Leading up to the Asia-Pacific Community Meeting in Bangkok, Thailand, keynote speaker Chalee Vorakulpipat shares insights on cybersecurity challenges in the Asia-Pacific region.
You are the head of Cybersecurity Laboratory, National Electronics and Computer Technology Center (NECTEC) in Thailand. What are some unique cybersecurity challenges that face the region?
Chalee Vorakulpipat: There are two challenges. First, it is about cybersecurity awareness. People in this region lack education in cybersecurity, probably due to budget limit for the training. Second, policy/regulation enforcement is challenging. Most organizations have their own cybersecurity policy, but do not know how to enforce. What we can do now is to try to promote the cybersecurity awareness program in the school curriculum as soon as possible. It is good for students to understand it when they are young. Once awareness is created, enforcement may not be the issue.
PCI Standards advocate for businesses establishing a security awareness program. Why is it important for organizations to have a such a program in place?
Chalee Vorakulpipat: Security awareness in all levels of people should be created at the earliest stage of security program. In particular, management must be the first group of people who have awareness, because management will be responsible for initiating security policy, approving budget for security program, etc.
What are common missteps when implementing a security awareness program?
Chalee Vorakulpipat: The same security awareness program is designed and implemented for all levels of employees. Different people need different program such as training for management must be different from this for new comers. Also, the program is implemented without the approval from the management; that is bottom-up approach. In fact, all security program must be conducted using the top-down approach, involving management at the initiative stage.
Why should organizations shift their mindset from believing that security is just an IT issue to realizing that security is a business priority?
Chalee Vorakulpipat: Now, security is implemented based on business objectives. The objective of information security implementation is to protect information assets. Therefore, people who implement security must be aware of what information assets in the organization are, how much important they are, what the impact will be if the information assets are lost. That is, they must realize the business objective first.
What is the one key takeaway you hope attendees will come away with after your discussion?
Chalee Vorakulpipat: Top-down security awareness is all about security.
Learn more from global payment security experts at the next community meeting: