Cybersecurity and privacy solutions: Safeguarding our digital world

22 Oct 2020 14:45h - 16:20h

Event report

The session moderator, Mr Jason Harle (Senior Manager, Cyber Risk, Deloitte, Denmark) opened the discussion by asking whether we have an issue with technology adoption. Mr Martin Yates (Chief Technology Officer, Global Digital Cities, Dell Technologies, Singapore) said that the diversity and the number of devices pose a problem. The rapid growth of Internet-connected devices, therefore vulnerable to cybersecurity threats, remained an important turningpoint throughout the session. The old way of rapid deployment without strict assurances of cyber resilience is an issue we face and will continue to face. Ms Amanda Craig (Director, Cybersecurity Policy, Microsoft, USA) added that diversity is a key issue. Diversity is seen in terms of multiple generations of technology and legacy tech that is unprepared for the present-day threat landscape. This is worrying not only because of more devices but also because of the sectoral impact (e.g. the Industrial Internet of Things (IIoT), critical infrastructure becoming digitalised).

Mr Leonard Sim (Head of Presales, APAC, Kaspersky, Singapore) added that Kasperky has noticed a change not only in the numbers of cyber attackers, but also in the execution. ‘Threats are getting more and more advanced’, Sim said, noting that malicious groups organise into networks and plan days, weeks and months ahead, which points to their intelligence. The COVID-19 pandemic rushed remote working while not everyone was secure enough. Since the beginning of the pandemic, Kaspersky has noticed increased phishing attacks as attackers exploit feelings, emotions, and loneliness of people during the crisis.

The lack of trained staff and of awareness on cyber threats was the second majortakeaway from the discussion.Mr Edward Lim (McAfee Enterprise Technology Specialist, McAfee, Singapore)said that the lack of trained staff in the industry is a serious concern for many companies. Other challenges include upscaling of tools, information overload, and resource problems. Switching to governance regimes, Mr Americo Muchanga (Chairman, Communications Regulator Authority of Mozambique (INCM), Mozambique) explained that most devices used on a daily basis show that security was not the main concern during their development, and this is because security is not perceived as an investment. Users want devices, unaware of risks, and technology developers react only when an investment is at stake. Therefore, cybersecurity strategies, training more people and educating the public about good ‘cyber hygiene’ are needed at the national level. ‘We need a strategy that can be implemented, but also the people that can implement it’, Muchanga stressed.

Implementation and operationalisation were also an issue for Mr Wojciech Wiewiórowski (European Data Protection Supervisor, EDPS, Belgium). Wiewiórowski talked about the role of data protection agencies and noted that implementation stems from awareness. Awareness is twofold – people are more interested, at the same time, they often remain in the dark about risks. Implementation also relies on resources, as noted earlier, and one of the biggest problems today is the lack of time to check data flows. Citizens’ interest in technologies, however, should not be treated the same. Mr Tien Minh Hoang (Deputy Director General, Authority of Information Security, Ministry of Information and Communication, Vietnam) noted that there has been a 60% increase in targeting children and the elderly compared to last year. ‘While developing new regulation and strategies, it is important to take into account the protection of vulnerable groups’, he said.

The third takeaway from the discussion comes from a question to the audience. Harle asked the audience about the biggest obstacles to a successful defence. The replies varied, with the main agreement that cyber threats are multilayered and combined. The panelists offered solutions. Lin suggested focusing on obvious threats, using intelligence and building up the ecosystem while keeping in mind that only the most complex attacks need human intervention. Yeates and Muchanga stressed the importance of organisation and better structures internally. According to Yeates, cybersecurity has to be the main topic at the outset of every board of management. Wiewiórowski said that we should not overestimate the impact of guidelines, and while the regulation has been successful, there is still work to be done to make guidelines a commonplace and an issue for the entire organisation or company. Solutions also come from the regulation, yet fragmented jurisdiction along the supply chain is often an issue. To mitigate that, Muchanga suggested that every organisation needs its own policies at the internal level, and Craig added that risk mitigation tools are crucial here as well. ‘Organisations can manage risk by avoiding it, accepting it, transferring it or, most importantly, mitigating it by putting baselines, sets of controls, practices, things like authentication or access controls’, she reminded.

Learning from the COVID-19 pandemic and stressing global co-operation for the global cybersecurity ecosystem was the final takeaway. According to Sim, breaking the steps down will make the overwhelming threats actionable and we can draw inspiration from the fight against the global pandemic. The first step is to rely on reliable sources of knowledge. The beginning of the pandemic was confusing and uncertain, the same as with new cyber threats. But the second step, detecting and tracing in a timely and reliable manner, made it actionable. In the cybersecurity context, there are numerous intelligent tools that can detect the spread of malware. Finally, awareness training is needed, along the same line governments are promoting measures against COVID-19 they should do against cyber threats.

The panellists concluded that risk is increasing, the lessons to be learned are there, the awareness and a structured approach are necessary to be on the same page in order to get ahead of future threats.