October 31, 2020

We are creating some awesome events for you. Kindly bear with us.

We are creating some awesome events for you. Kindly bear with us.

Intelligence-driven modern SOC to be the future of cyber resilience

Close to four months ago, everyone’s lives came to a standstill as the pandemic raced across the globe.

But one sector that had to do the heavy lifting during this crisis was the medical industry.

Unlike other industries that were not working or had slowed down during the pandemic, medical professionals, staff and related industries were working harder than ever to ensure the safety of mankind.

However, one big threat that they were also exposed to was the threat of a cyberattack. As the amount of stored data in the medical organisations rose exponentially, they became the prime targets of bad actors in the cyberspace.

With such high traffic and patient intakes, the hospitals lacked the effective processes and controls in place to detect, respond to, mitigate and recover from breaches and other security events.

This is where the Security Operations Centre (SOC) for cybersecurity engagements comes in.

Understanding the relevance of this topic in the current time, OpenGov Asia organised its latest Virtual Breakfast insight on 7 July 2020 to discuss how medical institutions can cope with the cyberthreats.

The event saw a full house with senior profiles from the IT departments of prominent hospitals and healthcare institutions in Singapore, Malaysia, Thailand and Philippines in attendance.

Mohit Sagar: SOC executives have it tougher now

Mohit Sagar, Group Managing director and Editor-in-Chief at OpenGov Asia set the ball rolling by giving a background of why there is an urgent need to secure the sector from the bad cyber actors.

He illustrated this point with a video at the beginning of the session.

Mohit emphasized that the job of security officers in organisation has become even tougher in these uncertain times.

Both the organisational and the personal data is exposed to a real threat of being misused in today’s environment and the only way to stay safe is to collaborate efforts in the cybersecurity space.

He advised the delegates to have the right people around who can work together in collaboration.

After the opening session, Siang Tiong Yeo, General Manager, SEA for Kaspersky shared their learning on keeping data secure in the healthcare environment.

Siang Tiong Yeo: healthcare has the greatest data trove today

Siang Tiong began by saying that in today’s era information is power. And a lot of us might not realise it but health care is the greatest data trove today.

The healthcare industry is completely focused on saving lives and that keeping their data secure is slightly lower in their priority.

Cybercriminals have taken full advantage of this. The recent trends of cyberattacks in the healthcare domain provide good evidence for this.

Siang Tiong shared that in the past few months the frequency of data breaches, Cyberespionage, identity theft, etc. have shot up.

He also observed that the recent cyber-attacks have evolved overtime and become more sophisticated.

Additionally, as hospitals and healthcare institutions are becoming increasingly interconnected, the surface area for attacks is also expanding exponentially.

Siang Tiong concluded by advising the delegates to be prepared in advance for the next cyber-attack. He explained that to be prepared means having the right people, processes and technology to safeguard the organisation from the bad actors.

Gangandeep: The SOC must mature and stay current

Siang Tiong’s presentation was followed by a presentation by Gagandeep Singh, Group Chief information Security officer at IHH Healthcare Berhad.

Gagandeep began by talking about his own viewpoint of a SOC and the various objectives it should serve. He emphasised 4 key aspects:

  • Traditional ways of keeping logs and rules is now outdated
  • Monitoring network traffic and analysing is imperative
  • Skilled resources are the most important asset
  • Following compliance is vital

He then summarised by saying that there is a need for SOC to mature and constantly update itself with current developments.

As the new channels of attack (Phishing and DNS etc) evolve, the SOC needs to be updated accordingly.

After Gagandeep’s insightful sharing the session moved into an interactive polling session.

On the question of primary cybersecurity concerns, there was a split audience between ransomware attacks (29%) and insider threats (29%).

One delegates, a senior executive from a Thailand, shared that he voted for ransomware as the primary cybersecurity concern as it helps hackers earn quick money. Thus, they are more actively planning these kinds of attacks.

On the next question on how you stay ahead of security updates, the majority were inclined towards threat intelligence report subscriptions (52%).

The Director for Global Research & Analysis Team – APAC, Kaspersky shared his thoughts from a security research perspective. He believes that of all the other options, intelligence reports are the only one that will help organisations stay ahead as it is knowledge shared though private channels.

The drawback with other (open) resources is that even the bad actors have access to it and they are constantly improving from that knowledge.

On the final question of proactively preventing cybersecurity attack, the participants we divided between threat intelligence (35%) and security assessment services (35%).

A senior delegate from Singapore shared that he voted for threat intelligence as it helps an organisation stay a step ahead of the bad attackers and be prepared.

The session concluded with closing remarks from Siang Tiong where he shared some of the tools from Kaspersky that help organisations protect themselves from cyber-attacks. He advised the delegates to stay ahead by meticulous monitoring and accurate detection.