Skip Ribbon Commands
Skip to main content

News Details

​​​

​Combating cybersecurity threats is a shared responsibility

Published on: 15-Nov-2018

This year's cyber attack on SingHealth has elevated the threat of cyber crime quickly into mainstream consciousness among those living in this global, hyper-connected city. And as cyber attacks become a boardroom matter, there is an urgent need for professionals to be equipped with the right knowledge to navigate this multi-dimensional risk. It's time for academics and industry to work together more closely to fight this complex threat.

To fully appreciate the current dilemma, it's important to first understand the complex cyber crime landscape.

As the world becomes increasingly digital, data is the currency that powers it. Companies utilise big data to gain insights into target audiences, optimise processes, make important business decisions and ultimately increase profits. By placing such importance on data, we create a strong incentive for bad actors to build an industry of cyber attacks exploiting this data. 2017 saw an unprecedented number of hacks, leaks and data breaches in Singapore with an increase predicted for 2018.

Particularly when pitted against small to medium-sized enterprises, hard pressed to staff internal cybersecurity teams, the attackers are conversely well-funded, organised and resourced. These attackers are becoming increasingly creative in their methods with no two attacks the same. They spend time researching a specific target and developing tailored malware technology aided by incredible technological advancement and driven by an increasingly deep understanding of human nature.

ACADEMIC-INDUSTRY COLLABORATION

For business schools to effectively prepare students to quantify and manage cyber risk, academics must combine technological know-how with real-world insights. And this means collaborating with corporations more closely than ever before. Yet, there are roadblocks to be addressed first.

Businesses are on the frontline when it comes to the multi-dimensional world of cyber crime and their first-hand experiences can help academics keep their research and curriculum ahead of the curve - if they communicate with each other.

But they are also primarily driven by profit margins, looking at what solutions will bring maximum results with minimum resources. Monitoring, projecting and reporting real-world cyber risk cases, data, trends and observations back to academia takes time.

Meanwhile, academic institutions have long been hampered by restrictions around research tenures and paper topics standing in the way of innovation.

To successfully fight this growing global threat in Singapore and around the world, we must incentivise businesses to share their insights - the exploding number of incidents of cyber crime should do this - while empowering academia with the funding and support needed to apply a broader, more informed and long-term view to the challenge.

Academics tend to look at cyber risk from the ecosystem lenses, as opposed to individual company vantage point, and thus, academic research can help offer insights in countering cyber crime. As a case in point, the global cost of cyber crime (which may be as much as US$600 billion per annum), can be viewed as the multiplicative product of three components, namely the number of threats, vulnerability and monetary impact.

However, most firms are investing only in addressing their own vulnerability, rather than containing the rising number of cyber threats. Nanyang Business School research makes a case for closer collaboration between the private sector and law enforcement agencies in containing the number of threats and in pursuing cyber criminals in recovering financial losses.

CYBERSECURITY BEYOND THE IT DEPARTMENT

A cyber breach is nearly always considered a job for the IT professionals and this is exactly the mentality we need to change. The senior management within a company must not see cybersecurity as solely an IT issue, but as a vital part of corporate risk management. Senior management and the board must understand the threat landscape, the geopolitical climate and data protection strategies.

Responsibility must also be extended to every single employee. One single careless employee is an open door for hackers to exploit. If you were preparing for an imminent storm, you wouldn't barricade all the doors and leave a window uncovered.

With the cyber landscape evolving at an astronomical rate, it's important that the curriculum stays ahead of the curve. It's only by working in close collaboration with industry experts that academics can appropriately shape the cyber defence generation of tomorrow.

In August, Nanyang Business School introduced a module that addresses these issues, marrying the real-world business and technological aspects of cyber risk. The module not only covers the basics, highlighting all the different types of threats but also teaches analytical skills, how to quantify the issue and better manage the risk.

For Singapore to continue as a leading financial centre, investor confidence needs to be assured. A key aspect of this is supplying the market with well-equipped professionals who can approach the evolving and multi-faceted risks facing today's corporations. In the case of cyber crime, academics and industry bodies need to come together for us to have a chance of combating this omnipresent threat.

The writer is professor of banking & finance and director of Insurance Risk and Finance Research Centre at Nanyang Business School, NTU Singapore.

Back to listing

Not sure which programme to go for? Use our programme finder
Loading header/footer ...