boo

EITN Forum 2018: Cybersecurity is a Business Issue

Enterprise IT News or EITN’s Cybersecurity forum kicked off with the message that cybersecurity is no longer a ‘Nice-to-have’ and recent developments also reiterate this.

(Caption for above: Stephanie Boo from Menlo Security presenting at EITN’s Cybersecurity Forum last week).

For one, artificial intelligence and machine learning technologies are integrating into protection solutions, to try more accurately discern good code from bad code. Cyber attacks are taking on a whole new

dimension as well, with nation states getting in on the action and utilising digital tools to carry out digital espionage and warfare. Data breaches are more targeted than before, hitting us where it hurts the most by compromising not just our financial data, but also our personal data which can be used continuously to extort value from us.

But a big win came last month in the form of our neighbour Singapore’s Cyber Security Agency (CSA) stating that CEOs shou

ld be held accountable whenever there are data breaches.

Cyber security is seen as a technical issue, rather than a management issue, which is a perception that needs to change. Cyber security initiatives need to be a top-down directive, and could play a major role in how an organisation’s employee use technology for work.

Technology as a fail-safe

Menlo Security’s APAC MD, Stephanie Boo opined that, “Sometimes, no amount of education can help.” In this sense, technology can be used as a failsafe in the event employees unconsciously use technology, incorrectly.

She also pointed out that businesses are giving employees the two things that hackers can use to attack – emails and the web.

These days even a legitimate website could actually be used in a ‘watering hole attack’ by virtue of the malicious code it carries which can infect a user’s computer just because the user visited that website.

And yet, in the course of doing their work, an organisation’s employees cannot not click web links or email links.

“They are paid to click,” Boo pointed out giving the example of Human Resource and Finance personnel who typically carry out their work communications via email – invoices, bills, receipts, applicant resumes and so on, have to be acted upon in a time-sensitive manner and on a regular basis every day, so not clicking into their emails and/or responding to emails would be tantamount to them not doing their jobs.

Menlo Security, an isolation technology solutions provider, proposes to deactivate the active content in these links in a way that does not compromise the user experience.

Another presentation by Netassist’s Hon Fun Ping, sent the key message that innovation and growth of a compan

Hon Fun Ping from Netassist

y shouldn’t be hindered, but rather it is enabled because good cyber security measures are in place to ‘apply the brakes’ before things get out of control.

“If I can convince you that I follow the best practices, you will want to do business with me, and in turn your customers will do business with you, when you convince them that you are safe,” Hon pointed out.

In another presentation, a global Barracuda survey revealed 84-percent of respondents sharing that poor employee behaviour is a greater email security concern compared to inadequate tools.

Critical national infrastructure

EITN’s forum also saw two presenters from the user environment, sharing their knowledge and experiences to an audience from sectors like property, construction, finance, energy, and more.

The forum ended with a networking session, as members of the local ICT ecosystem sat down and caught up over a quick meal.

Azril Rahman from the energy sector shared about how threat intelligence isn’t just the domain of SOCs (security operations centres) anymore. “Threat intelligence is moving out of SOCs and have a dotted line to top C-level management and/or operations.”

Permodalan Nasional Berhad’s (PNB’s) Head of Security, Wan Roshaimi Wan Abdullah, shared about Cybersecurity maturity levels and the areas to assess when trying to determine whether an organisation is in one of the following maturity level – Initial, Repeatable, Defined, Managed or Optimised.