"SMEs: Are You Cyber Safe" – Huawei and AiSP held a joint webinar to discuss SME cybersecurity
On 1 April 2022, Huawei and the Association of Information Security Professionals (AiSP) held a joint webinar session, themed "SMEs: Are you Cyber Safe". This webinar session was supported by the Cyber Security Agency of Singapore (CSA).
This panel session moderated by Mr Dennis Chan, Country Cybersecurity and Privacy Officer of Huawei International, brought together a group of cybersecurity experts, including Ms Veronica Tan, Director, Safer Cyberspace, Cyber Security Agency of Singapore (CSA); Mr Johnny Kho, President of Association of Information Security Professionals (AiSP); Dr Liu Yang, Professor at Nanyang Technological University and Co-founder of Scantist; and Mr John Yong, Senior Advisor of Huawei International and Institute of Technology, and Board member of SATA CommHealth. The panelists shared their perspectives and recommendations on how SMEs can improve their cybersecurity posture to protect their businesses and employees.
The session covered the following topics:
1.1 What governments can do to raise awareness of cybersecurity of enterprises (SMEs)?
Speaker: Ms Veronica Tan, Director of Safer Cyberspace, Cyber Security Agency of Singapore (CSA)
In her speech, Ms Tan had shared that the government could play three roles: as a strategist, an enabler and an orchestrator. A good example of this is CSA’s recent launch of cybersecurity certification - Cyber Essentials and Cyber Trust mark – for organisations. With the push of the pandemic, many businesses have gone digital, increasing the risk of cyber incidents, making it paramount for SMEs to ensure that cybersecurity remains top of mind to manage risks.
“Over the past two years, the cyber industry has seen an increase in supply chain attacks. Organisations are now more aware, and raising concerns about potential attacks arising from third-party suppliers and partners. As such, the cybersecurity certification creates a visible label for enterprises to demonstrate that they have put in place a set of cybersecurity practices and are in a way, “cyber safe”,” said Ms Tan.
This certification programme will help businesses to change the way cybersecurity is thought of, making it a competitive edge instead of a compliance cost.
1.2 How industry associations raise awareness of cybersecurity of enterprises (SMEs)?
Speaker: Mr Johnny Kho, President of Association of Information Security Professionals (AiSP)
“Rapid digitalization has increased the demand for cybersecurity. An industry associations’ key priority is to create awareness about cybersecurity, to work with its members not only to stay aligned but also to better the cybersecurity strategies being implemented, which will in turn, enable the larger digital business ecosystem,” said Mr Kho.
Cyber Security Awareness initiatives like AISP CAAP (Cybersecurity Awareness and Advisory Program) have provided a complete cycle perspective to SMEs’ where vendors solutions are mapped to the key cybersecurity areas and even accreditation like the CSA Trust Mark, where one can assess how cyber safe one is. From an association’s perspective, as part of the larger ecosystem, we are doing the outreach for members and trade associations; and, at the same time, working closely with government agencies, and connecting the vendors providing a linkage with SMEs; ultimately forming a bridge between the government initiatives and the respective market segments.
1.3 How SMEs can kickstart the cybersecurity journey
Speaker: Dr Liu Yang, Professor at NTU and Co-founder of Scantist
“The more we embrace digital, the more cybersecurity efforts are needed, which is especially relevant during this pandemic as more enterprises have shifted online. However, looking at cybersecurity, we have seen that the battle has already shifted from the traditional network and infrastructure security to application security as most SMEs/companies are moving their solutions to the cloud – this makes it crucial for SMEs to ensure that applications running on top of the cloud are secure,” said Dr Liu.
Most applications work by leveraging open-source components in their code. Based on statistics, approximately 99% of these applications use open-source code components, with 60% to 90% of the code being open-source. This means that most of the code in such applications can be readily found online. The real challenge that SMEs may face when dealing with such vulnerabilities is a lack of the right resources or a lack of a large/sufficient budget dedicated to the cybersecurity segment of the business – this is where collaboration comes into play.
Three things that SMEs can consider to solve these challenges are to firstly, use an effective supply chain detection software such as software composition analysis tools like Scantist’s Dependency Track which is free. These tools enable enterprises to sift out vulnerabilities and fix them in time. Secondly, SMEs need to adopt the new idea of software build material whereby enterprises need to understand the components and compositions within their software solutions. Lastly, SMEs can adopt or curate their own open-source policies to ensure that they are following cyber safe practices.
1.4 What do SMEs really need
Speaker: Mr John Yong, Senior Advisor of Huawei International and Institute of Technology, and Board member of SATA CommHealth
Small-medium enterprises often question if cyber risk applies to them. Over the past year, two-fifths of SMEs were impacted by cybersecurity issues while three-fifths of SMEs were yet to encounter or unaware of these issues. While recognizing and rectifying these risks are difficult, SMEs need guidance to understand how to address these situations and how these risks could impact their business. Today, with multiple free resources available online, SMEs should not ignore such a cyber risks and to seek helps from resources available.
“Another challenge faced by SMEs is the resources and budgets needed to mitigate these cyber risks. They need to allocate a percentage of their budget for cybersecurity. Given deeply the digital landscape depends on IT, no less than 10% of the IT budget should be spent on cybersecurity. SMEs should also look at various vendors which are trust marked and investigate whether these trusted vendors have the competencies to deal with both data protection and cybersecurity protection, and have the features needed by these vendors.” said Mr Yong.
Today, more businesses are leveraging the cloud. For SMEs, it helps to find a cloud service provider that is certified with cyber trust marks. While many cloud providers now offer affordable, reliable and safe options, SMEs need to seek the right partner that is the most suitable for their business needs.