Updated: Nov 2
Cybersecurity will remain a leading issue as global growth and expansion of companies rely on digital technologies. According to Frost and Sullivan, the top cybersecurity challenges faced in Singapore include resourcing and skills, balancing regulatory requirements and customers’ needs, and lack of budget.
The pandemic has shown us how interconnected all businesses are and how increased digitalisation has thrust the global population onto a new trajectory of cyber threats and attacks. Collectively, 281.5 million people have been impacted by a data breach in 2021, while cybercrime costs companies $1.79 million per minute, demonstrating the across-the-board impact of today’s cybersecurity landscape.
Here, we identify key trends in the evolving and at times unrecognisable cybersecurity space, areas in which the Centre for Cybersecurity takes great pains to develop in our professional training.
The cybersecurity talent shortage will worsen
Cybersecurity professionals today face a pressing talent shortage that will only worsen over the next few years. As cybercrime risks rise, so will demand for these workers, but this workforce segment isn’t growing fast enough to keep up. While one study revealed that 700,000 people joined the industry in 2021, that same study indicates that the world still needs 2.7 million more.
This skills gap could exacerbate the lack of cybersecurity knowledge that already plagues businesses. In a recent survey, 67.6% of cybersecurity professionals said they often have to educate their companies on proper security practices. With ignorance being such a prominent challenge, businesses may be slow to realise they need to attract more security workers.
Cybersecurity can also be challenging to break into thanks to its high technical requirements and continually evolving landscape. As a result, the profession will likely grow slower than it needs to. At the Centre for Cybersecurity, we provide the relevant mix of technical, communication and industry-focused skills in order to break into the professional landscape with ease and adaptability.
Elevation of cybersecurity to the executive level
According to an October 2021 UncommonX report, 60% of midsize organizations reported suffering a ransomware attack over the course of the previous 18 months prior to its publication. The even more staggering finding was that even after these devastating attacks, 70% of these organizations had not prioritised cybersecurity, and only 35% had conducted a risk assessment in the past year. Additionally, many lacked a chief information security officer (CISO) or otherwise dedicated person whose responsibility is security/cybersecurity, even though phishing and ransomware attempts had been on the rise. As a result, IT bears most of the responsibility, even when they might not have the capability to effectively manage it. At the Centre for Cybersecurity, we train our young professionals to identify if an incident or breach is affiliated to business operations, reputation or risk and work with an appropriate team member or leader to help manage the issue.
The Internet of Things will create more fractures in the Web
As well as becoming increasingly widespread, in 2022 the IoT is also getting more sophisticated. Many organizations are now engaged in the development of "digital twins” – comprehensive digital simulations of entire systems or even businesses. These models are often connected to operational systems in order to model data gathered by them and may offer a treasure trove of data and access points to those with nefarious intentions.
In 2022 we will undoubtedly continue to see attacks on IoT devices increase. Edge computing devices – where data is operated on as close as possible to the point it is collected – as well as centralised cloud infrastructure is all vulnerable. Education and awareness are two of the most useful tools when it comes to protecting against these vulnerabilities. Any cybersecurity strategy should always include a thorough audit of every device that can be connected or given access to a network and a full understanding of any vulnerabilities it may pose. At the Centre for Cybersecurity, our mission is to groom practitioners well versed from open source intelligence to forensics, so as to detect the more sophisticated and advanced range of cybersecurity hacks to come.
Cryptocurrency has given emergence to a new era of cybercrime
The growth of cryptocurrency in cybercrime has coincided with the rise in ransomware. Nation-state cyber activity has become more brazen and sophisticated, threatening government agencies, critical industries and even everyday businesses and organizations, which often have few resources to combat malicious cyber activity.
New changes in organisations and the future of work
With all the changes and forces at work, organizations are becoming overwhelmed. They have too many security solutions to monitor and cannot keep up with the demand for alerting and mitigation. In the future, by necessity, companies will look to consolidate their cybersecurity vendors and seek to get security tools and services from fewer sources. A recent IBM study found that, on average, companies use 45 cybersecurity tools in their networks. With the cybersecurity tech stack spiraling out of control, organizations will look to simplify their approach and work with security providers that can consolidate the greatest number of services under one umbrella.
Finally, and perhaps most overdue, cybersecurity will finally gain a seat at the board table and see a marked shift around organisational playbooks. Specifically, from a risk management activity perspective, companies will move from a focus on asset protection to a focus on loss prevention. They will invest in loss prevention capability, bringing in data security and protection officers and bulking up their security teams. Executives and board members will also likely become more involved in cybersecurity as the need will only intensify in the coming years. At the Centre for Cybersecurity, we will maintain a focus on delving into cybersecurity leadership training through a mix of structured programmes and interactive training.
Cloud sovereignty to create new security demands
In an increasingly multi-cloud world, traditional perimeter-based security approaches have become obsolete. It is likely that cyber security challenges will become even more demanding as cloud services become more granular and subjected to national and local regulations.
Alibaba is expanding its cloud business with new datacentres opening in South Korea and Thailand and Amazon Web Services and Google Cloud have datacentres already set up in Singapore and Indonesia. As more of these sovereign cloud initiatives emerge, we predict organisations will require an increasing awareness of regional security requirements. Understanding in-country security requirements is a pivotal part of cybersecurity education, and a core of what we build into our curriculum.
“Anywhere work” less prevalent
Despite the growing adoption of hybrid work, just 40% of firms in APAC will make anywhere-work permanent, compared with 70% globally, according to a study by research firm Forrester.
This is due to region-specific pressures which will force 60% of APAC firms to prepare to bring the vast majority of workers back to the office full-time.
In the manufacturing industry, only 34% of workers in the region’s large manufacturing sector can work anywhere while outsourcing firms with purpose-built secure campuses and high-availability facilities won’t be able to provide the same level of service in remote locations with poor infrastructure.
Firms operating in APAC need a region-aligned anywhere-work strategy that balances employee expectations with the feasibility of hybrid work approaches. At the Centre for Cybersecurity, we develop case studies and interactive learning that simulates the realities of hybrid remote working, preparing professionals for a career of mobility and evolving expectation.
Future of job growth will be cybersecurity-focused
As threat actors never stop looking for new vulnerabilities and attack methodologies, companies can’t rest on their laurels and need to invest in talent, learning and development. People, processes and technology all need to be addressed in today’s modern enterprise with the support of senior management. These include cybersecurity awareness programs, governance, risk and compliance tools, and cyber drills.
Contemplating a switch to a dynamic and rewarding cybersecurity career or a more specialist role? Contact CFC to get started on your cybersecurity journey.