The WEF Global Cybersecurity Outlook 2024 reveals a divide between those who are resilient and those who aren’t. Emerging technologies will only widen this gap. Vivek Gullapalli, former global CISO for APAC at Check Point Software Technologies (now Group CISO with FWD Insurance) opines that in the digital world, most “everything is highly interconnected, with the seemingly singular exception of cyber security, which remains locked in isolation, and bridging this gap will be critical to business success.
At the CPX 2024 APAC event, FutureCISO caught up with Sharat Sinha, president of APJ at Check Point Software Technologies, who explained that cybersecurity incidents continue to occur because the attacks evolve continually even as the volume rises.
He reflected on the present-day hybrid work environment which implies the use of collaboration tools as well as the use of the cloud – these have expanded the vectors of attack.
He called out the latest Check Point intelligence report which revealed that an average of 15,199 attacks against enterprises occur weekly, with 50% coming in from the web.
Passing the buck
The debate on who is responsible for implementing or managing cybersecurity safeguards continues. Most experts say cybersecurity is everyone’s responsibility. While this truism still holds today, the reality is that organisations, including those in the public sector, want to be able to point to one person who will oversee driving a security strategy from inception to deployment to when it needs to be revised to reflect the conditions of the times.
While CIOs oversee the overall IT strategy, infrastructure and alignment with business objectives, the rise in high-profile cybersecurity attacks suggests a need for a specialist leader to take charge of the role.
Sinha concurs adding that the primary job of the CIO is to enable applications and enable IT infrastructure to get the productivity gains to get the profitability that should come by creating those productivity gains.
“Contrast this to the CISO whose job is to make sure that the infrastructure does not get breached,” said Sinha. Gartner says successful cybersecurity leaders concentrate their efforts on supporting mission-critical priorities across the company while reducing risk. But to do that, they need a broad scope of abilities and proficiencies to be effective in a role that continues to diversify.
Sinha says that when it comes to security, it is a partnership between the CIO and CISO. “One job is to enable; the second job is to protect. And they should work together so that it is enabled to the advantage of the enterprise without being exposed to the risk associated with cyber threats,” he concluded.
Consolidation and complexity
A typical cybersecurity stack includes perimeter security, endpoint protection, information security, authentication protocols, backup and recovery, and network monitoring. The stack includes software, hardware and processes that come together to provide layers of protection from detection, prevention, and response.
The Threaters 2023 Security Stack Insights Report revealed that budget controls remain the primary reason for containing the number of security tools and services organisations used in their security stack (see Figure 1).
Figure 1: Number of security tools and services in the security stack in 2023
While no one disputes the importance of staying ahead of modern threats and threat actors, given the shortage of experienced, skilled security professionals, there may be solid grounds for simplifying security strategies if that is possible.
At the CPX 2024 APAC event, one of the messages proposed by Check Point centred on consolidation. Sharat clarifies that the consolidation proposed is not around limiting the security technologies in use, but rather the sources of such tools and services.
“At Check Point, for example, we provide solutions that incorporate the traditional infrastructure. So, network security, cloud and endpoint security, and mobile security, including IoT security, can all be integrated as a common infrastructure platform with centralised management, which gives you full visibility, which is also tied to threat intelligence, which is common to all,” he explained.
He claims this (strategy) gives the organisation a good level of protection and a consolidated architecture to look after it.
The art of prioritisation
Sinha says different businesses and industries prioritise differently. The leaders at these organisations tend to focus on what is strategic to the business. Each function needs to juggle the priorities and purpose of the role and the goals of the business.
Sinha acknowledges that CIOs and CISOs are business leaders, not just functional ones – meaning they should look at what is more strategic and critical for their business.
“Those assets, including people responsible for these, should be brought into the framework of protecting it from a cybersecurity perspective. The organisation should prioritise those critical assets and resources,” he explained.
Sharat Sinha
“Also, I think identity access and management is critical for enterprises. Enterprises must very clearly identify which person should have access to certain resources, and make sure that that is fully protected, including the device that is utilised to access those resources.”
Sharat Sinha
Click on the PodChats player to hear, in detail, Sinha’s perspective on the region’s cybersecurity landscape, its leaders’ concerns and some options for moving forward.
How has cybersecurity in Asia evolved since the end of the pandemic?
As I understand it, cybersecurity is now an all-of-enterprise concern. And yet, different personas view their involvement and responsibility differently. Among leading organisations in Asia, what is the best practice when it comes to ensuring participation in cybersecurity matters?
Given the increased concern around escalating costs (particularly in the use of cloud and now AI), how should CISOs work with CIOs and CFOs to better manage the rising cost of cybersecurity?
Given the many options and pathways to securing the business, what is your advice for CISOs and Boards looking at their cybersecurity options in 2024 and beyond?
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
