For one, artificial intelligence and machine learning technologies are integrating into protection solutions, to try accurately discern good code from bad code. Cyber attacks are taking on a whole new dimension as well, with nation states getting in on the action and utilising digital tools to carry out digital espionage and warfare. Data breaches are more targeted than before, hitting us where it hurts the most by compromising not just our financial data, but also our personal data which can be used continuously to extort value from us.
But a big win came last month in the form of our neighbour Singapore’s Cyber Security Agency
stating that CEOs should be held accountable whenever there are data breaches. Cyber security is seen as a technical issue, rather than a management issue, which is a perception that needs to change.
CEO of Netassist, Hon Fun Ping got the forum rolling with his presentation about cyber security being necessary for a business’ survival.
There is also a paradigm shift that needs to happen when it comes to balancing security and usability.
“Cyber security shouldn’t hinder your company’s growth but enable it,” Hon said, giving the example of earthquake-prone Japan and their high-speed bullet trains. Passengers have peace of mind riding the bullet train because Japan has developed extremely good braking systems.
Drawing from this analogy, innovation and growth of a company shouldn’t be hindered, but rather it is enabled because good cyber security measures are in place to ‘apply the brakes’ before things begin to get awry and out of control.
“If I can convince you that I follow the best practices, you will want to do business with me, and in turn your customers will do business with you, when you convince them that you are safe,” Hon pointed out.
Users are still the weakest link
Barracuda Network’s Fadhly Hassim shared why securing the gateway is still necessary but simply not enough anymore. After sharing with the audience about the different ways the bad guys were leveraging a combination of attack techniques to compromise our email systems, Fadhly pointed out that while the network security perimeter collapsed in the early 2000’s, we are at a similar moment for email security.
Sadly, a global Barracuda survey revealed 84-percent of respondents sharing that poor employee behaviour is a greater email security concern compared to inadequate tools.
One hundred percent said that end-user training is important to prevent attacks while 98-percent agree traditional classroom-style education isn’t going to cut it and there are better ways to go about user training.
Fadhly pointed out, “Tech is not enough, it still boils down to the people.”
Tech that helps
Menlo Security’s APAC MD, Stephanie Boo opined that, “Sometimes, no amount of education can help.”
She also pointed out that businesses are giving employees the two things that hackers can use to attack – emails and the web.
These days even a legitimate website could actually be used in a ‘watering hole attack’ by virtue of the malicious code it carries which can infect a user’s computer just because the user visited that website.
Menlo Security, an isolation technology solutions provider, proposes to deactivate the active content in these links in a way that does not compromise the user experience.