As cybersecurity becomes increasingly complex and critical in the digital age, artificial intelligence (AI) has emerged as a powerful tool in the fight against cyber threats. However, looking beyond AI, there are several other trends, technologies, and strategic approaches shaping the future of cybersecurity. In this interview, we delve into the broader landscape with our expert guest, exploring innovations beyond AI that will play pivotal roles in defending digital ecosystems. From zero trust architectures to post-quantum cryptography, this discussion will shed light on what lies ahead in the field of cybersecurity and how professionals can stay one step ahead.
Biography: Dr. Aloysius Cheang
Chief Security Officer, Huawei Middle East & Central Asia Region
Aloysius Cheang is an award-winning CISO with extensive experience running international businesses. In his career spanning over 25 years, Aloysius had delivering direct business values in strategic, complex, multi-year and multi-million-dollar technology and cyber program for Global 500 organizations worldwide, while managing large multi-cultural, multi-disciplinary team spread across 5 continents and 4 major time zones. Aloysius is currently the Chief Security Officer for Huawei Middle East & Central Asia Additionally, he is a Board member with a UK-based cyber leadership focused think tank, Centre for Strategic Cyberspace and International Studies (CSCIS) and an ex-Board member of (ISC)². He was formerly the Co-Founder and Managing Director of Cloud Security Alliance (CSA) for APAC and the Chief Standard Officer globally. Prior to the CSA, Aloysius was Worldwide Head for Security for Vodafone Global Enterprise and a Security Practice Leader with PricewaterhouseCoopers Singapore, having started his career with DSO National Laboratories in Singapore focusing on Defence R&D. As a globally recognised cybersecurity expert, Aloysius defined the term “Cybersecurity” having authored the first edition of ISO/IEC 27032 “Guidelines for Cybersecurity”. His professional perspectives are highly valued by major international media such as the BBC, Times, Wall Street Journal, ZDNet, ISMG, MSN News, CXO Insights, Teletimes International, Xinhua News, SCMP, Phoenix Media, The Hindu, The Nation, Bangkok Post, Economic Times Daily, China Times, The Straits Times, ChannelNewsAsia, Zawya, The National, Gulf Business, ITP, Telecom Review, Teletimes and Al Jazeera.
The Interview :
The Future of Cybersecurity: Looking Beyond AI – Emerging Trends and Strategic Insights: Policy, Regulation, and Global Collaboration
- In a globally interconnected world, how important is cross-border collaboration for future cybersecurity strategies?
Collaboration is always one of the most important aspects for cybersecurity. I will place it right behind resiliency where resiliency tops my list. The reasons are as follows:
- Resiliency should be the first thing on your list because if your house is not in order, how do you take on the world? Looking from it coming from another perspective, using a sports analogy such as soccer, let’s say no matter how brilliant you are, whether are you a Messi or a Ronaldo, you will be let down if you do not have the stamina to last 90mins. In other words, resiliency builds the foundation for the dream factory to operate.
- However, strange as it may sounds, but you can’t build resiliency without collaboration. So, it is not like resiliency, collaboration etc. are building blocks that you got to place in order exclusively, but more like attributes or tactics within a strategy that they may coexist in the same plane multi-dimensionally and you need to invest at the same time. Collaboration is important because cybersecurity is not a problem that one can solve it alone, whether are you a nation, organization or an individual; cybersecurity is a team sport and all the stakeholders within the ecosystem must contribute towards addressing the elephant in the room. We always find strength in numbers and like what Optimus Prime always say, “United we stand, divided they fall”. And we see the Blackhat community are doing that exactly, and that is why they are always a step ahead of the good guys, every time.
- Lastly, and this is why we should advocate for public-private partnerships (PPP), because in the face of the ever-evolving threat landscape where we are seeing complex threat actors coming into play. Collaboration between the public and private sectors in fact, will be critical towards survival. This is because PPP provides access to additional resources, advanced actionable intelligence, and a more coordinated response to address blended threats, which is the norm today. Today, we are seeing threats taking on multiple life forms, not only cyber but physical as well, as such security measures need to address threats with these attributes through cross-functional teams that will have members not only from the core team i.e. your own organization, but also team from your partners, customers, government and regulators as well!
- How do you think government regulations and compliance standards should evolve to keep pace with the cybersecurity needs of the future?
Development of government regulations and compliance standards should be industry-led rather government-led. With a heavy government hand, the industry will feel the pressure and obliged to follow but could not be part of the cybersecurity transformation due to many negative factors such as:
- Costs. Compliance may be overly costly just like the days of Sarbanes-Oxley;
- Recognition. The players in the industry may not agree with the proposed regulations and standards if they are arm’s length away from business and not practical;
- Ownership. If it is not developed by me, then I will adopt a bystander, wait and see attitude – for it to spectacularly failed and therefore I will count my lucky stars for not being an early adopter!
Additionally, I am also of the opinion that government regulations should be custom built for the country and not something that you will bring it from another country. This is because every country has different external environmental factors and needs, not to mention expertise level of the professionals among others. While I am of the school of thought that countries are group together as “clusters” because of some commonalities. Like for example the Gulf countries for GCC, South East Asian countries will have ASEAN, and Islamic nations will go by Organization of Islamic Cooperation or OIC. As such, it will be unrealistic to say things like global norms and international best practices because the conditions at play such as GDP per Capita, maturity, capability model etc. will be different between the clusters and even between the countries within the clusters. There is a better chance that clusters such as OIC will be more naturally placed to adopt cybersecurity norms with common background, goals and objectives. “Demography, not democracy, will be the most critical factor for security and growth in the 21st century” and “With few exceptions, democracy has not brought good government to new developing countries…What Asians value may not necessarily be what Americans or Europeans value. Westerners value the freedoms and liberties of the individual. As an Asian of Chinese cultural background, my values are for a government which is honest, effective and efficient.”, said Lee Kuan Yew, former Prime Minister of Singapore.
- Privacy regulations, like GDPR, have impacted cybersecurity in significant ways. Do you foresee any future regulations shaping cybersecurity beyond the current landscape?
If there are any future regulations that will be as significant as GDPR, I would say legislation on all the emerging deep technologies, which needs to be regulated because we are talking about a world that is not only physical, but virtual and digital as well. So there need to be some kind of regulations to herd the sacred cows of AI, Blockchain, Web 3 and finally, the Metaverse!
- What advice would you give to organizations on balancing compliance with innovation in cybersecurity strategies?
My advice is simple. You just need 3 things to be successful:
- Resiliency is key. As I mentioned in point 1.
- Ensuring collaboration between all key players in your ecosystem from your internal customers, to regulators and to your extended office of partners and suppliers.
- There should executive buy-in, a sponsor at the board level, an owner in the executive management team where this subject of cybersecurity will be reported, reviewed and follow-up consistently.
Keep it simple and go back to basics. Build an auto-evolving, adaptable security framework based on the strategy that is designed to shape-shift alongside emerging blended, hybrid threats by leveraging on actionable intelligence, building resilience, and fostering collaboration so that individuals, organisations and nations can not only defend against today’s threat but also safeguard one’s digital journey by addressing the challenges of tomorrow.
Closing Note:
Thank you for sharing your valuable insights on the future of cybersecurity. It’s clear that while AI remains a powerful tool, there’s a much larger, evolving ecosystem of technologies, policies, and human-centric approaches that will shape how we defend against cyber threats in the coming years. Your perspective has certainly shed light on critical areas that industry professionals should be focusing on. To our readers and listeners: Stay connected with us to continue exploring the most pressing issues in cybersecurity. Don’t forget to subscribe to our newsletter, follow us on social media, and keep an eye out for our upcoming expert interviews and insights!
Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, and LinkedIn for the latest threats, insights, and updates!
