The cybersecurity landscape continues to evolve at a breakneck pace, especially in Singapore and across Asia Pacific. The recent amendments to Singapore’s Cybersecurity Act signal a proactive approach to safeguarding critical systems and enhancing regulatory oversight. Yet, challenges remain. According to a report by the Cyber Security Agency of Singapore (CSA), over half of IT leaders are concerned about the risks posed by generative AI (GenAI), emphasizing the delicate balance required to harness its benefits while managing its threats.
Globally, the stakes are rising too. With cybercrime costs projected to reach $12 trillion by 2025, businesses must adopt more resilient and innovative strategies. Reflecting on 2024’s trends reveals crucial lessons for fortifying defenses in this increasingly complex environment. Cybersecurity has, undoubtedly, become a business imperative, with enterprises more invested than ever in staying ahead of the curve. So, as the year winds down, it’s time to evaluate how these trends have unfolded and what the future holds.
The dual-edged sword of GenAI
Generative AI (GenAI) is one of the hottest topics in tech, with applications across industries. In cybersecurity, GenAI offers remarkable potential for automating tasks like threat detection, incident response, and vulnerability management. Particularly exciting is AI-enabled incident response, with ‘virtual analysts’ mimicking human actions to respond faster and more efficiently.
However, GenAI is not without risks. Attackers have weaponized the same technology, using it to develop sophisticated phishing campaigns and advanced malware. This dual nature calls for a careful approach to AI adoption, focusing on privacy safeguards to ensure sensitive data remains protected. We must balance leveraging the benefits of AI while addressing its risks, with privacy being a top priority to ensure AI systems protect sensitive data.
From metrics to accountability
Outcome-driven metrics have gained traction as organizations look to measure the return on their cybersecurity investments. While not new, the approach has become more crucial. We’ve had many conversations with customers, exploring and explaining ROI on their security investments. Key metrics like reduced mean time to detect and respond, and false-positive reduction rate, help measure success.
However, the challenge lies in translating technical metrics for non-IT leaders. For example, rather than discussing technical jargon, framing MTTD as “the time taken to spot potential threats” resonates better with leadership teams. High-profile incidents, such as outages impacting critical systems, underscore the importance of aligning cybersecurity narratives with business priorities to foster executive accountability. High-profile cybersecurity issues such as the recent CrowdStrike outage demonstrate the importance of communicating strategies and situations clearly in the boardroom.
Reducing human risks – A cultural shift
Cybersecurity is as much a human challenge as a technological one. Gartner’s call for human-centric security design aligns with our long-held belief; that most breaches stem from human error, whether misconfiguration or phishing. At Tata Communications, we’ve fostered a culture of cybersecurity awareness through comprehensive employee training.
Security responsibility must extend beyond the Chief Information Security Officer (CISO) to every business unit. By embedding security champions across departments, organizations can decentralize efforts, making each team accountable for its own security, alleviating pressure on leaders, and addressing the skills gap.
Addressing third-party risks: An inevitable concern
Third-party vulnerabilities are a growing concern in today’s interconnected ecosystem. In today’s hyper-connected world, no business operates in isolation. Singapore’s position as a global trade hub highlights the importance of addressing supply chain risks. Whether it’s software, services, or hardware, due diligence is only part of the solution. Supply chain vulnerabilities – whether in software, services, or hardware — pose significant risks. The key to mitigating these risks lies in not just front-loaded due diligence but in ongoing, resilience-focussed investments.
At Tata Communications, we conduct continuous third-party assessments, ensuring vendors adhere to rigorous security standards. Still, no system is foolproof, and strong internal controls are essential to minimize the damage from third-party vulnerabilities.
The promise (and limitations) of continuous threat exposure management
Gartner predicts that by 2026, organizations prioritizing security investments based on Continuous Threat Exposure Management (CTEM) could reduce breaches by two-thirds. While proactive, continuous threat evaluation holds promise, it’s important to stay grounded. Phishing remains the leading cause of breaches, and it’s unclear how CTEM will address this human-centric issue. Still, equipping organizations with the tools to better understand their external vulnerabilities will be crucial for strengthening security.
Identity-first security and the rise of zero-trust
With Singapore’s digital economy contributing approximately S$113 billion to the nation’s GDP in 2023, the need for secure digital infrastructure has never been greater.
Identity is the new perimeter. With users accessing data from multiple locations and devices, robust identity and access management (IAM) is vital. Zero Trust architecture, requiring continual user identity validation before granting access, is key to this strategy. We encourage integrating IAM across infrastructures for a seamless, secure user experience while ensuring stringent protection.
Behavioral analytics is also critical to Zero Trust. By monitoring user behavior continuously, we can detect anomalies and challenge suspicious activity, reinforcing Zero Trust principles.
Cybersecurity is no longer just about protecting systems – it’s about preserving trust. As industries integrate IT with legacy OT systems and embrace new technologies like GenAI, the complexity of threats continues to evolve. As we look ahead to 2025, organizations must embrace proactive strategies that prioritize resilience, adaptability, and trust.
Vaibhav Dutta is the Associate Vice President and Global Head-Cybersecurity Products & Services at Tata Communications.
Vaibhav has around 22 years of experience in multiple functions including product management, engineering, business development, practice COE, solution design and strategy advisory. He has a rich domain experience across all sub-areas of cybersecurity. He has been a pioneer in creating various managed security service offerings and frameworks during his tenure with one of the leading GSI’s around Threat Management, Identity Management, and OT Security. Vaibhav is recognized as a thought leader in the industry owing to his work with various advisors’ communities and analysts. In his current role at Tata Communications, Vaibhav leads Strategic ventures for Cybersecurity Business including New Product & Service Initiatives, Analyst Relations, New Investment & Market Exploration, and more.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.