In the blink of an eye, the Covid-19 pandemic has changed the way people worked, lived and learnt. Organisations accelerated digitalisation of business processes to enable employees to access corporate data when they worked from home.
More importantly, digital services kept customers engaged. Business processes went digital in weeks instead of years. That is the good news.
The bad news is that digitalisation also increased the cyberattack surface. Exacerbating the situation is the rising geopolitical tension and the Ukraine war. Goverments have been attacked, supply chains disrupted and consumers scammed.
In such a situation, organisations have to continually focus on strengthen the defence perimeter and educate their stakeholders on cyber hygiene, said Mihoko Matsubara, chief cybersecurity strategist with Japanese telecommunication company, NTT Corporation.
No one organisation can build the defence perimeter well. It should be a collaboration between governments and the private sector who need to work together to build stronger cyber defence systems, she added.
Matsubara is a recognised cybersecurity leader who initially worked for Japan’s Ministry of Defence, followed by stints in the private sector with Hitachi Systems, Intel and Palo Alto Networks. She has published papers in professional cybersecurity journals and is a sought-after speaker in major information security events.
In a Q&A with Techgoondu, she spoke about public and private sector collaboration to combat cyber crime and disruptions to supply chains, getting more women into the cybersecurity industry and what keeps her awake at night.
Q: Cyber attacks will still occur despite efforts by organisations to build a strong defence capabilities. How can organisations prepare for cyber attacks?
A: During he pandemic, organisations have digitalised business operations. It has been challenging for organisations to keep up with patching software and putting in solutions. There is no perfect cybersecurity solution. The defence perimeter for organisations is also always changing because users and customers are logging in from different locations.
So it is getting more challenging and important to have a strong cybersecurity strategy for our brand and to ensure good customer experiences.
Organisations should have continuing cyber hygiene education for employees and stakeholders. Studies have found that people generally forget the cyber hygiene steps after six months.
I would say, cyber hygiene education must be introduced for employees and stakeholders at least twice a year. At the same time, give the update on the latest tactics by cyber attackers to create greater awareness.
The key word for organisations is resiliency. This means organisations also have to enhance cyber defences, the approach must be practical, makes good business sense and not onerous to deploy.
Forward planning is also critical. Regular cyber exercises should be held and there must be good incident planning so that the everyone knows what to do in the event of an attack. Hence, it is important to include the cybersecurity engineers, business executives, communications specialists and legal resources in such exercises.
Q: There is growing concern of supply chain disruptions due to cyber attacks, especially when there are now more suppliers and service providers with access to sensitive data. How can organisations protect themselves?
A: More major global companies are incorporating cybersecurity defence into contract documents with their main suppliers, to assure themselves that their suppliers also take cyber defence seriously.
Now, they cannot go all the way down the supply chain, demanding that their suppliers’ service providers and sub-contractors must also have the requisite cyber defence.
I would urge governments to take leadership in this area to create domestic and international global supply chain cybersecurity management to tackle this challenge.
Q: You have been a trailblazer in cybersecurity, a good role model for women aiming to get into this industry. What advice would you give for women interested in joining this industry?
A: I think it is important to have champions and mentors to help you in your career journey. Champions who can recommend you to senior management and mentors who can guide you to be better managers.
They need not be in the cybersecurity industry and not necessarily be senior executives. They can be friends from your own generation who can help you widen your network or give work advice.
Of course, women must always have self-confidence, to speak out and to put up their hands for new projects, instead of always be in their comfort zone.
Q: What keeps you awake at night?
A: That is an interesting question. I think about how to make my cybersecurity story more intriguing for everyone. Let me give you an example.
This is the story of an Australian financial institution. During the initial days of the pandemic and working from home, the CEO fell victim to spear phishing. Cyber attackers got into the corporate network and stole money. Ultimately, the company went bankrupt.
So the story I shared with my management and colleagues is that while it’s good to allow workers the flexibility of working from home, they must also understand that cybersecurity is very important and that they must continually create awareness for them.
