EXCLUSIVE – OpenGov Insight session on tackling cyberthreats for government IT ecosystems
On 24 May, OpenGov in collaboration with Kaspersky Lab organised an engaging Breakfast Insight session to explore the growing importance of cybersecurity and discuss how well-prepared the agencies are in combating this ever-growing threat in today’s digital world.
The closed-door, invitation-only interactive session gathered over 30 senior technology executives from a wide range of government agencies, financial institutions, and universities. The event took place at the Grand Hyatt Erawan Bangkok, Thailand.
Mr Mohit Sagar, Managing Director and Editor-in-Chief of OpenGov Asia kicked off the session by highlighting the essential role of Chief Information Security Officer in keeping the organisation digitally secure.
In his opening address, Mr Sagar spoke about the looming danger of unpreparedness against the sophisticated cyberattacks happening across the world and Asia-Pacific region. He spoke about the damages and disproportionality in cyberattacks - while the average time for hackers to cause a cybersecurity breach is less than 5 hours, organisations take an average of over 200 days to detect the breach and another 55 days from discovery to containment
In his discussion on cyberthreat intelligence, he mentioned that technology leaders must understand what constitutes as a cybersecurity threat – actor, intent, capability, and opportunity. He also pointed out that human error continues to be a major cybersecurity vulnerability. In view of the fast-changing cybersecurity landscape, Mr Sagar called for an increased cybersecurity awareness and collaboration to build a secure cyber space.
This was followed by a welcome address delivered by Mr Yeo Siang Tiong, General Manager, South East Asia, Kaspersky Lab.
Mr Yeo emphasised that people and their devices are highly vulnerable and prone to cybersecurity attacks. In Asia, advanced persistent threat (APT) attacks are common challenges for government agencies in the region. The attacks can come in different forms such as emails and documents. The cyberthreats can remain dormant in the systems to affect more systems in the network to get access to keystrokes, sensitive files and even passwords to secured systems.
“Cybersecurity needs to be fought at all fronts,” Mr Yeo reiterated.
To defend against cybersecurity threats, other than ensuring the proper use of the technology itself, Mr Yeo also highlighted the importance of cybersecurity awareness, process and policy.
“It is not just the users who are using the technology. As regulators, as CISO, as critical infrastructure owners in this country, you play a very important part,” he said to the delegates.
To serve as a learning platform for the public sector participants, OpenGov’s Breakfast Insight session featured a scenario simulation of cyberattacks where attendees learnt practical cybersecurity management skills through an interactive gamification process.
Kaspersky Interactive Protection Simulation (KIPS) is an exercise designed to place senior management teams from government agencies into a realistic simulated environment facing a series of unexpected cyberthreats, while trying to protect classified information and computerised systems.
The simulation exercise was facilitated by Mr Oleg Abdurashitov, Head of Public Affairs, Asia Pacific, Kaspersky Lab.
The objective of the simulation is to build a cyber defence strategy by making choices from amongst the best proactive and reactive controls available. The simulation aims to boost awareness among delegates on how to strengthen cyber defences of their organisations and make the security infrastructure more robust.
This simulation is a dynamic awareness program based on the idea of learning by doing. To defend their agency, each team had to take strategic, managerial and technical decisions while taking operational constraints into account and maintaining a high level of citizen-centric service delivery levels. In the process, the team built cooperation while competition under tight timeframe fostered deeper understanding of the nature of cybersecurity.
Delegates were divided into groups to participate in this simulation game where they compete in running a set of public web services for the citizens in a public sector agency’s data centre with modern computerised systems.
The teams were presented with a series of cybersecurity scenarios during the game. The goal of the teams is to provide citizen-centric public services in a timely manner, while protecting sensitive personal information of citizens.
As the cybersecurity scenarios unfold in which hackers target the systems’ vulnerabilities, the teams had to make decisions on how they would react to the cybersecurity challenge and what strategy or solution to adopt. Every reaction made by the teams would affect the ability of their agencies in the game in protecting sensitive information from cyberattacks.
The performance of each team in generating public welfare or state outcomes was determined by the team’s choice of action. After each round, an evaluation was given to analyse and discuss the best practises and typical errors in cybersecurity incident response procedures.
Polling session and insights
After the simulation exercise, Mr Sagar led a polling session to gauge participants’ views and concerns in cybersecurity.
Over 50% of the participants are from public sector organisations with over 1,000 head counts in total. However, more than 60% of them have an annual IT budget between $1 million to $15 million.
Taking the simulation result into consideration, 37% of the participants stated that appropriate amount of budget and its effective utilisation affects an organisation most in securing their assets, followed by 23% who voted for the capability to handle targeted attacks and another 20% who voted for risk prioritisation.
In the discussion of their organisations’ key concern in cybersecurity, over half of them pointed to employee education in IT security, while close to 20% chose cloud security or data centre security. 13% of the attendees also named APT attacks as their key cybersecurity concern.
In terms of the effectiveness of cybersecurity architecture, 48% of the delegates said the cybersecurity architecture of their organisation has the ability to conform tor regulatory compliance levels and another 42% were confident that the cybersecurity architecture of their organisation has the ability to respond effectively to impending cyberthreats. The remaining 10% said the effectiveness of their cybersecurity architecture has not been formally evaluated.
When asked to rate their organisations’ level of preparedness to cyberthreats, close to 60% of them are confident that their organisations are well-prepared but are unsure if they can withstand an infiltration. While 11% of the participants said that their organisations are “very well-prepared and there is no room for an infiltration”, it is contrasted by another 32% who said their organisations are not well-prepared.
Among all delegates, 48% of them were interested in finding out more about expert services such as penetration testing, application security assessment, payment systems security assessment, and telecom network assessment, 28% of them were interested in data centre security solutions for virtualisation and storage security, and 10% of them would like to explore security solutions related to private security networks.
After the engaging Breakfast Insight session, attendees came to the important takeaways that without effective solutions to strengthen cyber defence, government agencies are at the mercy of cyberattacks that leave confidential data of citizens exposed and delivery of public services hindered.
Cyberattacks can impair the normal functioning, causing serious data breach and citizens to lose faith in government agencies. Such reputational damage could be much costlier than an effective security budget to protect the organisation. This highlighted the need for the top management to address cybersecurity, as well as cross-departmental collaboration to ensure cybersecurity success.