With the onset of the pandemic, there is no doubt that agencies and companies feel a more pressing need to ramp up cybersecurity infrastructure and network security models. Cyberattacks are getting more sophisticated, driven by accelerated digital transformation – moving to cloud, rolling out new applications and e-services at lightning speed to address the needs of citizens and customers.
Combined with the surge in the use of end-point devices for remote working and the entry of new emerging technologies like IoT, cybercriminals are having a field day; creating havoc in customer records, causing huge financial and intellectual property losses in public and private sector organisations alike.
The widespread move towards remote work and the corresponding need for better remote workforce security has also spurred investment in ZeroTrust security. The ability to authenticate and monitor all traffic, regardless of its position inside or outside of an organisation’s network, promises to reduce or eliminate many security risks.
Moreover, organisations are facing challenges with cloud transformation. As cloud adoption accelerates, organisations need to recalibrate their original strategy based on the new business requirements. When large chunks of data have not yet moved to the cloud from isolated data centres, it can become harder to secure using a single security tool.
Identity and Access Management (IAM) complexities prove equally challenging for Zero Trust adoption. Teams are struggling to shift to a zero-trust approach due to the complexities of user access needs in their organisation. Beyond a doubt, security modernisation depends on the progress of user identity consolidation and cloud transformation, both complex and long-term projects.
While accelerating the delivery and quality of services, organisations need modern data protection strategies to achieve these objectives. The cybersecurity mindset has to change from trying to prevent attacks to one that assumes that an attack has already occurred – it is not a question of ‘if’ but ‘when’. However, building a robust security infrastructure has proven to be complicated, presenting organisations with a mixed bag of successes and disappointments.
In light of these critical security issues, Day 2 of the Singapore OpenGov Leadership Forum focused on data protection and resilience. It explored the different technologies, strategies and challenges involved in tackling the unavoidable issue of security.
Data protection in a post-COVID-19 world
Mohit Sagar, Group Managing Director and Editor-in-Chief, OpenGov Asia, kicked off the session with his opening address.
“When it comes to protection, most people used to think that it was about land, air and sea. But the front has shifted,” Mohit posits. “That being the case, we do have the capability of preventing and pre-empting instead of reacting in the virtual realm as well.”
There is a massive paradigm shift in the world and data is rapidly gaining prominence. In this digital landscape, Mohit has an acronym that helps highlight the pillars of transformation and success – ACDC2. ‘A’ stands for augmented intelligence, ‘C ‘stands for convergence (of the physical and virtual), ‘D’ is data, and the last ‘C’ stands for cyber resilience. The final C stands for critical events.
The pandemic drove the world to do something about security – and indeed the way we do things in general. With people going online and companies implementing remote working, cybersecurity, in general, and ransomware, in particular, is an urgent and pressing issue. “In fact, it is a national security issue for countries around the world and it will only get worse,” Mohit is convinced.
Key public sector priorities demonstrate the change well. Agencies are focused on rolling out innovative and secured digital services quickly, fostering inter-agency collaboration, and enabling a hybrid workforce.
With more organisations and agencies stopping attacks before hackers encrypt data, the percentage of successful encryptions fell from 73% to 54% in the past year. This drop indicates anti-ransomware technology adoption is paying off.
While many things have shifted because of the drastic changes wrought by the pandemic, there are foundational technologies that will be vital to surviving and thriving in the new normal. One such development is cloud. “Cloud is here to stay – it is inevitable,” Mohit contends.
Against this backdrop, it behoves us, Mohit firmly believes, to think about where our focus should lie. “Critical events may well drive what we do. So, are we focusing enough on the tech that will keep us protected in a world that is constantly and rapidly moving and changing?”
In conclusion, Mohit emphasises that more data will be created and security is of utmost priority. Organisations cannot isolate themselves forever or stall in the name of caution – they have to take the initiative and be bold. They have to take the challenges head-on.
Rethinking cybersecurity and harnessing it as a business opportunity
Gaurav Keerthi, Deputy Chief Executive (Development), Cyber Security Agency of Singapore (CSA) spoke next on ways to rethink the approach towards cybersecurity.
Many people view cybersecurity pessimistically. Cybersecurity may have an air of doom and gloom but there are two sides to the coin – an upside and a downside. In fact, Gaurav claims, doom and gloom is an upside! “Cybersecurity is a technical necessity, a business enabler and strategic opportunity.”.
COVID-19 is a nightmare and changed how we work, live and play. It has been as impactful on our lives as tech has. It has accelerated tech transformation across the board. However, because the pandemic was so unexpected, there is a technical or cybersecurity lag.
This lack is akin to “sleep deficit” where the lethargy builds up over time. Because workflows were abruptly and suddenly digitised, organisations did not have the chance to think through the risk, took what was available at the time and ran with it. With these forced risks, there is an accumulated technical debt as well as cybersecurity hazards that were adopted along the way with COVID-19 – and people have not had time to reassess everything.
This transition to digital has created an opportunity for people to rethink work. There are benefits to these transitions – it has created new models like remote working, allowing people to spend more time with family and balance work-life better.
Unfortunately, it also worked to the advantage of the “bad guys”, Gaurav contends. They are looking at all the poorly secured systems that organisations have adopted. The attack surface is wider and cybersecurity incidences have increased. In this VUCA world, cybersecurity is a technical necessity – it is something that organisations must build to protect confidential information and reduce the chances of a successful cyberattack.
CSA was formed in 2015 and the Cybersecurity Act came into effect in 2018 right after the SingHealth breach. The Act helps critical infrastructure providers that provide essential services in Singapore by requiring owners to fulfil certain cybersecurity obligations. It has, with no question, raised the baseline. However, unseen challenges have cropped up and come to light.
The first is that the definition of essential service was established in a pre-COVID-19 world. For example, buying groceries online before the pandemic would not have been considered an essential service. However, in the middle of a lockdown, that is an essential service.
The second challenge comes when companies think about cybersecurity in a compliance mindset – cybersecurity is viewed as a cost to meet a list of requirements without doing anything more.
Another issue is that the Act is limited only to CIIs, whereas, SMEs which are the vast majority of the nation’s economic landscape are still vulnerable targets. There is an upward trend in the number of ransomware cases. The impact is best understood relative to size. A big company can withstand a cybersecurity incident, but in an SME, that could be an event that is significant enough to cause a company to go down.
“Ransomware is a real pandemic in the digital world,” Gaurav claims. It was not a corporate cybersecurity issue – more of a personal, individual behavioural problem. Now there is an entire economic ecosystem around ransomware.
“Every time you squash the problem, it emerges elsewhere. The only way to win is to change the game. Be proactive about it. Identify where the gaps are,” Gaurav contends. “Ideally, If organisations can build systems to be secure by design from the get-go, they would not have to deal with gaps.”
Cybersecurity is a business enabler. Companies are hesitant to put data on the cloud until they know they can secure it well. While they want to adopt the latest in the technological space but they are not sure if they can protect it well.
Business leaders are talking about cybersecurity – about how cybersecurity is affecting stock prices. When business leaders realise that it is something that can affect profits, it no longer becomes a cost but is about unlocking the future of digitisation of the company by investing more in cybersecurity.
Companies are starting to rethink cybersecurity strategies. “This mindset shift is fast and furious,” he observes. It is pertinent to remember that good cybersecurity is not cheap and cheap cybersecurity is not good. Although for many SMEs, cheap cybersecurity is better than no cybersecurity.
He observes that executives want their CISOs to be transformational leaders, leading cross-functional teams. The digital transformation sees the CISO as part of the solution and not part of the problem. If the security team is understood as part of an organisation’s solutions, that is a massive shift.
To drive fast, you need a fast engine but how fast drivers are willing to go are determined by the safety system around the driver. “Brakes have a more significant impact on the outcome of the road trip than engines.” Gaurav opines.
When organisations embark on digital transformation, it is vital to ensure that cybersecurity is a consideration from the start. The security department is not simply complying with regulatory requirements but enabling the CTO to transform faster. If the CTO is making decisions without consulting the CISOs, the future would be worrying.
Gaurav posits cybersecurity as a strategic and business opportunity on the final point of his keynote address. For him, “trust and privacy is a selling point”. When a brand as big as Apple positions ‘trust’ as the big selling point, instead of storage size or pixels in the camera, to their customers, that is a huge shift.
He further emphasised this point by giving the example of Ford and Volvo. Ford’s mantra was to make an affordable car for everyone. But the ah-ha moment came to the industry in the 1950s when Volvo made the car safe, fitting seat belts, shatterproof glass, child seats etc. They shifted the conversation and focus away from money to safety.
“Tech is viable because people feel safe,” he asserts. “That is a business opportunity. If industries can transform themselves to be safe and secure, they can become key enablers of the digital economy.”
If one considers the Singapore brand proposition, people come to Singapore because of trust, safety, reliability and competence. “Trust is our brand value,” Gaurav contends. Trust is what Singapore can sell internationally. Singapore has the technical competence and the right level of paranoia to build Volvos – to think about the safety of the technology.
In conclusion, he says, cybersecurity is the next frontier. “How can organisations make it safe and secure and employ technologies so that it does not bring down the house?”
Gaurav encourages delegates to consider the unique brand that Singapore has and to see that cybersecurity is not a mere necessity but an opportunity to engage.
Being Ransomware resilient from a recovery perspective
Daniel Goh, Systems Engineering Leader – Singapore, Veritas shared how organisations can manage the ever-evolving threat of Ransomware.
“Ransomware has been on the rise for various reasons,” Daniel contends. “RaaS is increasing along with an increase in IT complexity. At the same time, bad actors are getting savvier and more sophisticated.”
Daniel observes that there is a greater number of attacks on vulnerable industries and critical infrastructure. Moreover, the increase in work-from-home opportunities opened vulnerabilities.
Offering delegates practical advice, Daniel shared the 5 phases of Ransomware Encryption:
- Phase 1 – Infection: Exploit kit, phishing attack, readily available in the dark web.
- Phase 2 – Delivery: Alter registry keys, avoid detection, self-restart. encrypt files at a later date.
- Phase 3 – Backup Attack: Ensure effectiveness, remove all shadow copies. search for backup files and remove them
- Phase 4 – Encryption: Encrypts data.
- Phase 5 – User notification/settlement and remediation: Notifies users of infection and demands for payment. After the ransom is paid, it attempts to remove evidence of its presence.
“Ransomware is a legitimate illegitimate business,” Daniel posits. “Today, ransomware has all the earmarks of a successful, albeit unlawful, industry.”
The first recorded ransomware attack was in 1989. It was a sleeping giant until recently awakened by a perfect storm of conditions, ranging from the lasting effects of the COVID-19 pandemic to companies producing and storing more business-critical data than ever before (especially in the cloud) to the fact that more companies are willing to pay ransoms.
As a result, Daniel explains, the rate at which ransomware has matured as a business model over the course of 2021 is astonishing, especially when compared to the previous 30 years. In just the first six months of 2021, there was US$ 590 million worth of suspicious activity related to ransomware. That exceeds the entire amount of $416 million observed in all of 2020.
Not only this, ransomware has evolved into a division of labour. The world is now seeing a two-tier supply chain with developers who build and sell ransomware malware and other cybercriminals who buy “ransomware as a service” kits from the developers and carry out the attacks.
Unfortunately, the cybercriminals behind today’s ransomware are smarter and more innovative than ever. Consider the Russia-linked REvil ransomware as a service provider. Earlier this year, before being forced offline through a multi-nation operation, the group started offering a two-stage extortion scheme that involved not only holding victims’ data for ransom but also automated DDoS attacks and phone calls to their business partners and journalists as a way to up the pressure to pay.
There are two scenarios that Daniel called to attention:
- Scenario 1: Attack on Primary Data
- Scenario 2: Scenario 1 + Attack on Backup Infrastructure
In the case of an attack on primary data, organisations have to rely on their backup infrastructure. Veritas value-adds are in its multiple deployment capabilities. Veritas can support automated recovery and prepare pre-tested and qualified recovery plans. Besides that, they also have a team that can swiftly step in to do bulk recovery of workloads. More importantly, Veritas can do so instantly through VM Instant Recovery and Database Instant Access.
In terms of recovery options, Daniel shares that there are various recovery options including:
- Granular file recovery
- Bare metal recovery
- Bulk/Instant recovery
- Cloud recovery
- CDP rollback
Daniel highlighted cloud recovery in particular, which can restore both physical and virtual to the cloud. Unique to Veritas, they can do this from data that have deduped to the cloud – deduped data, written to deduped storage that is immutable. That is AWS S3 object lock, deduplicated data, natively without third party steps or rehydration involved. It allows organisations to recover an entire data centre, on-demand but without having to maintain that data centre running 24/7.
The perks of utilising cloud recovery are that it is a completely automated recovery orchestration that removes human processes and errors from the equation. Apart from fast recovery direct from deduplicated data stored in the cloud, Veritas can recover an entire data centre in the cloud on-demand.
Moving on to the scenario of an attack on primary data as well as the backup infrastructure. To mitigate that, Daniel recommends several strategies:
- Harden and lock down data
- Zero-Trust
- Communication
- Processes
- Privileges
- 2 Factor Authentication
- Intrusion Prevention System (IPS)
- Encryption of Data@Rest and In-Flight
- Immutability / WORM
- Air-Gap
- Built-In Intrusion / Detection Capabilities
There are 3 areas to Veritas’ ransomware resiliency strategy: Protect, Detect, Recover.
Protection of data involves safeguarding data integrity. The first step in any ransomware resiliency plan should be ensuring complete protection. This includes making sure all parts of the environment from physical and virtual to cloud and containers are backed up to immutable storage. Critically, this universal protection must be applied intelligently and managed automatically to scale properly. Veritas provides multilayered solutions based on zero-trust principles.
The second aspect is detection. Any plan is only as strong as the weakest link. Ransomware loves to target the dark vulnerable corners of an IT environment. To close these potential gaps, universal visibility is required. Veritas can help ensure all systems are protected and anomalous behaviour is identified before it becomes a critical situation.
The final aspect is recovery – automating and orchestrating complete cross-system restoration.
This is achieved by having as many options as possible including alternate recovery sites like secondary data centres, and even standing up an entire data centre in the cloud on demand when needed from efficiently stored dormant data. We make restoring as simple as one click.
In conclusion, Daniel reiterates that Veritas has appliances that are put through multi-layered attack vector testing that they can guarantee that they can withstand any hacking or compromising attacks. With over 30 years of experience, it can provide immutable options and flexibility. Veritas can provide complete Infrastructure and data visibility and near real-time, AI-based anomaly detection and malware scanning.
Daniel encouraged delegates to reach out to him if they had any queries about how Veritas can help their organisations.
Protecting data in a post-COVID-19 world
Matthew Joseff, APAC Director of Security and ITOA Specialisation, Splunk elaborated on strategies to address sophisticated cyberattacks.
“Welcome to the data age. Data is no longer just a record of what happens. Data makes things happen,” Matthew opens his session. “Money is in data and protecting data can be said to be protecting money.”
Using the analogy of walking down the street, Matthew makes a point that though a simple activity, walking down the street involves using multiple senses – hearing, sight, direction, geo-spatial dimensions. “Yet companies are running multi-billion organisations on one sense along – sight!”
For the governments, the situation is far more vital – lives are at stake in terms of how data is interpreted.
By understanding data, people are creating ways to recreate a brain within the internet. Machine learning comes into the picture to organise data. If networks are designed with expected outcomes, people will be able to reduce the noise. “How do you measure human behaviour? How is that measured online?” Matthew asks.
People are using machine learning to spot outliers. While people love to think of themselves as individuals, they behave in surprisingly similar fashions. With every mouse click and every keyboard stroke, people are generating ones and zeros. With Splunk, they are doing the math to group those desired behaviours and make the undesired ones stand out.
“Data defines reality,” Matthew asserts. “What information people can ascertain will decide how they will behave in reality.”
He makes a note that there will always be risks – people will never be 100% free from fraud or completely safe – it is a journey. Matthew offers some suggestions for organisations embarking on the journey of “turning data into doing.”
- Collect and normalise
- Access Points
- Egress and Ingress Data
- Enrich
- Automate and orchestrate
- Machine learning
“Start with the simple question of knowing how ‘doors’ are there to your data,” Matthew suggests. In an office building, there are access points – the gantry, turnstiles, card access. People secure these access points through control. In the same way, knowing how many doors there are to an organisation’s network is where people can start.
In conclusion, Matthew shared that the Splunk Security Operations Suite enables their customers throughout their SOC maturity journey and that they have a solution for every step in the journey and they customers can start anywhere with us and grow over time. At Splunk, teams are there to guide our customers on this complete security data maturity journey for their SOC.
Organisations of all sizes, maturity levels and security approaches are finding value from Splunk’s Security solutions. He invited delegates to reach out to his colleagues should to explore ways they could collaborate.
Polling Results for Morning Session
Throughout the session, delegates were polled on different topics.
In the first poll, delegates were asked what their organisation’s expectations on recovery time and recovery points are should there be a cyberattack, disruption, corruption or disaster. Nearly half 
of the delegates (48%) indicated that they would want to get back in less than 1 hour without any loss of transaction or data. Over a quarter (28%) indicated they could wait for up to a day with data losses and downtime while a fifth (20%) could cope up to 4 hours with data losses and downtime. Only 4% said they could manage up to a week with data losses and downtime.
On their level of confidence in recovering within SLA after an outage, incident, or ransomware attack, a significant number (40%) were unsure, just under a third (30%) were not confident and the others (30%) were very confident.
Asked to vote on the impact of downtime on their organisations, almost half (48%) selected reputational damage as the main impact, followed by loss of citizen and customer confidence (40%) and regulatory action (12%).
On the area of interest they value the most, delegates were relatively evenly split between tools that can deliver automation in areas like compliance and data availability (29%), delivering business resiliency through highly available applications and workloads (25%), ease of doing business through simplified technology consumption model (25%) and visibility into cross-system data and infrastructure to identify unexpected changes and potential risks (21%).
Regarding the biggest challenge faced by delegates when it comes to data management, over a third (37%) went with real-time insights and the ability to analyse data in real-time as the main challenge. Others expressed that data loss prevention (27%), regulatory compliance (20%) and fast accessibility in being able to get the data quickly (17%) are their main challenges.
When polled about concerns delegates have when considering the current landscape of their organisations, more than half (54%) indicated legacy systems and lack of asset visibility and the lack of awareness of what to protect as the main concerns. The other delegates indicated the increasing incidence of ransomware, supply chain attacks and vulnerabilities (29%), adversaries targeting OT systems to inflict cyber-physical attacks (8%) and increasing remote work arrangements due to COVID-19 (8%).
Inquiring asked the key drivers to address cybersecurity gaps within their organisation, more than half of the delegates (57%) indicated that understanding risk with actionable response and remediation was critical. This was followed by achieving complete visibility and segmented environments (24%) and detecting threats and vulnerabilities (19%).
In the poll on the organisation’s biggest challenge when faced with a ransomware attack, the majority (46%) indicated reputational damage as the biggest challenge. The rest opted for a long time required to recover data from backup (29%) and backup copy being compromised (25%).
In the final poll for the morning session, delegates were asked what they would spend on if they had an unlimited budget. The majority (43%) would spend on updating legacy tech, followed by improving security and compliance (22%), integrating disparate systems (13%), spending on resources to improve delivery timeline (13%), and staff training / upskilling (9%).
Afternoon Session
Understanding security from the perspective of people
Philip Sow, Sales Engineering Manager, Proofpoint talked about a people-centric approach towards securing organisations.
Due to the pandemic, people have been enjoying the freedom and flexibility of working from home. More than 75% of the delegates in the morning session indicated that they want to continue to work from home. However, as an appointment holder or overseeing security, working from home has increased the attack surface of the organisation. While people in the past are sitting behind the network that is protected, most are no longer protected by firewalls and protection when they work from home.
Two problems have emerged from this trend. The first is that threat actors have direct access to the users – they do not need to go through the firewall and defence to get to the user. Secondly, as users are no longer behind the network, their behaviour changes. More than 50% of the users who work from home share their devices with their friends and family – they allow people to use their laptops for e-commerce. “Insider threats are organisations’ biggest cybersecurity risk,” Philip observes.
In the simplest terms, the 44% increase in insider-driven data breaches translates to one very basic summary: insider threats, whether careless users, malicious users or compromised accounts is a serious problem!
According to Philip, there are three types of insider threats:
- Negligent or careless insiders – Such behaviours include using popular passwords everywhere, sharing credentials between users, using unknown USBs, leaving systems unprotected, etc. People who have forgotten or didn’t pay attention to or skirted rules to get their job done quicker are identified as the “Careless insiders.” The big difference between a careless insider and a malicious insider is that their actions are not done out of malicious or intent to harm. Though careless insiders are the most common at 56%, their mistakes are usually less impactful.
- Malicious insiders – Malicious insiders, as the name implies, are out to harm the organisation and can include nation-state influence. Though malicious insiders make the most headlines, they comprise just 26% of insider threat incidents but can cause significant harm to an organisation. An average cost of a malicious insider incident is US$ 648 K per incident.
- Credential insiders – The most harmful insider threat type is the credential insider. Though comprising only 18% of insider threat risks, this has almost doubled in number since 2020. When employee credentials are stolen, external criminals or hackers will use those credentials to harm the organization from within. They usually target privileged users or important people’s credentials, like the C-suite or senior leaders, to cause the greatest damage. They typically cost UIS$ 805 K per incident.
Introducing Proofpoint, Philip claims that they are the leader in protecting people from advanced threats and compliance risks. They are also ranked number 1 most deployed solution for Fortune 100, Fortune 1000 and Global 2000. They are the only cybersecurity company focused on protecting people.
Data is not lost on its own – it is caused by people sharing and downloading information or installing software. Proofpoint understands and mitigates user risks in three ways:
- Content: Identifying sensitive or regulated This includes data classification, labelling/tagging, exact data matching.
- Threat: Identify compromised accounts and phished users. This means generating threat intel and insights across cloud and email telemetry.
- Behaviour: Identify user activity, intent, and access context. Understanding user across channels, file source and destination, device, network, role, watchlist.
The truth is that organisations should be looking at people who are exposed to the attacker. To protect and prevent the loss of your data, organisations need a people-centric view that combines telemetry across these 3 areas. Proofpoint captures a comprehensive set of data needed to understand activity and behaviour relevant to digital interactions.
A prominent use case for Proofpoint is its deployment by a US Defense Contractor. The challenges they faced were as follows:
- Avoid exfiltration of sensitive intellectual property and data, including by nation-state actors infiltrating their ranks
- Enrich alerts from other security tools to build context and speed up investigations
- Improve security speed and performance without sacrificing context
- Meet requirements of a highly regulated industry
The results include gaining visibility into risky events to assemble a more complete picture, mitigating insider threats before they spread and put the organisation at risk, providing the security team with the ability to explain what happened during an incident and facilitating faster investigations with rapid contextualisation.
Philip shares that people usually see security as a cost, although security helps to cut down costs. Successful implementation of security infrastructure can help to costs:
- Reduce insider risks: Prevent risks before they become incidents
- Accelerate insider threat response: Reduce direct costs
- Increase Team Efficiency: Reduce indirect costs
In conclusion, Philip encouraged delegates to rethink the way they understand security – not as a cost but as a cost-saving strategy that can augment the organisation’s mission. He encouraged delegates to attend a webinar that Proofpoint will be conducting or to reach out to him should they wish to ask more questions and find out how they can better secure their organisation’s networks.
Zero Trust Security through an integrated platform
Ian Lim, Field Chief Security Officer – JAPAC, Palo Alto Networks delved into the intricacies of deploying zero-trust security.
Emerging from unprecedented world events, Singaporean leaders are dramatically accelerating their digital transformations – it underpins the priority of positioning itself as a leader not only in technology but in cyberspace.
Palo Alto Networks customers around the world are accelerating and even expanding on their organisations’ transformation journeys. Enterprises everywhere are fundamentally reshaping the ways they operate and innovate to connect with the people they serve. Globally, enterprises are leveraging technology to ensure business continuity and advantage and ultimately to make things better for the people they serve.
But the risks in the COVID-era are more significant than ever. The attack surface has grown dramatically:
- More remote users, devices and data mean more targets for cyberattacks
- Rapid cloud deployments are accelerating faster than digital enterprises’ security
- Advanced cybercriminals are taking advantage of world events and advanced technology.
For Ian, to enable comprehensive security, leaders today must:
- Protect data, devices, and users without slowing down innovation.
- Deliver an effective, coordinated defence while managing cost and complexity.
- Stay ahead of sophisticated attacks without becoming overwhelmed.
Point solutions are not a way forward—coordination is vital and requires a platform approach.
Palo Alto Networks stands out from the crowd because of the focus on platforms, Ian shares. To deliver cybersecurity that stays ahead of threats, rather than just react to them, Palo Alto Networks brings Zero Trust with the right platform to future proof organisations.
Palo Alto Networks’ strategy removes implicit trust and builds on continuous validation. With them, the best-in-breed capabilities are connected where needed for the greatest visibility, control and efficiency. By bringing those elements together, they can help organisations become future proof, freeing them up to operate and innovate with speed and safety.
Further, Palo Alto Networks integrate their products and ensure the products integrate with organisations’ legacy architecture, so that people do not have to choose between being efficient or having the visibility they need. They are also automated so that organisations can put their teams on what matters, to respond and scale.
For Ian, the platform approach means that securing your whole enterprise can be simpler – from the data centre to the cloud to endpoints.
“The foundational tenet of the Zero Trust Model is that no actor, system, network or service operating outside or within the security perimeter is trusted. Instead, we must verify anything and everything attempting to establish access,” Ian asserts.
Palo Alto Networks promises to protect data, devices and users without slowing down innovation. Their Zero Trust capabilities are as follows:
- Comprehensive Visibility: The ability to gain end-to-end visibility of all user, IoT and application interactions is foundational to Zero Trust.
- AI Profiling and Correlation: Since trust is not implied, digital interactions must be accurately and efficiently profiled through AI.
- Integrated Control: Dynamic and seamless integration between AI profiling and access controls allows for suspicious interactions to be appropriately challenged or stopped. It also allows for policies to be uniformly applied across on-premise, cloud and endpoints.
- Automated Defense: Alerting mechanisms should also be triggered when the anomaly happens to launch manual or automated verification processes.
Palo Alto Networks has delivered best-in-class enterprise IoT Security that is effortless to deploy with just a simple SW subscription on an existing next-generation firewall.
- Their flexible deployment model is available on all physical, virtual, and cloud form factors. It easily scales out using the unlimited resources of our cloud-based machine learning pipeline to quickly identify new devices, assess their risk and keep up with device sprawl.
- It seamlessly integrates with other attached security subscriptions to deliver native inline enforcement and threat prevention.
- Scale horizontally with multi-tenancy cloud infrastructure – identifying any number of IoT devices and scale deployment as your business increases
- Leverage prevention from existing subscriptions to provide complete coverage to protect IoT. and native enforcement with Device-ID and NGFW policies.
- Rich set of 3rd party integrations for asset inventory, logging and enforcement.
They can offer visibility and integrated control of any cloud, any stack, for the full lifecycle; visibility and integrated control of remote access (users and branch); offer AI profiling and threat correlation; and automated defence. Palo Alto Networks allows organisations to “do more with less” to deliver an effective, coordinated defence while managing cost and complexity.
With an integrated platform, they will be able to offer:
- Consolidated Security Posture: Reduce architectural complexity while maintaining or improving the security posture
- Operational Efficiency: Streamline security vendors, integration and maintenance, reducing efforts
- Flexibility on Usage: Enterprise License Agreement allows flexibility on usage models or even changes in product lines to meet business needs
- Reduced TCO: Opportunity to reduce the overall TCO through product consolidation & architecture optimisation; also driving improved cybersecurity.
Further, central management increases operational efficiency and reduces the total cost of ownership.
- Reduced complexity and better integration than disparate point solutions
- Improved learning curve for security staff
- Consistent policies across on-premise and cloud
- Foundation for automation and orchestration
- Gain economy-of-scale for quantifiable savings
- Enterprise agreement allows for stronger partnership, better access to expertise and flexibility in license arrangements
In conclusion, Ian reiterates that the recent waves of supply chain and ransomware attacks highlight the need for a new security paradigm. Point security solutions are fragmented and incur high licensing and administrative costs. There there are countless benefits to be reaped from Zero Trust and bringing it together on a platform. A Zero Trust strategy coupled with a platform approach provides cost-effective and cohesive defence-in-depth for on-premise and cloud architectures.
Polling Results for Afternoon Session
Throughout the session, delegates were polled on different topics.
In the first poll, delegates were asked what their organisation’s expectations on recovery time and recovery points are should there be a cyberattack, disruption, corruption, disaster. Nearly half of 
the delegates (44%) indicated that they would want to get back in less than 1 hour without any loss of transaction or data. A third (33%) said they could wait for up to 4 hours with data losses and downtime while just over a fifth (22%) could last to a day with data losses and downtime.
On their level of confidence in recovering within SLA after an outage, incident, or ransomware attack, a majority of the delegates were very confident (43%), followed by unsure (33%) and not confident (24%).
Queried on the impact of downtime on their organisations, 42% selected reputational damage as the main damage, followed by loss of citizen and customer confidence (32%) and regulatory action (26%).
On the areas of interest they value the most, delegates were concerned in visibility into cross-system data and infrastructure to identify unexpected changes and potential risks (45%), tools that can deliver automation in areas like compliance and data availability (32%), ease of doing business through simplified technology consumption model (12%) and delivering business resiliency through highly available applications and workloads (9%).
Regarding the biggest challenge faced by delegates when it comes to data management, most (45%) oped for data loss prevention, followed by the ability to analyse data in real-time (27%), regulatory compliance (23%) and fast accessibility in being able to get the data quickly (5%).
On the concerns that delegates have when considering the current landscape of their organisations, over half (56%) indicated legacy systems and lack of asset visibility, lack of awareness of what to protect as the primary concern. The other delegates indicated the increasing incidence of ransomware, supply chain attacks and vulnerabilities (39%) and adversaries targeting OT systems to inflict cyber-physical attacks (6%) as their considerations.
When asked about the key driver to address cybersecurity gaps within their organisation, 44% indicated that understanding risk with actionable response and remediation to be a key driver, followed by achieving complete visibility and segmented environments (39%) and detecting threats and vulnerabilities (17%).
With regards to an organisation’s biggest challenge when faced with a ransomware attack, more than half of the delegates (55%) indicated reputational damage as the biggest challenge. This was followed by the backup copy being compromised (27%) and the long time required to recover data from backup (18%).
In the final poll for the session, delegates were asked what they would spend on if they had an unlimited budget. Well over a third (38%) would spend on improving security and compliance, updating legacy technologies (24%) and integrating disparate systems (24%). The remaining delegates would invest in staff training / upskilling (10%) and resources to improve delivery timelines (5%).
Closing
To conclude the day, Mohit emphasised the importance of getting started on the journey of securing data, information and the organisation. It is the only way to stay relevant in face of changing realities.
He echoed what Gaurav said about reframing the way cybersecurity is to be approached – as a strategic opportunity rather than a cost. Trust is a brand value that organisations can and should be leveraged to build customer or citizen confidence.
