In an era where digital transformation and evolving cyber threats shape the modern business landscape, cybersecurity expertise is more critical than ever. Jenny Tan, President, ISACA Singapore Chapter and a seasoned cybersecurity professional, offers invaluable insights into navigating this dynamic field. From her journey in the industry to strategies for talent development and risk management, Jenny shares her expertise on emerging trends and best practices. Join us as we delve into the complexities of cybersecurity with Jenny Tan
Could you please share about your journey and expertise in the field of cybersecurity?
My journey in cybersecurity began around 20 years ago when I started my career as a software engineer. Back then, I specialized in artificial intelligence, although cybersecurity wasn’t as prominent as it is today. About a decade ago, there was a notable shift towards a tech risk perspective, which led me to transition into roles focusing on tech risk and audit, where cybersecurity played a significant role.
How have you observed the cybersecurity landscape evolve in recent years, and what notable trends or changes have impacted organizations?
The cybersecurity landscape has undergone significant changes in recent years. Initially, cybersecurity was primarily concerned with basic network security. However, it has evolved to encompass various digital aspects. Nowadays, it’s not just about enterprise technology; organizations must consider the digital apps on mobile devices, operational technology, and IoT concepts. This complexity has made enforcing cybersecurity measures more challenging for organizations.
What emerging threats should organizations be vigilant about, and what measures can they take to enhance their cybersecurity posture?
Organizations need to be vigilant about emerging threats, and one of the critical measures they can take is to exercise caution when adopting new technologies. It’s essential to recognize that over 80% of cybersecurity breaches stem from user actions. Therefore, continuous training and awareness programs are vital. Additionally, organizations should implement Tech Risk 101 sessions before adopting new tools to ensure awareness of associated risks.
Bridging the cybersecurity talent gap is crucial. How can organizations and educational institutes collaborate to nurture the next generation of professionals?
Addressing the cybersecurity talent shortage requires a multi-level approach. Firstly, organizations should invest in training existing staff to appreciate and manage risks effectively. Additionally, providing attachment and internship programs can attract new talent to the field. Collaboration with technology associations can also help convert non-tech individuals into tech roles, complementing efforts to groom technical specialists.
Compliance with data protection regulations is a priority. How can businesses navigate data privacy complexities and ensure compliance with evolving regulations?
Navigating data privacy complexities requires a structured approach. Organizations must inventory their data landscape and assess risks based on regulatory requirements. Risk-based security measures should then be implemented, considering crown jewels and regulatory mandates. Continuous training and deploying auditors for check and balance are essential to ensure compliance.
Change management can be challenging, especially concerning cybersecurity awareness for non-technical employees. What are some best practices for organizations in this regard?
Conducting scenario-based workshops can help non-technical employees understand their role in cybersecurity. Experiential learning enables them to grasp the importance of risk management. Organizations should emphasize that cybersecurity is everyone’s responsibility, linked to their employment duties and company interests.
How do you see emerging technologies like AI and blockchain impacting cybersecurity strategies, and what opportunities and challenges do they bring?
While emerging technologies offer solutions, deploying them without understanding the associated risks can be perilous. I advocate for a right-fit approach, addressing real risks with appropriate tools. Technology can support but not solely solve cybersecurity challenges. Simple solutions may suffice, avoiding unnecessary complexity.
As the President of the ISACA Singapore Chapter, what initiatives have you led, and how do they contribute to business resilience and risk management?
We’ve introduced conversion programs to train non-tech individuals for roles in cybersecurity and tech risk. Through webinars and events, we promote knowledge sharing on emerging technologies and standards adoption. Our crisis simulation workshops aid industry professionals in enhancing crisis management capabilities.
Balancing various roles can be demanding. How do you manage your responsibilities effectively?
Time management is crucial, along with a genuine interest in what I do. Leveraging interconnected tasks and finding commonalities among roles help optimize efforts. Aligning objectives across roles enables multitasking and achieves multiple objectives simultaneously.