nations such as China, Korea, Australia, Malaysia and Vietnam look to develop their cybersecurity infrastructures.
The truth is that no single actor can develop effective strategic solutions to cybersecurity challenges alone, attackers will always probe for weaknesses, and the purview of cybersecurity will always be shifting and redrawn. What is required now is for organisations to simply re-orient the way they view cybersecurity and actively fight with the right weapons to maintain a stronghold in their sphere of control.