CIO Academy Asia held 2 virtual roundtables in July with Indonesian and Malaysian technology leaders, moderated by CIO Academy’s CEO, P. Ramakrishna.  The sessions discussed cybersecurity issues in the context of today’s disruption. This article covers the main insights from the sessions.

COVID-19 has forced organisations to access most of their business services remotely and to migrate workloads to the cloud. Employees and supply chain partners are leveraging remote devices, mobile data sharing and collaboration, as well as creating cloud-based business workflows to remain operational.

As mission-critical workloads are migrated quickly to the cloud, technology leaders must ensure they have complete visibility and control across the network, applications, and users.

As enterprises move to the cloud and users work remotely, attack surfaces are widened

The COVID-19 crisis has led to the accelerated migration of workloads to the cloud and the proliferation of endpoints, as an unprecedented number of people work remotely. This is exposing enterprises to new risks. According to Charles Samuel, Group CISO of CIMB Bank, “The attack surface and threats are growing exponentially.  DDoS attacks are also rapidly growing in frequency. Endpoint security needs to be up to date.”

“These trends have an enormous impact on networking and network security architectures” said Eng Guan Teong, VP of Sales ASEAN, Palo Alto Networks, “These changes will lead to greater complexity as customers use multiple point products, and management consoles to address new security challenges. This is creating security gaps as coverage tends to be incomplete and security policies inconsistent. It is also not always easy to share intelligence between products”.

David Rajoo, Country SE Head, Cybersecurity Engineering at Palo Alto Networks stated that “The network security industry’s response has so far been manual and reactive. Attackers are constantly churning out variants of old threats or new threats. Network security devices are not stopping all threats, and the infection of a first victim, known as patient zero”. Rajoo added that “The proliferation of IoT devices and the widening definition of the network are also posing major challenges to traditional approaches to security”.

Cybersecurity needs much greater focus as attacks continue to disrupt operations.  Security spending is rising rapidly, yet risks seem no lower than before.  The deployments of multiple, disparate technologies compounds risks. Lack of automation and integration also inhibits enterprises’ response to the changing threat landscape.

Consistent, integrated and unified approach to cybersecurity is necessary

Roundtable attendees discussed how the current crisis has forced enterprises to focus on endpoint security. Remote working creates many more endpoints and many more vulnerabilities. The resources to manage risks are now limited, so enterprises need to automate as much of their cybersecurity activities as possible.

Enterprises need to use machine learning to help identify the most advanced threats and speed up investigations by having critical data, integrated across networks, endpoints and clouds, with the necessary context available for security analysts. Threat intelligence is needed to understand everything about attacks and potential attacks.

CIMB’s Samuel also highlighted the importance of tackling cybersecurity threats from a business risk angle, stating that for CIMB, “The key tripwire is business risk assessment which is central to everything we do”. He continued by asking “How can threat intelligence and threat hunting be used to trigger warnings and enable governance?”

Automated threat hunting and the provision of threat intelligence need to be built into comprehensive security solutions and aligned with cybersecurity policies and postures. Indeed, responses to security threats need to continuously be automated starting with basic challenges like phishing investigation and mitigation.

Zero trust network access was discussed. Enterprises need to take a zero trust approach to security. A zero trust approach is an approach which requires strict identity verification for each person or device that tries to access resources, regardless of whether these requests originate inside or outside of the network perimeter. It means that nobody is trusted by default and verification is required from anyone trying to gain access to resources. For most enterprises, a user has access to multiple resources once inside the network perimeter. This means that if a malicious actor gains entry to a network, the potential for damage is huge. Zero trust mitigates the risk once a malicious attacker gains access to a network.

Enterprises require a comprehensive security solution

Roundtable attendees agreed that the number of endpoints accessing corporate resources will continue to increase. In parallel, the acceleration of workloads to the cloud is set to increase further. Security infrastructure must be able to scale up to handle increased capacity requirements and scale out to accommodate the increased signaling and session demands of edge distribution, combined with increasing volumes of endpoints. This agility highlights the need for a more unified and comprehensive approach to security.

According to Palo Alto’s Teong, “Enterprises need to implement much more comprehensive and integrated security solutions which offer visibility across the network. There needs to be greater focus on zero trust network access and VPNs. Cloud security and endpoint protection need to be extended, while SD-WAN and secure access service edge (SASE) solutions must underpin the remote working operating model”.

Given the severe shortage of cybersecurity skills and the requirement for rapid response times, automation, AI and machine learning need to be fully leveraged in security solutions.

As enterprises seek to optimise their cybersecurity postures, they need to reduce the number of discrete security solutions that they use. Multiple solutions lead to multiple dashboards and risk the creation of too many alerts or ‘alert fatigue’. Enterprises must consider moving to security platforms rather than operating many different security tools independently. This gives them a consistent view across their entire infrastructure.

According to Teong, “Ultimately, cybersecurity must be integrated, automated and simple”.

The Southeast Asia Technology Trends & Priorities for 2020 Report, published by CIO Academy Asia in collaboration with the Lee Kuan Yew Centre for Innovative Cities at SUTD, is now available for download.

Visit here to get your copy