Table of Contents Table of Contents
Previous Page  52 / 60 Next Page
Information
Show Menu
Previous Page 52 / 60 Next Page
Page Background

48

Cybersecurity in ASEAN: An Urgent Call to Action

Given the current level of readiness of individual ASEAN countries and the magnitude of change

needed along with the inherent complexity of creating a coherent region-wide approach, a system

based on loose collaboration of national authorities and voluntary exchanges is unlikely to be

enough. Only a radical agenda and a stance of active defense withmulti-stakeholder engagement

can defend the region and capitalize on its collective resources.

Source: A.T. Kearney analysis

Figure

Action agenda for board and CISO stakeholders

Elevate cybersecurity

on the corporate

agenda

Call-to-action agenda Corporate board

CISO

Establish a group-wide cybersecurity

strategy, governance, processes,

and culture

Implement information security

management system compliant with

ISO 27001

Establish working de…initions for high-value

assets, and identify primary threat vectors

Table cybersecurity as a crucial board

of directors’ agenda item

Establish the CISO as an independent

function with board-level reporting

Secure a sustained

commitment to

cybersecurity

Benchmark and track cybersecurity

spend vs. IT budget

Set up and monitor cybersecurity

metrics on a regular basis

Conduct cyber risk posture assessments

Review opportunities to trim security

product portfolio

Conduct regular scenario analysis

of value-at-risk

Set up a cybersecurity

investment framework

Embed a value-at-risk mindset in

decision making

Fortify the

ecosystem

Engage with peers in and across

sectors to share threat intelligence and

best practices

Extend cybersecurity policies and

processes across the supply chain

Participate in industry alliances with

speci…ic focus on emerging threat vectors

Instill a risk-centric culture

Build the next wave

of cybersecurity

capabilities

Engage in capacity and capability

building initiatives

Interface with academic institutions to

design curricula and programs aligned

with industry needs

Explore investments in emerging security

technologies, such as arti…icial intelligence

and blockchain

Elevate cybersecurity capacity building

as a strategic imperative

1 47 48 49 50 51 52 53 54 55 56 57 58 60  FlippingBook