President's Message to ITMA Members

Category: Blog Created: Monday, 30 May 2016 Published: Monday, 30 May 2016

Posted by Alvin Ong on May 30, 2016

When is too much not too much?

As I browsed through my stable of to-read IT magazines this week, one topic consistently jumped at me through the headlines and pages. Indeed, many of us have become inundated with it, albeit too much coverage on it. You are right! It is cyber security. Whichever magazine you might have read lately, whether ComputerWorld, Healthcare IT News or CIO Asia, cyber security is the HOT topic now.  Mainstream media also increasingly report cyber security incidents involving millions of dollars being stolen from a Bangladeshi bank by cyber hackers, computers of certain US healthcare institutions being compromised with ransomware and then having to fork out undisclosed sums of money to retrieve their data.

Back home, the Nanyang Polytechnic's top graduate, Rayden Chia, is the first to receive multiple offers from top USA universities such as MIT and Harvard into their degree program. The fact that not many might take notice of – Rayden graduated with a diploma in Information Security, now renamed as Cyber Security and Forensics. No individual or corporation is immune from the omnipresence and consequences of cyber security.

In the IT vendor space, there are so many new start-ups in cyber security. Even established IT security companies are reinventing themselves as a fully integrated end-to- end cyber security solution provider. It seems no one wants to miss the big party. Our local telcos, defence contractors, Institutes of Higher Learning and a management consultancy firm are also jumping into the bandwagon with significant announcements of strategic alliances this month.

My personal journey with cyber security started back in 2011 when one of my learned board members asked me whether I have a cyber security strategy. My goodness! Then, it wasn't even in my lexicon and all I knew were the usual anti-virus, end-point protection, firewalls and intrusion prevention system. That question jolted me out of my comfort zone and I quickly educated myself.

It was also when I started to familiarise with the myriad of acronyms such as APT, DLP, NAC, SIEM, etc. Three months from that meeting, I curated enough knowledge and presented a cyber security roadmap to my IT Committee.

I am glad that there is now national attention to this important area of cyber security. Instead of being fearful of being inundated by information overload, it would be essential to learn and understand the nuances. Many boards are now cognizant of the potential crippling effects of a cyber attack on their corporation's critical IT infrastructure and the resulting reputational harm. To address this risk, some companies are now starting to hire a new category of professionals, the CISO (Chief Information Security Officer). In a majority of companies, the CIO is now tasked with this additional unenviable responsibility of overseeing cyber security risks and strategy.

To kick off the first in the series of "Good Morning CIO! Breakfast Talk" in this new term, we have chosen the hot topic of cyber security. I am grateful that Mr Chai Chin Loon, the government's CISO, has accepted our invitation and will be sharing his vast experience in this area with fellow CIOs in a closed door forum. At the risk of sounding ad nauseam on the topic of cyber security, please share your thoughts on cyber security at the event too. In such perilous times, information overload is appreciated.

Contributed by

Alvin Ong
ITMA President (2016)
30th May 2016

Hits: 830