After engaging in rich discussions on the need to have more robust, technology-driven cybersecurity systems with delegates from the healthcare and public sector industry, OpenGov Asia set out to get the telecom industry’s take on it.

On 26 August 2020, OpenGov Asia hosted an OpenGovLive! Virtual Breakfast Insight to discuss the relevance of a Security Operations Centre from the perspective of the telecom industry across ASEAN.

The session, Intelligence Driven Modern SOC: A Future Ready Outfit, had delegates from all major telecom companies from Malaysia, the Philippines, Thailand and Indonesia.

To set the tone for the discussions, Mohit Sagar, Group Managing Director and Editor-in-Chief, OpenGov Asia opened the session by highlighting the unpreparedness of individuals and organisations when the pandemic hit the world.

The magnitude of the strike was beyond what anyone or any organisation could have imagined; it has made the world push boundaries in everything that was done and that needed to be done.

In the midst of this global disaster, bad cyber actors are becoming increasingly sophisticated – making it inevitable for organisations to ensure their cybersecurity systems are robust and up to date with the latest technology.

Mohit advised delegates to not just respond to the pandemic and recover from it but also plan to thrive during these testing times. The key to this is empowering and educating employees and finding the right partners to guide organisations on their cybersecurity strategy.

Alliances must be forged with those who are already thinking ahead in the cybersecurity landscape and who can help the industry thrive through these times with suitable solutions.

After Mohit set the stage for the discussions, Vitaly Kamluk, Director, Global Research and Analytics team, APAC, Kaspersky shared his expertise on the topic.

Vitaly began by highlighting the significant rise in the type and frequency of cyber threats this year as a result of the new norm of remote working.

Being an expert in the field and having been observing the cyberattacks throughout the year, Vitaly shared some interesting facts and findings.

Over the last few months, bad actors in cyberspace have been more focused on creating sophisticated targeted strikes rather than mass threats and attacks.

A major reason for this is it helps them get more ransom money without unnecessary (wide) exposure. He substantiated his reasoning by citing data of malware attack trends in 2020.

He also shared some recent cases of targeted attacks and the possible actors behind them in the telecom industry in Thailand and Hong Kong. It was eye-opening to note the kind of techniques the attackers have access to – emphasising the need to be secure even more urgent.

Vitaly concluded by pointing out another kind of targeted attacks that have become prevalent in the last few months: Ransomware.

Big companies have been compromised and blackmailed by these kinds of attacks that involve a three-stage process: 1) Infiltrate and Steal 2) Encrypt and Extort 3) Publish and Shame.

He urged the delegates to be vigilant about these threats and report any such instances rather than keeping it to themselves.

After Vitaly’s informative presentation, Mohd. Nazri Bin Zawawi, Head Strategy & Governance, Group Information Security, Telekom Malaysia shared his keen insights on the subject at hand.

Nazri began by sharing his organisation’s mission, which is to make lives and businesses easier, for a better nation. He spoke with the delegates about his organisation’s experience on their journey and motivation for venturing into an intel-driven SOC.

He explained the various drivers that lead them to venture on this journey:

1. shift from a reactive to a proactive security approach
2. Reduce business risk before it explodes
3. Be ready for security challenges with new technology like 5G, IoT, etc.
4. Benefit from the multiple sources of threat intelligence
5. Increase productivity by automating routine tasks
6. Reduce dependency on external service providers and improve lead time for security mitigation actions

In the same vein, he also shared how the implementation of the Intel-driven SOC played out over the years for his organisation.  During the implementation process, they had to overcome a number of challenges like high investment cost, resource crunch, changing priorities, data integrity issues, etc.

In conclusion, he advised the delegates to plan for all these challenges well in advance to be able to overcome them quickly and effectively.

After the enlightening presentation by the speakers, it was time for the interactive polling session to engage the virtual audience.

On the first question about the primary cybersecurity concern of your organisation, a majority of the delegates voted for targeted attacks (46%).

The head of cyber defense from a major telecom company in Malaysia shared that he thought targeted attacks are the biggest threat right now because ransomware or any other kind of threat mentioned in the question do not happen without infiltration or a breach. Once the infiltration or the breach happens, it becomes a major concern as it can pave way for many other kinds of threats as well.

On the next question about primary IT spending in your organisation, half of the audience voted for SOC technologies (SIEM, Threat Intelligence, SOAR) (50%).

On this, a Chief Information Security Officer from a telco company in the Philippines reflected that he voted for SOC technologies based on numbers and not on importance. He believes that all the given options should be high in priority and require investment, but the biggest chunk goes into SOC technologies. That is because the SOC comprises of not just one or two technologies but various distinct technologies.

On the final question of planning to proactively prevent cybersecurity attacks, the delegates were equally split between deploy threat intelligence (44%) and engage security assessment services (44%).

A senior executive from a telecom company in the Philippines reflected that they actually have a mixed system of getting feeds from a third party along with an internal team to do the intel within the organisation. Thus, they follow a more hybrid system.

After the polling session, Victor Chu, Head of Systems Engineering SEA- Enterprise Cybersecurity at Kaspersky addressed the delegates with closing remarks.

Victor began by throwing light on what the current threat landscape is looking like. He explained that commodity threat, advanced threat and targeted threats are all on a rise. He then went on to explain what threat intelligence is and why it is important in today’s time.

Victor concluded by letting them know that Kaspersky was always willing to partner with them for their cybersecurity needs. He encouraged them to reach out to their regional representatives to see how Kaspersky could assist them on the SOC journey.