CIOs must now safeguard their organization’s best cyber interests, their responsibilities go far beyond managing technologies

Adrian Hia

Senior Regional Vice President, ASEAN & GCR at Zscaler

The three pillars of the zero-trust approach to cybersecurity are constant validation, eliminating implicit confidence, and minimizing threat. The adage “check, never trust” is more important than ever in the era of remote workers, hybrid clouds, and ransomware threats. 

In 2021, remote employees increased most rapidly (26% YoY) in Asia. 95% of organizations today rely on a VPN service for secure remote access as a result of the pandemic’s introduction of remote work. However, VPNs, particularly conventional ones, have basic flaws in their infrastructures that can be used by hackers to compromise networks and spread ransomware. 97% of businesses use VPNs despite being aware of the hazards and vulnerabilities they pose to cyberattacks. It is more important than ever to “check, never trust” in an unheard-of situation like this. The Zero Trust model’s guiding idea is just that. The 2022 VPN Risk Report by Zscaler examines these highlights. CIO World Asia spoke with Adrian Hia, Senior Regional Vice President, ASEAN & GCR at Zscaler, to find out more about the evolving digital economy and rising sea of data that needs to be secure. 

The function of CIOs will continue to be diversified by emerging technologies 

While keeping the lights on was what they were supposed to do on a day-to-day basis, CIOs today have far bigger tasks. Their priority now would be to put up a layer of defense to prevent attacks and reduce the attack surface. In various reports this year, we’ve seen that cybersecurity would be within the first or second top priorities for CIOs moving forward into 2023. Technology is not always about coming up with something that will prevent everything, but it’s a concurrent thing that will always need improvement as it goes.  

CIOs would have to facilitate tests such as the penetration test that has always been available as a service everywhere. With the complicated technology world offering thousands of choices, CIOs need to look at what is most important for their company and invest in that instead for the best outcome.  

The CIO would have to front the board of directors – to justify why they need to have more spending on cybersecurity and justify the ROI for the benefit of the whole company. “CIOs would also have to work hand in hand with CISOs to plan for the priorities in 2023,” said Adrian.  

Key trends CIOs will need to look out for entering 2023 

The zero-trust mentality is one of the trends Adrian predicts will persist until 2023 and beyond. Although the term “zero-trust” has just gained popularity, Zscaler has been advocating it for CIOs for years and will continue to do so. It is something that should be educated throughout the C-suite departments to understand the risks involved in data breaches. 

Before 2023, CIOs and CFOs would need to collaborate closely, especially in light of the numerous data analytics used in financial planning today. Their cooperation is useful when there is a need to find the source of finances to invest in a stronger security posture. What is vital right now is: to bring up the urgency of this investment, which includes prioritising the budget allocation of the company.  

Securing the remote workforce 

“Hybrid work is here to stay; let us all just accept that,” says Adrian. Speaking to many multinational corporations during his tenure, none of these companies mentioned that their entire team would go back to the office fully. Whether there are more subvariants from this pandemic, flexible work and hybrid work are here to stay. As a result, the CIO will need to assign his security team and network team the responsibility of being able to secure data flow from home or any place. 

Retaining & Retraining Talent 

Across all countries in Southeast Asia, not just Singapore, IT leaders need to be able to retain, retrain and acquire talent moving ahead to 2023. While there is a need to re-platform IT services, there is also a need to re-platform the people at the same time. To combat this, companies should strongly consider working with tertiary institutions to get an express pass to the fresh grads, says Adrian.  

Responding and Protecting yourself from Ransomware  

There is a need to anticipate more and more incidents to happen. With this, CIOs would need to build a very strong and resilient response team, coming back to the point of assuming that you will always be breached. The zero-trust approach should then be applied to everything and anything we do.  

In Essence 

With the growth of remote work, users may access apps from any device, from anywhere, and from both the data center and the cloud. Businesses are worried about the security of VPNs and are aiming to embrace a zero-trust paradigm for remote access. Plans to adopt a zero-trust approach have been given top priority by the majority of corporations. Adopting zero trust is essential since many organizations are ready to support a hybrid workforce and workplace flexibility.