OpenGov Tech Day 2019- Trying to be a Resilient Organisation- Ongoing Journey towards Cyber Protection was held on 12 September 2019 at the Amara Singapore.
The event saw delegates from both enterprises and financial institutions in attendance.
It has been seen in past occurrences of safety breaches where organisations face a constant threat to their cybersecurity structures. Hackers are constantly finding new ways to overcome these secure walls and get access to the wealth of data.
This event focused on discussions which centred on understanding the level of security that organisations are at and of the measures, such as fraud detection methods, that they need to adopt to be constantly ahead of the ever-evolving cyber threats.
Know your vulnerability
Having knowledge of current technology trends or possessing these technologies is insufficient. Understanding how to apply them is crucial.
This was the opening address by Mohit Sagar, Group Managing Director and Editor-In-Chief of OpenGov Asia.
He said that organisations should be aware of their level of vulnerability of being potential targets of cyber-attacks.
He stressed that employee negligence highly contributes to the occurrences of cyberattacks.
He felt that cybersecurity was an ongoing exercise and that organisations must continually strive to to stay current and up-to-date.
“You have to keep looking for those who will add ice when finding the best cybersecurity measures and fill your glass,” Mohitconcluded.
Informative and interactive learning of cybersecurity
Patrick Aronson, Executive Vice President, APAC, at Westcon gave the welcome address for the event.
He spoke about what Westcon does and what it offers. A distributor of cybersecurity solutions, they provide support and solutions to meet their clients’ cybersecurity needs accordingly.
Patrick explained that the event session was designed to be interactive and informative; delegates needed to genuinely participate and engage in active discussions and the simulations to get the most of the event.
He exhorted the deleagtes to explore the different approaches avaibalbe that they could adopt to ensure that cybersecurity standards are met.
This set of polling questions was focused on understanding where the organisations are at in their cybersecurity efforts and of what their concerns/priorities are.
“Advanced and zero-day attacks” was voted as the top concern for security operations for organisations, receiving 35% of the votes.
“Visibility of what traffic, what data and what applications are traversing in the network” received the highest votes for the top priority of perimeter defence for the organisation, with half of the delegates voting for it.
This shows that organisations identify the significance of network visibility in better understanding of how security breaches occur and for preparing themselves for any potential cyber-attacks.
When asked of how security operations are currently driven, 50% of the delegates voted on “compliance and incident driven”. This was discussed further, below, at Part 3 of the gamification discussion.
What to do when breached?
Cyberattacks on healthcare systems have been circulating in recent news. Confidential information of people such as patient medical history and blood group types have been accessed and even stolen in some cases. This poses a big threat to these healthcare providers and the government as data breach of medical records and other private information is highly detrimental when landed in the wrong hands.
Delegates were positioned in a real-life scenario of a similar context and had to brainstorm ways for revamping the strategy framework for preventing such breaches from happening again and re-thinking of the approach taken for cybersecurity efforts.
When looking at Intranet and Internet separation, it was pointed out that the commercial business environment must be considered before attempting it.
One of the delegates shared that it is not ideal for external data storage sources to be connected to an intranet database and hence should be separated.
Intranet and Internet systems both have vulnerability points. It is important to understand how data is used, stored and protected in these systems.
It was established that an organisation must possess operational intelligence for understanding the following: How data is transformed in an organisation, how raw data is received and transformed using the organisation’s applications, where the data, and how it is being utilised.
Consistent encryption of data is key, especially in sectors such as healthcare.
Awareness and training as a continuous effort was another proposed idea. Organisations must be aware of what is going on in the market and attempt to learn from past breaches.
This set of polling questions looked at the various cybersecurity measures adopted by the organisations and the purpose of each of these measures.
“Security Incident Identification” received the highest votes of 67.7 % for what organisations use their logs for. This gives a picture of the common process of organisations which is to not just record a security breach but to understand how it happened, from where and of why.
On the internal network enforcement measures in place, most of the delegates voted for “Network Access Control- for identifying and granting access for authorised endpoints” and “endpoint visibility” as the top measures.
Solutions for supporting secure framework
When faced with a cyberattack, it is imperative to understand the situation and of what went wrong. Based on that, the next step of re-creating an optimal framework system is crucial. A secure framework, however, does not ensure a secure system. Organisations should also formulate the solutions to be implemented for recovering from the breach, as part of the framework.
Delegates were presented with a strategized framework of 5 sites of infrastructure, 15,000 endpoints and medical teams to deploy IoT based medical equipment. They were tasked to formulate solutions around this framework.
A view was shared about how the engagement of a third-party provides knowledge to the organisation. Third parties are useful for pointing out existing blind spots within the security systems.
App aware firewall was established to be more effective as compared to a legacy stateful firewall as it gives organisations visibility. App aware firewalls allow organisations to identify which sites are being accessed and who is accessing the sites.
There was a consensus that organisations should educate and create awareness of the online sites visited by users and of the following steps they should take when faced with a security breach.
Enhanced perimeter defence can detect at the front wall of an oncoming malicious attack. It acts as a barrier to a hacker reaching the “shoreline” of an organisation’s data.
Device profiling and control is important for organisations to detect and plan for obsolescence of the device.
Security awareness training and annual refresher training for employees was established as a necessary move to be adopted by all organisations.
Maintaining a secure system
With the framework and solutions, organisations then have to next look at how they can leverage these strategies for ensuring their data is secure and are prepared for future security breaches. Organisations must also ensure that their security systems are constantly updated and enhanced.
In the final round of Gamification, delegates were tasked with identifying the key orchestrations which will benefit and ensure that the healthcare data and confidential information of patients are always secured.
The continuous and constant approach in compliance was agreed to be an ideal situation where various teams work together, parallelly. Many organisations, however, do not have a security policy which poses as an obstacle.
While security policies and processes are there, the cybersecurity landscape is always changing. It is a race to catching up on the latest cybersecurity measures. This is moving towards compliance.
One of the delegates pointed out that policies and processes must constantly change with the changing environment and therefore working around established processes will not be the best approach.
Identity theft was recognised as the next wave of potential cyber threats. This is based on the current trends of security breaches.
Implementing machine-learning and AI was an idea put forth by delegates for understanding network and incoming IPs. These technologies can be used to identify patterns.
They will give prescriptive information to organisations of threats they can predict.
Network visibility is key
The whole event was concluded by Alan Sim, Principal Solution Consultant at Westcon.
His parting message for delegates was that organsations need to have an oversight view network visibility.
Network visibility consists of perimeter defence, enforcement internal defence, compliance vulnerability management, and an oversight single pane of glass.
Visibility is key as organisations cannot defend themselves from what they cannot see, he stressed.
In conclusion he expanded on the various solution providers who help organisations achieve this.
Catherine Wang, Senior Deputy Manager, Risk Manager (Operational Risk) at Cathay United Bank said, “I believe that there is a lot of new knowledge, new technology and tools that are available in the market and may potentially assist us in our cybersecurity journey”.
“The key takeaway is that a more holistic approach is needed for managing security,” said Lawrence Ng, Regional Head of IT at PSA Corporation.
Delegates left the session with an enhanced perspective of what the fundamental actions to be taken are and of the questions they should be asking while making pit-stop checks in the course of their cyber-resilience journey.