Ensign InfoSecurity (Ensign), Asia’s largest pure-play end-to-end cybersecurity services provider, launches EnGarde, a new suite of cyber wargaming and tabletop exercise services tailored for directors, board members, and executives in Singapore. The new services aim to stress-test organisations’ incident and crisis management plans. It also aims to heighten business leaders’ ability to effectively contain and eradicate the threats while swiftly restoring the business to normalcy.
Scenario realism is a key differentiator for Ensign’s wargaming and tabletop exercises suite. In contrast to some of the other wargaming exercises in the market that use a fixed-decision tree, Ensign adopts a fluid methodology when conducting cyber simulations.
Ensign will tailor scenarios based on the organisation’s business activities, cyber risk profile and the latest cyber threats in its sector. The exercise will also provide customised considerations and decision points based on the organisation’s unique business nature, organisational structure, and priorities. This allows Ensign to effectively evaluate an organisation’s incident and crisis management plans, identifying any gaps in implementation or expectations in their processes, reinforcing business resilience.
These exercises will also require the participants to consider implications across the organisation, including operations, finance, legal, human resources, and technology teams. This strengthens coordination and collaboration among cross-functional teams, reinforcing the decision-making processes during an incident and / or crisis.
Furthermore, the exercises will help board members and Directors better define the different roles each department plays. This accelerates the time taken for decision-making allowing organisations more effective response and recovery.
Experienced Ensign consultants, who have managed real-live incident response engagements, will advise the participants on key considerations, and help them orchestrate their response holistically.
“As cybersecurity becomes an increasingly critical boardroom priority and organisations adopt an assume breach stance, wargame or tabletop exercises are essential in preparing board members and executives for a cyber crisis and a vital part of effective risk management. It hones the organisation’s incident response and recovery muscles by giving board members and executives the ability to prioritise what assets to protect, the vulnerabilities of its system, the risk mitigation strategies and approaches to mitigate the impact and getting back to normal operations quickly in the aftermath of a breach. This will strengthen an organisation’s resilience and confidence to push ahead with their digital agenda,” said Ms Tammie Tham, Group CEO, Ensign InfoSecurity.
Preview of Ensign’s Services at the Recent SID’s Cybersecurity Course
Businesses leaders in Singapore experienced a preview of Ensign’s tabletop exercise at the recent cybersecurity course that Singapore Institute of Directors (SID) organised.
Titled “Cyber Risk – Getting the boardroom focus right”, the module highlighted the latest cybersecurity trends and risks confronting businesses and elaborated on how directors, board members and executives can accurately assess their company’s cyber competencies to tackle the latest threats.
Ensign’s consultants conducted an exercise with a Ransom-and-Breach scenario during this session. The attendees got to experience first-hand the realistic implications of a double-extortion Ransomware attack and the decisions needed to respond and recover from this type of cyber crisis.
“For every new technology that cybersecurity professionals invent, it’s only a matter of time until malicious actors find a way around it. For board of Directors, this requires developing new ways to carry out their fiduciary responsibility to shareholders, and oversight responsibility for managing business risk. Directors cannot abdicate oversight of cybersecurity or simply delegate it to operating managers. They must be knowledgeable leaders who prioritise cybersecurity and personally demonstrate their commitment.” said Ms Poh Mui Hoon, SID Council Member.
The session also included a panel discussion that delved into a number of concerns among senior management, including the boards’ role in managing cybersecurity and setting the budget for cybersecurity. The panel, moderated by Ms Poh, featured prominent cybersecurity leaders in Singapore, namely:
- Mr David Koh, Chief Executive of The Cyber Security Agency of Singapore (CSA),
- Ms Tammie Tham, Group Chief Executive Officer, Ensign InfoSecurity, and
- Mr Nathaniel Callens, Chief Information Security Officer, Grab.
“Cybersecurity is a risk management issue at the board or C-suite level. It requires the Board to make trade-offs and confront the trilemma between security, usability of systems and cost. Such decisions affecting the whole company must be made at the board or C-suite level. Under the SG Cyber Safe Programme for enterprises, CSA has introduced resources for business leaders, IT teams and employees to raise their cybersecurity awareness as well as provide self-help tools for enterprises to assess their cybersecurity maturity and posture. We hope that enterprises will leverage these resources to aid them in their digitalisation journey,” said Mr David Koh, Chief Executive, Cyber Security Agency of Singapore (CSA).
The panel also discussed how chief information security officers (CISO) can collaborate more closely with the board to strengthen the organisation’s security posture.
Grab’s CISO, Mr Nathaniel Callens, said: “As board members strive to balance business value and risks, having a strong relationship of trust with the CISO is imperative. The Board members who collaborate with the CISO gain a strong understanding of the cyber risks and threats faced by their organisations. This allows them to assist in maximising the potential of their security investments and ultimately, turn cybersecurity into a competitive advantage.”
The course was attended by about 30 senior management members from across various industries namely, maritime, transport, financial, real estate, healthcare, engineering and construction. This course is part of SID’s Business Future Series, designed to provide senior management with a deeper understanding of emerging trends that impact businesses.