SINGAPORE: CEOs and other decision-makers should be held accountable whenever a cybersecurity breach takes place, said Mr David Koh, chief executive of the Cyber Security Agency of Singapore (CSA) on Tuesday (Sep 18).
He observed that they “have not been held accountable” partly because such incidents are seen as a technical issue.
AdvertisementThe boards of these affected companies have also not held CEOs responsible, Mr Koh added in comments made at a panel session held in conjunction with this year’s Singapore International Cyber Week conference.
His observations were shared by Mr Md Shah Nuri, chief executive of Malaysia’s National Cybersecurity Agency. In Malaysia, cybersecurity breaches are also regarded as a technical, rather than management, issue, the executive said, adding that companies tend to call his agency for assistance only after becoming victims of online attacks.
“We can move the needle” on the number of cyberattacks faced by organisations only when accountability is taken by the leadership at the most senior levels, Mr Koh said.
[h=3]READ: Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee's data targeted[/h] AdvertisementAdvertisementIN NEED OF “GENERATIONAL BOOTSTRAPPING”
He also said that cyber hygiene is “not being done sufficiently” today and there is a need to get the basics right. Cyber hygiene refers to basic practices such as enabling two-factor authentication when available, managing passwords securely and not clicking on suspicious Web links.
As an example, he cited phishing emails which play on human’s greed.
“The gap we have is in education; people don’t have the instincts for cybersecurity,” Mr Koh said.
“Our parents didn’t teach us the basics of cybersecurity when we were growing up … and we will need generational bootstrapping (to address this).”
Let's block ads! (Why?)
More...