On 24 May, OpenGov in
collaboration with Kaspersky Lab organised an engaging Breakfast Insight
session to explore the growing importance of cybersecurity and discuss how well-prepared
the agencies are in combating this ever-growing threat in today’s digital
world.
The
closed-door, invitation-only interactive session gathered over 30 senior
technology executives from a wide range of government agencies, financial
institutions, and universities. The event took place at the Grand Hyatt Erawan Bangkok, Thailand.
Mr
Mohit Sagar, Managing Director and Editor-in-Chief of OpenGov Asia kicked off
the session by highlighting the essential role of Chief Information Security
Officer in keeping the organisation digitally secure.
In
his opening address, Mr Sagar spoke about the looming danger of unpreparedness
against the sophisticated cyberattacks happening across the world and
Asia-Pacific region. He spoke about the damages and disproportionality in
cyberattacks – while the average time
for hackers to cause a cybersecurity breach is less than 5 hours, organisations
take an average of over 200 days to detect the breach and another 55 days from
discovery to containment
In
his discussion on cyberthreat intelligence, he mentioned that technology
leaders must understand what constitutes as a cybersecurity threat – actor,
intent, capability, and opportunity. He also pointed out that human error
continues to be a major cybersecurity vulnerability. In view of the
fast-changing cybersecurity landscape, Mr Sagar called for an increased
cybersecurity awareness and collaboration to build a secure cyber space.
This
was followed by a welcome address delivered by Mr Yeo Siang Tiong, General
Manager, South East Asia, Kaspersky Lab.
Mr
Yeo emphasised that people and their devices are highly vulnerable and prone to
cybersecurity attacks. In Asia, advanced persistent threat (APT) attacks are
common challenges for government agencies in the region. The attacks can come in
different forms such as emails and documents. The cyberthreats can remain
dormant in the systems to affect more systems in the network to get access to
keystrokes, sensitive files and even passwords to secured systems.
“Cybersecurity
needs to be fought at all fronts,” Mr Yeo reiterated.
To
defend against cybersecurity threats, other than ensuring the proper use of the
technology itself, Mr Yeo also highlighted the importance of cybersecurity
awareness, process and policy.
“It
is not just the users who are using the technology. As regulators, as CISO, as
critical infrastructure owners in this country, you play a very important
part,” he said to the delegates.
To
serve as a learning platform for the public sector participants, OpenGov’s
Breakfast Insight session featured a scenario simulation of cyberattacks where
attendees learnt practical cybersecurity management skills through an
interactive gamification process.
Kaspersky Interactive Protection Simulation
(KIPS) is an exercise designed to place senior management teams from
government agencies into a realistic simulated environment facing a series of
unexpected cyberthreats, while trying to protect classified information and
computerised systems.
The
simulation exercise was facilitated by Mr Oleg Abdurashitov, Head of Public Affairs, Asia Pacific, Kaspersky
Lab.
The
objective of the simulation is to build a cyber defence strategy by making
choices from amongst the best proactive and reactive controls available. The
simulation aims to boost awareness among delegates on how to strengthen cyber
defences of their organisations and make the security infrastructure more
robust.
This simulation is a dynamic awareness program
based on the idea of learning by doing. To defend their agency, each team had
to take strategic, managerial and technical decisions while taking operational
constraints into account and maintaining a high level of citizen-centric
service delivery levels. In the process, the team built cooperation while competition
under tight timeframe fostered deeper understanding of the nature of cybersecurity.
Delegates
were divided into groups to participate in this simulation game where they
compete in running a set of public web services for the citizens in a public
sector agency’s data centre with modern computerised systems.
The
teams were presented with a series of cybersecurity scenarios during the game.
The goal of the teams is to provide citizen-centric public services in a timely
manner, while protecting sensitive personal information of citizens.
As
the cybersecurity scenarios unfold in which hackers target the systems’
vulnerabilities, the teams had to make decisions on how they would react to the
cybersecurity challenge and what strategy or solution to adopt. Every reaction
made by the teams would affect the ability of their agencies in the game in
protecting sensitive information from cyberattacks.
The
performance of each team in generating public welfare or state outcomes was
determined by the team’s choice of action. After each round, an evaluation was
given to analyse and discuss the best practises and typical errors in
cybersecurity incident response procedures.
Polling session and insights
After
the simulation exercise, Mr Sagar led a polling session to gauge participants’
views and concerns in cybersecurity.
Over
50% of the participants are from public sector organisations with over 1,000
head counts in total. However, more than 60% of them have an annual IT budget
between $1 million to $15 million.
Taking
the simulation result into consideration, 37% of the participants stated that
appropriate amount of budget and its effective utilisation affects an
organisation most in securing their assets, followed by 23% who voted for the
capability to handle targeted attacks and another 20% who voted for risk
prioritisation.
In
the discussion of their organisations’ key concern in cybersecurity, over half
of them pointed to employee education in IT security, while close to 20% chose
cloud security or data centre security. 13% of the attendees also named APT
attacks as their key cybersecurity concern.
In
terms of the effectiveness of cybersecurity architecture, 48% of the delegates
said the cybersecurity architecture of their organisation has the ability to
conform tor regulatory compliance levels and another 42% were confident that
the cybersecurity architecture of their organisation has the ability to respond
effectively to impending cyberthreats. The remaining 10% said the effectiveness
of their cybersecurity architecture has not been formally evaluated.
When
asked to rate their organisations’ level of preparedness to cyberthreats, close
to 60% of them are confident that their organisations are well-prepared but are
unsure if they can withstand an infiltration. While 11% of the participants
said that their organisations are “very well-prepared and there is no room for
an infiltration”, it is contrasted by another 32% who said their organisations
are not well-prepared.
Among
all delegates, 48% of them were interested in finding out more about expert
services such as penetration testing, application security assessment, payment
systems security assessment, and telecom network assessment, 28% of them were
interested in data centre security solutions for virtualisation and storage
security, and 10% of them would like to explore security solutions related to
private security networks.
Takeaways
After
the engaging Breakfast Insight session, attendees came to the important takeaways
that without effective solutions to strengthen cyber defence, government
agencies are at the mercy of cyberattacks that leave confidential data of citizens exposed
and delivery of public services hindered.
Cyberattacks
can impair the normal functioning, causing serious data breach and
citizens to lose faith in government agencies. Such reputational damage could
be much costlier than an effective security budget to protect the organisation.
This highlighted the need for the top management to address cybersecurity, as
well as cross-departmental collaboration to ensure cybersecurity success.