Office Environment
Cybersecurity threats are very real. / Image credit: Pexels
Telecommunications giant Singtel has news for Singaporean companies.

“Our analysis reveals that 85 percent of companies in Singapore are not cybersecurity-ready. They don’t have a response plan nor the ability to react when something happens,” shares Charlton Ong, vice president of group human resources at Singtel.

Why are companies in the city-state so unprepared? Data from the Ministry of Communications and Information and the Economic Development Board indicate that in the last six years, Singapore has had a shortage of cybersecurity professionals.

There’s also a lack of experts with more than a decade of experience in cybersecurity, which means that companies are unable to face this crisis head-on.

How the government is responding

To address the problem, government initiatives like the Cyber Security Associates and Technologists (CSAT) program have been helping Singapore companies to enrich their cybersecurity talent pool. CSAT is a joint initiative of Singapore’s Cyber Security Agency and Info-communications Media Development Authority.

CSAT partners companies to train rookie and veteran IT professionals for cybersecurity roles.

CSAT is a part of TechSkills Accelerator (TeSA)’s Company Led Training (CLT) program, which helps people develop skills in cybersecurity, data analytics, software development, and the internet of things – four key thrusts that will eventually support projects under Singapore’s Smart Nation plan.

CSAT’s partners will provide structured on-the-job training, including in-depth classroom training, and local or overseas attachments. The aim is for trainees to eventually qualify for in-demand tech positions.

Singtel and professional services network PwC are among the partners. Tech in Asia caught up with them to find out what the best practices are for implementing this program.
Charlton Ong, vice president of group human resources at Singtel
Charlton Ong, vice president of group human resources at Singtel. / Image credit: Tech in Asia
The Singtel Cyber Security Institute was launched in April 2016. It simulates cybersecurity attacks for board members, C-suite management, and frontline cybersecurity staff to solve. Singtel rolled out its two-year CSAT at the same time.

One successful CSAT trainee from Singtel is 57-year-old Kamarudin Osman, who received a special mention from Singapore Prime Minister Lee Hsien Loong in his 2017 National Day Rally.

After being retrenched from his job as a Middle East and Asia regional manager at a manufacturing and servicing company, Osman came across Singtel’s CSAT program while looking for new employment.

“Trainees learn how to monitor and assess cyber threats at one of our advanced security operation centers. They get to interact with and customize cybersecurity solutions for clients,” says Ong.

After a few years at Singtel, Kamarudin is now a cybersecurity consultant at Singtel subsidiary NCS, a provider of ICT and communications engineering solutions.

Another alumnus of Singtel’s CSAT program is Ng Teng Hui, a recent computer engineering graduate from Singapore’s Nanyang Technological University.

“Currently, I am working with a Singtel partner to provide cloud-based cyber security solutions to our customers. This includes analysis, working with web application firewall, detection and mitigation, and delivering professional services,” Ng says.

Singtel’s CSAT program exposed Ng to common cybersecurity terms and helped him understand what customers want. “There was an instance where customers said they were performing VA/PT, which stands for Vulnerability Assessment and Penetration Test.” He now appreciates the importance of such tests to improve system security and understand the vulnerabilities of information systems.

But CSAT’s goal is not limited to producing tech-savvy professionals. Emotional intelligence is a trait that Singtel seeks in its cybersecurity trainees, as Ong believes that people with high EQ are more agile and adaptive team players. The ability to “manage the many stakeholders associated with a big corporation” is also valued.

Mentors can help CSAT trainees develop the right attitude and mindset. Having regular check-ins can also equip newbies with the tools to sidestep potential landmines.

As Ong points out: “We are not looking for star individuals, but for star teams, as we need to succeed as a team. There’s no point having just one individual succeed if the whole team doesn’t deliver results.”
 Greg Unsworth, digital business leader at PwC
Greg Unsworth, digital business leader at PwC. / Image credit: Tech in Asia

PwC is scaling up on cybersecurity

PwC Singapore is a relatively new CSAT partner, but it plans to get a lot more involved.

Common cybersecurity threats in Singapore include ransomware, website defacement, and phishing. Up to 3,400 full-time cybersecurity professionals in Singapore are needed in areas like threat and vulnerability assessment, security management, and crisis management.

As such, there is a pressing need to scale up fast.

The CSAT program “will only be effective with a critical mass and scale,” explains Greg Unsworth, digital business leader and risk assurance leader at PwC. “It’s important to have enough investment to provide a good training environment for trainees to develop deep capabilities to help them succeed in their future careers, whether with the organization or elsewhere,” he adds.

PwC is in it for the long haul: its CSAT training – a mix of self-directed learning, classroom training, and on-the-job mentoring – lasts for three years.

On top of keeping pace with IT developments, Unsworth says it’s important to align the CSAT program with business needs and organizational objectives. Singtel’s Ong echoes this view, saying: “The last thing you want is to roll out training that is detached from business needs.”

Leaders’ buy-in is the most important factor

As threats and attacks become more sophisticated, cybersecurity is no longer just a technical issue – it has become a boardroom issue as well, according to Ong. “Support and buy-in from senior management are very important for a program [like CSAT] to work.”

In Singapore, data breaches can result in huge fines from the government. In fact, the Personal Data Protection Commission – the city-state’s privacy watchdog – has already fined 22 organizations in the last two years. Moreover, the lack of cybersecurity measures can erode the public’s trust.

“Don’t underestimate the time commitment required from mentors and managers because they also have day jobs,” stresses Ong, highlighting the extra hours mentors put in, on top of their daily tasks and duties.

He continues, “If it’s a two- or three-year program, you just have to go through with it because there will always be operational challenges along the way. You don’t want to just finish the first year, only to lose your stamina in the second year and get bogged down by other operational issues.”

Unsworth feels there’s much more at stake than just private gain for companies. “We want to be able to look back and say we have helped develop the talent pool both in Singapore and globally,” he concludes.

More information about TechSkills Accelerator and CSAT

CSAT is a part of TechSkills Accelerator (TeSA) and Company Led Training (CLT) program: Skillsfuture initiatives driven by Infocomm Media Development Authority (IMDA). Strategic partners are Workforce Singapore (WSG), SkillsFuture Singapore (SSG), industry partners, and hiring employers.

ICT and non-ICT employers who wish to leverage TeSA’s programs to attract fresh or mid-career professionals to their companies, or plan to develop existing employees’ capabilities with the relevant ICT skills can find out more here.

This article was originally published on Tech In Asia on 18 April 2018, written by Linda Lim, edited by Eileen C. Ang, Pearl Lee, Michael Tegos, and Judith Balea