OpenGov Asia’s latest OpenGovLive! Virtual Breakfast Insight on 24 June 2020 discussed operational resilience in organisations from a cybersecurity perspective.
The event saw close to 20 delegates from 16 organisations in attendance. Most of the participants were Chief Information Security Officers in public sector organisations based in India, Australia, Hong Kong and Singapore.
The event aptly opened with a video showing how daily lives were changed when the world was hit by the pandemic. The video narrated the incident of how a man’s credit card got hacked during the chaos of a crisis when he ventured out to get necessities for his survival.
Mohit Sagar, Group Managing Director and Editor-in-chief, OpenGov Asia, highlighted in the opening presentation that while the general world community was processing and responding to it, bad cyber actors were actively trying to disrupt systems and data.
Apart from continuing safe operations in at work, organisations also had to ensure that personal data was protected. These are the kinds of risks that organisational and personal data is exposed to during an emergency.
Therefore, cybersecurity is a key component to operate businesses during a crisis.
The answer to this confusion is operational resilience through collaboration.
This means that organisations should not have to wait for an emergency/crisis to happen to start preparing for a response.
They should always think ahead – have business continuity plans in place and be digitally equipped to carry them out.
After Mohit’s opening, the stage was taken by Dr. Tom Leighton, the Chief Executive Officer at Akamai Technologies.
Tom began by the talking about the transition online for all organisational needs, both personal and professional and how it got accelerated due to the pandemic.
Once making the decision to transition to an online model, it is imperative to ensure all staff have the capacity to work remotely. This is closely followed by and integral to the second important step: Security.
The three pillars that such a transition to operate successfully and efficiently are: Scale, Speed, Security.
His presentation covered various aspects of organisations’ journeys that Akamai has been part of and the insights they have gathered.
Traffic over the internet has doubled this year as unprecedented numbers of people and organisation took their work online.
Akamai solutions can help reduce the congestion online and, in fact, managed to increase the speed online despite the high traffic.
Security remains one of the biggest challenges of them all as the threat actors are more active than before.
The volume of major denial of service denial attacks on Akamai customers gone up significantly over the past few months. While key traffic categories have seen increase in the last 3 months, Malware is the highest.
Types of attacks that have exponentially seen a rise in the last few months included Credential Stuffing attacks, Magecart attacks and attacks against enterprise infrastructure.
He also shared a Case Study of a massive recent cyberattack that Akamai successfully mitigated for a customer.
The event moved forward with Siddharth Deshpande, Director of Security Strategy at Akamai Technologies sharing his insights on the trends mentioned by Dr. Tom.
Siddharth spoke about how the digital risk surface needs to be managed effectively for critical infrastructure sectors in the light of persistent attack campaigns on public sector organisations.
Attackers capitalise on times of uncertainty to launch more focused attacks on users and agencies and this needs special attention from public sector security and technology leaders.
Siddharth also shared practical steps to ensure cyber resilience.
An international case study was presented by Asaf Ahmad, Chief Information Security officer, Fire and Rescue, New South Wales.
His session shed light on some powerful facts in the cybersecurity context in the backdrop of the global, pandemic.
He also shared and expounded trends on increased cloud adoption and digital transformation among enterprises
Asaf felt that the end-user must become the key focus of the IT infrastructure and, as such, it was important to provide a user secure access to information.
After Asaf’s presentation the session moved into an Open Q&A with Dr. Tom Leighton.
On the question of how long the new IT strategies and remote working would be in place, Dr Tom opined that they are here to stay for a long time. Many organisations and their employees have gotten used to the remote working models and many of them might continue to do the same permanently. For those who have not gotten used to the new norm, they will have to learn new ways to survive in this environment.
After the Q&A, the event became interactive with the polling questions. On being asked about their organisation’s biggest cybersecurity concerns, our delegates were equally divided between attacks on remote access infrastructure (35%) and phishing and spear phishing (35%). One of our delegates, the Chief Information officer of a leading bank in India shared his experience. He said he voted for attacks on remote access infrastructure as their non tech savvy staff is also working from home and keeping them protected in a big worry.
The next question was about organisations’ threat detection and response strategy. A majority of delegates revealed that their organisations had a hybrid approach for threat detection, i.e. a combination of in house and managed services (53%).
A delegate from Hong Kong public sector explained why his organisation has been using this hybrid approach for quite some time. While managed services offer an effective and timely first line of defence, in times of intricate problems, the internal team has to take over as the external team is unable to understand the internal processes and applications.
On the final question of the primary driver for organisations to focus on cyber resilience, the audience was divided between Citizen/Customer Experience (40%) and Organisational Risk Management Objective (40%).
A delegate shared that she voted for Organisational Risk Management objectives as the primary driver that has been her organisation’s and their customer’s focus for a long time.
The event concluded with closing remarks by Siddharth Deshpande. He emphasised in the current technology driven age, user experience, security, and operational resilience go hand in hand. They are not trade-offs anymore.
The session offered useful insights into building operational resilience from a cybersecurity perspective during crisis to delegates and they all are now more prepared for the next critical event.
