In the light of the pandemic and remote working becoming the new norm, the cybersecurity landscape has changed dramatically. Especially in the essential services industries like healthcare, governments, telecom, etc. that did not get any respite during the last few months. In fact, agencies and organisations in these sectors were working increasingly and incessantly to ensure the well-being of citizens/consumers.
Due to the increased pressure on these services and remote working, these organisations and industries have become an easy target for bad actors in cyberspace. Therefore, constant monitoring and quick recovery from these attacks is the urgent need of the hour. Understanding the sensitivity of this topic OpenGov Asia organized a second of the Virtual breakfast insight series in collaboration with Kaspersky on 14 August 2020: Intelligence Driven Modern SOC: A Future-ready Outfit.
In this exclusive session, delegates who participated came from a wide range of public sector industries in Thailand. They were eager to better understand how the Thai government is planning to deal with the heightened cybersecurity risk.
Empower the workforce to thrive during these times
The event was opened by Mohit Sagar who highlighted the fact that the pandemic made us all re-think our position as individuals and organizations.
In the past few months, hacking and phishing attacks have become more prevalent than before. Compounded with the compulsion of remote working, people and organisations have been exposed to several vulnerabilities.
He emphasised that quick-response to attacks and constant surveillance of the organizational cyberspace with a Security Operations Centre within the organization is almost a necessity to operate effectively during these tough times.
He concluded his presentation by stressing that in order to thrive in these times, organisations need to empower their workforce with the right knowledge and resources and collaborate with partners who champion cybersecurity.
Cyber defense as critical as Cyber innovation
After Mohit, Genie Gan, Head of Public Affairs and Government relations APAC for Kaspersky. She began by stressing the crucial role that governments play in times of crisis.
Furthering the points highlighted by Mohit, Genie shared her observations of how the bad actors are capitalising on the chaos.
She shared interesting facts about the security threat landscape in Thailand during the last few months. Her data showed that 6,067,924 web threats were blocked in Thailand from January to June 2020. Around 85,384 ransomware samples were detected by the Kaspersky solution in Thailand at the same time.
It was astonishing to know that more than 2-in-10 Thai Users were almost infected by web threats.
Keeping in mind the state of affairs in the Thai cybersecurity landscape, Genie emphasised that digital defense is as critical as digital innovation for any government that is aiming to digitally transform the nation.
She concluded by sharing a four-pronged approach to addressing cyber threats and validated each point with an example/ success story from the APAC region. They are as follows:
- Threat Information Sharing
- Engaging the community through public-private partnerships
- Investing in education and creating awareness
- Promoting transparency
After Genie’s insightful presentation Dr. John Kan, Chief Information Officer at the Agency for Science and Technology research shared his thoughts and perspectives on the issue at hand.
What you do during a threat incident is as important as planning for it in advance
Dr. Kan began by sharing the basic operating principles of SOC at his organisation. He shared the 4 stages of the ICT and Data incident Management process which include:
1) Pre-incident preparation
2) Detection and Analysis
3) Response and Remediation
4) Post-incident Enquiry
He then elaborated on the response plan in case of an IT security incident as he shared that no matter how much you prepare for an incident what you do in the advent of a real threat is very critical. He also elaborated on each of the steps involved in the response plan I.e. identification, containment, investigation, and recovery.
Since incident management is so critical to running smooth operations, he also shared some tips to enhance readiness in the process. These tips include:
- Form an incident management team
- Establish an incident management process
- Be conversant with the process
- Conduct incident management exercises
- Empower your team
- Stay relevant
He concluded by pointing 4 success factors that need to be perfected in order for an organisation to operate in a fully safe and secure environment.
- Keeping people informed and educated
- Having a well-defined incident response framework
- Upskilling and Reskilling in SOC
- Having Cyber insurance
After John Kan’s powerful presentation, the session became more interactive through the polling questions with the delegates sharing their personal insights and comments.
On the first question of what your primary IT security spending is for, the majority of the audience voted for SOC technologies (SIEM, Threat Intelligence, SOAR) (47%).
On this, a senior director IT security from a public organisation shared that he voted for the above option as his organisation is heavily investing in it mainly due to legacy reasons. But he also shared that people are still the weakest link in the security framework and need investment.
On the next question of how you stay ahead of the latest security updates and threats, our audience was split between, from vendors as part of product acquisitions (43%) and from threats intelligence reports subscription (47%).
A senior IT executive from another government agency shared that in his opinion getting updates from the vendors is the fastest and most effective way of getting updates as they are experts.
On the final question of how you plan to prevent cybersecurity attacks, our delegates voted for: engage security assessment services (42%).
Another delegate from a government agency shared that if she voted for security assessment services as if an organization is starting off in this direction, this is a good step as it is easy to propose and initiate.
The polling results from the healthcare session being displayed simultaneously were good eye-openers for our delegates.
After the polling session, Victor Chu, Head of System Engineering, SEA- Enterprise Cybersecurity from Kaspersky came forward to close the session. He shared some insights about Kaspersky threat intelligence and the kinds of threats that have been prevalent over the period of the last 4 months. He also briefly highlighted the needs of threat intelligence and how Kaspersky can help provide those solutions.
Our delegates took away valuable information around the current cybersecurity landscape and the solutions to protect them.