September 27, 2023

Subscribe
Linkedin-in Twitter Facebook-f Youtube Instagram
#image_title

5th Annual Thailand OpenGov Leadership Forum 2023, 05 OCTOBER 2023 - CLICK HERE FOR DETAILS

We are creating some awesome events for you. Kindly bear with us.

Something’s phishy: protecting oneself from becoming bait to cybercriminals

Share via

A cryptocurrency is a digital or virtual currency that uses cryptography for security, making it difficult to counterfeit. A defining feature of a cryptocurrency, is the fact that it is not issued by any central authority, rendering it theoretically immune to government interference or manipulation.

In the last 5 years, there has been a high influx of cryptocurrency users. This is due to the many advantages that cryptocurrencies hold. It is seen as an investment potential considering its low barriers to entry, allowing the average Joe to have an accessible and affordable investment vehicle.

It also has high utility and functionality, affording automated processing of micropayments and storing digital assets. It is also secure and easily auditable giving people the security and the reassurance that they need.

However, as the popularity of cryptocurrencies grows, so does their vulnerability to cyberattacks. Cybercriminals are becoming increasingly devious and imperceptible. Although they use classical phishing strategies to wreak havoc on the security of cryptocurrencies, the ordinary victim remains unsuspecting and therefore unprepared.

The Potency of Initial Coin Offering (ICO)

An initial coin offering (ICO) or initial currency offering, is a type of crowdfunding using cryptocurrencies as a means of raising capital. While similar in nature to Initial Public Offerings (IPO), investors do not get an equity stake in the company.  Instead, the promise of an ICO is that the coin can be used on a product that will eventually be created. Due to the nature of ICOs, it is susceptible to scams and cyberattacks. Cyber criminals have been known to use ICOs to scam and rob users of cryptocurrencies worth a considerable amount of money.

ICO investors are among the most vulnerable to phishing scams. They are trailed right from when they seek to invest their money in start-ups. Cybercriminals create fake web pages that imitate the sites of official ICO projects. They then try to gain access to contacts so that they can send them a phishing email with the identification number of an e-wallet for investors to send their cryptocurrencies to. The most successful attacks use well-known ICO projects. For example, cybercriminals managed to steal more than $25,000 worth of cryptocurrencies by exploiting the “Switcheo” ICO project, after spreading a link through a fake Twitter account.

An alternative example that illustrates the devious nature of cybercriminals is the “OmaseGo” scam. Cybercriminal created numerous phishing sites for the ICO project OmaseGo and managed to rob investors of more that $1.1m worth of cryptocurrencies. A similar fraudulent scheme was carried out by cybercriminals when they created hundreds of fake sites to collect “investments” for the Telegram ICO.

Cryptocurrency giveaway scams have also been a means of cheating cryptocurrency users. The scammers request that victims invest a small amount of cryptocurrency for prosperous returns in the future. These criminals even hack and use the social media accounts of well-known individuals, such as business magnate Elon Musk and Pavel Durov, the founder of Telegram Messenger. They also create fake accounts and reply to tweets from legitimate users through these fake accounts, making them seem legitimate, thus confusing users. These users eventually get scammed by clicking on replies from these fraudulent accounts.

Cheating Gullible Users out of Millions of Dollars

According to Kaspersky Lab’s estimates, criminals managed to earn more than 21,000 ETH (The Ether cryptocurrency, which uses blockchain generated by the Ethereum platform) or over $10m at the current exchange rate using the above described scamming methods over the past year. This sum excludes the amount cheated out of victims using classic phishing attacks.

Nadezhda Demidova, Lead Web Content Analyst from Kaspersky Lab, opined that cybercriminlas are especially proficient and adaptable in developing resources to achieve the best possible results in cryptocurrency phishing.  While these new fraud schemes use simple social engineering methods to make victims out of cryptocurrency investors, they differ from classical phishing methods as they help criminals make millions of dollars, a feat that classical phishing strategies have not yet achieved. The fact that these cybercriminals have managed to make ludicrous amounts of money through their scamming suggests that they know how to exploit the human factor. The human factor remains one of the weakest links when it comes to cybersecurity.

Steps that Users Can Take to Protect Themselves

To protect their cryptocurrencies, Kaspersky Lab researchers advise users to follow the following steps:

  1. Be cautious of offers that seem too good to be true
  2. Check official sources for information regarding the free distribution of cryptocurrencies before investing in them.
  3. Ensure that there are no third-parties involved when it comes to any transactions you make on cryptocurrencies. One way to do this is to view the detailed information about any cryptocurrency transaction to identify if that particular wallet may be dangerous. This can be done through block chain browsers such as etherscan.io or blockchain.info
  4. Constantly check the hyperlink addresses and data in the browser address bar. It should be “blockchain.info”, not “blackchaen.info” or anything else.
  5. In order to avoid being accidentally directed to a phishing site, save the address of the e-wallet in a tab and access directly from there.

To learn more about development of crypto currency phishing, read the blogpost on Securelist.com.

Exclusive! Automation Revolution: Securing Modern IT Infrastructure for the Future

Share via

In the rapidly evolving digital landscape of today, organisations are increasingly turning to multi-cloud systems to take advantage of their flexibility, scalability, and cost-efficiency. However, this shift often brings about complex challenges in the realms of identity management and security.

To fully capitalise on the benefits of cloud computing while safeguarding their data and operations, businesses are now placing a high priority on certain objectives. These include automating security measures, mitigating risks, and effectively managing identities within the multi-cloud environment.

Enhancing security in multi-cloud systems heavily relies on automation. Automation empowers enterprises to promptly address threats, identify vulnerabilities, and maintain continuous monitoring of their cloud infrastructure. Automated security systems possess the capability to analyse extensive datasets, pinpointing trends and anomalies that may go unnoticed by human observers.

By taking a proactive approach, businesses can not only reduce downtime and financial risks but also significantly lower the chances of data breaches. Mitigating risks in a multi-cloud setting calls for the implementation of a comprehensive strategy. This encompasses establishing robust encryption, access control, and data loss prevention protocols across all cloud providers and applications.

Additionally, it is crucial to adopt a unified security framework that provides centralised visibility and control over the entire multi-cloud ecosystem within an organisation. Such an approach streamlines risk management by ensuring consistent policy enforcement, threat detection, and incident response procedures.

Identity management plays a vital role in multi-cloud security, especially when individuals like customers, partners, and employees access resources from various devices and locations. Identity and Access Management (IAM) assume a pivotal role in this context, enabling organisations to enforce precise access controls, ensuring that only authorised users can access resources.

Furthermore, IAM systems offer single sign-on (SSO) capabilities, which not only enhance security but also simplify the user experience by allowing users to access multiple resources with a single set of credentials.

As businesses increasingly embrace multi-cloud architectures to protect their data, assets, and reputation in today’s interconnected digital landscape, the adoption of automation and robust security practices becomes imperative.

A comprehensive cloud strategy that encompasses automated security measures, risk reduction strategies, and effective identity management in multi-cloud environments is foundational. Prioritising these elements empowers organisations to mitigate risks and fully harness the benefits of multi-cloud setups.

The OpenGov Breakfast Insight on 26 September 2023 convened Singapore’s leading technology experts at the Voco Orchard Singapore to discuss the latest developments in digital integration, cybersecurity, cloud computing, and data governance.

Opening Remarks

Mohit Sagar∶ IT automation has emerged as a critical tool in bolstering security measures

Mohit Sagar, the CEO and Editor-in-Chief of OpenGov Asia believes the role of IT automation in bolstering cybersecurity has never been more critical, particularly in the face of the growing sophistication of cyber threats.

He highlights the escalating intricacies of modern business infrastructures, compounded by the proliferation of remote work, mobile devices, and the Internet of Things (IoT). These developments have introduced vulnerabilities that traditional security approaches find challenging to combat.

Recent data breaches in Singapore, a global financial and tech hub, also underscore the urgency of robust security measures, highlighting the severe consequences of inadequate security practices in the face of evolving cyber threats.

In this context, Mohit underlines the revolutionary nature of Zero Trust Security, which eliminates the inherent trust traditionally placed in both internal and external entities. The importance of rigorous identity verification for users, devices and applications, emphasising the use of multiple-factor authentication as a core principle of this approach, is key.

“Continuous monitoring serves as a rapid anomaly detection mechanism, while micro-segmentation effectively constrains lateral network movement, ultimately minimising the impact of potential breaches,” he elaborates. “Here, automation assumes a critical role by swiftly analysing data, enforcing access controls, and providing real-time responses to incidents.”

According to Mohit, the adoption of automation is paramount for organisations looking to bolster their security measures. Automation accelerates processes, minimises errors, and empowers proactive threat detection and swift incident responses through real-time analysis.

Additionally, automated patch management guarantees timely updates, thereby reducing exposure to vulnerabilities, while orchestration optimises security tools and processes for efficient threat management

“To defend against modern cyber threats, organisations should employ a comprehensive approach that includes secure coding, infrastructure hardening and Zero Trust principles,” Mohit is convinced. “This strategy safeguards applications with secure coding, regular testing, and continuous monitoring.”

Infrastructure hardening serves to diminish attack surfaces while extending the principles of Zero Trust through stringent access controls and identity-based authentication, thereby fortifying the overall defence. This comprehensive approach integrates application-centric security, infrastructure hardening, and the Zero Trust Architecture, offering a multi-faceted defence against a wide range of threats.

A seamless identity-based framework begins with the establishment of robust Identity and Access Management (IAM) practices, which form the cornerstone of modern security. IAM effectively manages digital identities for users, devices, and applications, enabling precise control over resource access.

Mohit stresses the importance of access control policies that are structured around roles and responsibilities, emphasising their role in mitigating unauthorised access risks. He also underscores the significance of continuous monitoring of user activities, as it bolsters security by identifying unusual behaviour and potential breaches.

Additionally, he recommends that organisations prioritise the security of credentials for critical systems and data. This can be achieved through the implementation of robust password policies and user education. He also suggests that the adoption of password management tools can prove highly beneficial in this regard.

Elevated access management includes securing privileged accounts with strict controls, regular reviews, and just-in-time access. Data encryption safeguards sensitive information at rest and in transit, making unauthorised access ineffective. Continuous monitoring, with real-time alerts for strange behaviour, enables rapid response to possible breaches and improves security overall.

“In today’s evolving cybersecurity landscape, a comprehensive approach is key,” Mohit concludes. “From IT automation to Zero Trust Security and robust identity management, organisations must implement security measures to defend against modern cyber threats and safeguard critical systems and data.”

Welcome Address

Morgan Hite∶ Infrastructure automation will increase organisational success

Morgan Hite, the Area Vice President for Asia at HashiCorp, recognises the growing complexity of contemporary information technology infrastructure, underscoring the significance of safeguarding and preserving valuable assets for companies.

He agrees that advanced automation solutions can effectively address the intricate security requirements within hybrid and multi-cloud environments. These solutions offer valuable insights into secure asset management, threat detection, and incident response.

The ongoing shift towards cloud adoption is compelling organisations to transition from rigid to more agile infrastructure management, particularly within the public cloud domain. Consequently, IT operations teams are confronted with emerging hurdles.

These challenges include coping with sluggish manual workflows that can lead to errors and inefficiencies. Moreover, development teams may also find themselves burdened by intricate manual processes and less-than-optimal ticketing systems.

Moreover, the obstacles associated with implementing consistent policies not only hamper productivity but also elevate the risks an organisation must contend with. Consequently, having scalable and adaptable infrastructure automation becomes crucial in tackling these challenges effectively. Hence, many organisations opt for solutions that help them steer clear of such complexities.

Morgan explains that HashiCorp assists enterprises in resolving these issues by employing infrastructure as code principles for provisioning, compliance, and management across various domains, including public clouds, private data centres, and third-party services.

“Infrastructure automation plays a pivotal role in efficiently managing the progressively intricate cloud environments that organisations encounter,” he says. “This is a critical component in efforts to maintain security and protect critical assets in a frequently changing environment.”

In a dynamic cloud environment characterised by fluctuating demands, the capability to swiftly adapt and oversee resources emerges as a critical necessity. Automation assumes a pivotal role in guaranteeing efficient scalability, enabling organisations to effortlessly adjust their capacity as required without getting entangled in time-consuming manual processes.

Further, apart from scalability, operational efficiency stands out as another compelling rationale for the implementation of infrastructure automation. Automation empowers organisations to automate routine tasks like provisioning, scheduling, and resource management. Consequently, this not only lessens the burden of manual labour but also mitigates the potential for human errors.

Ultimately, it results in significant time savings when it comes to managing the intricacies of cloud environments.

“Security is another key factor that makes infrastructure automation very important. With automation, organisations can apply security policies consistently across their infrastructure,” Morgan elaborates. “This helps prevent vulnerable configurations and ensures compliance with required security standards. In a world full of security threats, automation helps keep cloud environments safe.”

Additionally, automation serves as a critical tool for enhancing infrastructure resilience. Its capacity to swiftly identify and respond to security incidents or infrastructure failures allows organisations to uphold the availability of their services. In this regard, automation proves invaluable in addressing the challenges that arise within the ever-changing landscape of a dynamic cloud environment.

Morgan strongly emphasises the fundamental importance of implementing infrastructure automation in today’s organisational landscape. He firmly believes that automation not only boosts productivity but also has the potential to curtail risk and optimise expenses, underlining its multifaceted value.

Automation has a positive impact on organisational productivity. By eliminating valuable time-consuming manual workflows associated with cloud infrastructure, organisations can experience significant time savings. That means less time is wasted on tasks like creating, managing and provisioning cloud infrastructure. As a result, the IT team and related staff can focus on more strategic and value-added tasks.

Automation further elevates the level of security by upholding rigorous operational consistency and ensuring compliance with established security policies. In this context, automation serves as a safeguard against the risk of security incidents stemming from human error or policy deviations. By automating security measures, organisations can execute them consistently and with high efficiency, providing a sense of confidence and peace of mind.

Additionally, automation enables organisations to pinpoint and curtail unnecessary or redundant utilisation of cloud resources, leading to significant cost savings. Organisations have the potential to realise substantial savings of up to 40% on their cloud infrastructure costs.

Such significant savings represent an opportunity to allocate budgets more efficiently towards other pressing needs. Consequently, investing in infrastructure automation can yield tangible economic benefits for organisations, freeing up resources for strategic initiatives and growth.

Morgan holds a firm conviction that infrastructure automation constitutes a strategic decision that delivers not only operational advantages but also risk mitigation and the intelligent and efficient allocation of budgets.

This proactive step has proven to have a positive and far-reaching impact on various aspects of an organisation’s operations and finances. In essence, automation acts as a multifaceted asset, enhancing security, reducing costs and streamlining operations for organisations operating in dynamic cloud environments.

Knowledge Insight

Mary Wee∶ A comprehensive medical history improves patient care

Mary Wee, Director of Cloud Services and Support at CPF Board, reflected on the devastating impact of COVID-19 on countless people. The pandemic took many by surprise with its sudden shifts in employment and lifestyle. Consequently, access to essentials such as food, medical services, and education unexpectedly became more challenging for many.

She underscored the paramount importance of preserving continuity and well-being amid the prevailing uncertainty. In a post-pandemic era marked by unprecedented challenges and unforeseen disruptions, maintaining financial stability has emerged as an essential pillar of resilience.

Mary strongly advocates having sufficient financial savings to effectively cope with unforeseen emergencies, particularly those triggered by events like the pandemic. This financial cushion not only imparts a sense of security but also equips individuals and families to surmount economic hardships that may arise unexpectedly. It underscores the pivotal role played by institutions like the Central Provident Fund (CPF) in extending vital financial services to the community.

CPF stands as a pivotal mechanism for helping individuals and families enhance their financial planning. This encompasses a spectrum of considerations, from long-term investments and retirement savings to health protection. By cultivating well-managed financial savings, individuals are better poised to confront challenging circumstances such as a pandemic with a greater sense of readiness and resilience.

The CPF, in this context, serves as a valuable tool in fortifying financial security and enabling individuals to navigate the uncertainties of the future with greater confidence.

Mary also underscored the paramount importance of effectively safeguarding client data, particularly in the context of social enterprises. In an age where data serves as a linchpin for informed decision-making and enhanced client services, the preservation of data security and integrity emerges as a foremost concern.

CPF frequently handles the personal and sensitive information of their clients, including financial, medical and various other personal details. Consequently, they bear a substantial responsibility to shield this data from cyber threats and potential misuse.

The loss of data or a security breach can wield far-reaching consequences, impacting not only client trust but also the seamless functioning of an organisation. It underscores the imperative of unwavering diligence in preserving data security and ensuring the highest standards of data protection to safeguard both clients and the organisation itself.

“In an age where services and operations are increasingly tied to cloud technology, security cannot be ignored,” says Mary. “As such, upholding cloud infrastructure cybersecurity is our top goal since it boosts client satisfaction through quality support.”

When customers entrust their vital data and information to an organisation, they hold the expectation that this data will be handled and stored with the highest level of security. This is not merely a matter of practicality; it is a profound issue of trust.

Mary understands that when customers have the assurance that their data is securely managed within the CPF Board’s cloud infrastructure, their satisfaction with the service provided is assured.

Robust security forms the bedrock of customer trust, and this trust is unequivocally reflected in the quality of service delivered. It’s a symbiotic relationship where security breeds trust, and trust, in turn, elevates the calibre of service provided.

The CPF Board’s commitment to cybersecurity extends beyond the technical aspects; it focuses on instilling a sense of safety and confidence in customers regarding the security of their data. This approach not only engenders customer satisfaction but also contributes to cementing the CPF Board’s reputation as an organisation that is both responsible and trustworthy in its stewardship of client data.

In the multi-cloud era, there has been a significant shift in the locus of control. Instead of relying on physical controls, the emphasis is now shifting to trusted identities, Mary explains. This means each entity must go through an authentication and authorisation process to gain access to a system or resource. By adopting this identity-based framework, they can effectively navigate the complexities of securing dynamic multi-cloud environments while ensuring higher levels of security.

Mary reaffirms the CPF Board’s unwavering dedication to the utmost protection of their clients’ data. They have put significant measures in place by implementing stringent security protocols, which include leveraging the latest in security technology and providing comprehensive training to employees in identifying and mitigating cyber threats.

In addition to these initiatives, they have established rigorous policies governing data management and storage, ensuring compliance with all relevant privacy regulations.

“It’s a holistic strategy where technical prowess combines with a commitment to customer trust, fostering a solid and reliable image for the organisation,” Mary concludes. “This multi-faceted approach underscores CPF’s dedication to the highest standards of data security and privacy, further cementing its reputation as a responsible custodian of client information.”

Closing Remarks

Binny Peh∶ AWS is dedicated to innovating and transforming governments and organisations worldwide

Binny Peh, Head of Partners & Alliances Singapore Public Sector, Amazon Web Services (AWS) expressed her appreciation for the attendees’ perceptive and insightful event as they came together to explore the transformative power of technology in the public sector.

“The discussions and interactions we’ve had reaffirm the pivotal role that technology plays in shaping the future of our societies, and more importantly, in improving the lives of our citizens,” she acknowledges.

Binny confirms that Amazon Web Services is deeply committed to driving innovation and enabling digital transformation for governments and organisations worldwide. “Our mission is to empower you to leverage the cloud to build more agile, efficient, and citizen-centric services. But it’s not just about technology; it’s about the partnerships and alliances we form, the collaborative spirit we nurture, and the shared vision we pursue together.”

She believes that the success they have achieved in the public sector is a collective effort. It’s the result of collaboration between government agencies, industry partners, and technology providers like AWS, “Your insights, your commitment to excellence, and your tireless efforts to push the boundaries of what’s possible are what make this transformation journey so exciting and impactful.”

Binny encouraged the participants to continue fostering innovation, build strong partnerships, and embrace the opportunities that lie ahead. She emphasised the importance of pushing boundaries and harnessing technology to tackle the most critical challenges in communities, ultimately working towards a brighter and more interconnected future for everyone.

“Thank you once again for your participation, your passion, and your dedication to the mission of OpenGov Asia. Together, we can achieve great things, and I look forward to our continued collaboration in shaping a better tomorrow,” Binny ends emphatically.

Li Wen Chi, Group Chief Technology Officer at Cloud Kinetics, expressed his appreciation to OpenGov Asia and all attendees for contributing to the event’s success, highlighting OpenGov Asia’s role as a facilitator of knowledge exchange, innovation and collaboration.

“OpenGov Asia has consistently created effective platforms for sharing ideas, stimulating discussion, building relations and driving change,” he acknowledges. “And this year has been no exception!”

Li Wen Chi∶ Cloud is a fundamental transformation in business and society, extending beyond mere technology

As usual, Wen Chi confirms, the event featured insightful presentations, thought-provoking interactions and valuable networking opportunities, showcasing the dynamic evolution of digital transformation in Asia and the enthusiastic embrace of technology by governments, businesses, and individuals to catalyse positive change.

“One recurring theme of this event has been the pivotal role of technology in addressing our most urgent challenges. We’ve witnessed inspiring instances of technology’s potential for the common good. It’s evident that we’re not merely envisioning the future; we’re actively constructing it collectively,” Wen Chi reiterates.

Cloud Kinetics firmly believes that the cloud represents more than just a technological shift; it embodies a fundamental shift in our approach to business and society. And they are dedicated to leading this transformation, aiming to equip organisations with cutting-edge cloud solutions to navigate the intricacies of the digital era effectively, he confirms.

He encouraged the attendees to take the knowledge, insights, and connections acquired during the event and to further collaborate, share, learn from one another, and collectively strive for an inclusive, sustainable future driven by technology for the betterment of all.

“Remember that innovation knows no boundaries, and together, we can overcome any challenge that comes our way,” Wen Chi concludes, “The road ahead may be uncertain, but with the spirit of collaboration and innovation, we can navigate it successfully.”

In closing, Mohit extended his sincere gratitude to all the esteemed speakers, participants, and partners who graced the event with their presence and wisdom. Their expertise and unwavering commitment to innovation not only illuminated the discussions but charted a course for the future.

“Together, we have explored the limitless possibilities that emerge when governments, industry leaders, and technology providers join forces. We’ve delved into the transformative power of cloud computing,” Mohit appreciates.

It’s crucial, he adds, to acknowledge the transformative potential of AI, cybersecurity, and data analytics in the realm of public services. These technologies are pivotal in shaping the future of government operations and service delivery in several ways

Moreover, Mohit remains strongly convinced that in this era of unprecedented change, collaboration is not just a buzzword; it is the cornerstone of success, “It is through partnerships, alliances, and the exchange of ideas that we can unlock the full potential of technology and effectively navigate the intricate challenges that lie ahead.”

He urged the attendees to persist in the spirit of collaboration, encouraging them to forge new alliances, nurture existing partnerships, and remain open to the opportunities that technology continually unfolds.

“Let us always bear in mind that our collective mission is to enhance the well-being of citizens and stimulate comprehensive growth, “Mohit concludes, “We must keep the broader purpose of our endeavours at the fore and pave the way for a more sustainable and inclusive future for everyone.”

Eksklusif! Revolusi Automasi ∶  Mengamankan Infrastruktur TI Modern untuk Masa Depan

Share via

Dalam lingkungan digital yang terus berubah dengan cepat saat ini, organisasi memanfaatkan sistem multi-cloud untuk mencapai fleksibilitas, skalabilitas, dan efisiensi biaya. Akan tetapi, transisi ini seringkali memunculkan tantangan kompleks terkait pengelolaan identitas dan keamanan.

Untuk sepenuhnya memanfaatkan komputasi cloud sambil melindungi data dan operasi, bisnis sekarang memberikan prioritas pada tujuan-tujuan penting seperti mengotomatiskan langkah-langkah keamanan, mengurangi risiko, dan mengelola identitas secara efektif dalam lanskap multi-cloud.

Peningkatan posisi keamanan dalam sistem multi-cloud sangat bergantung pada otomatisasi. Sebuah otomatisasi memberdayakan perusahaan untuk dengan cepat mengatasi ancaman, mendeteksi kerentanan, dan menjaga pemantauan berkelanjutan terhadap infrastruktur cloud mereka.

Sistem keamanan otomatis memiliki kapasitas untuk menganalisis kumpulan data besar, mengidentifikasi tren dan anomali yang mungkin luput dari pengamatan manusia. Dengan mengadopsi pendekatan proaktif, bisnis tidak hanya dapat mengurangi waktu henti dan risiko finansial, tetapi juga secara signifikan mengurangi kemungkinan pelanggaran data.

Mengurangi risiko dalam lingkungan multi-cloud memerlukan implementasi strategi komprehensif. Ini termasuk pembentukan enkripsi yang kuat, kontrol akses, dan protokol pencegahan kehilangan data di semua penyedia cloud dan aplikasi.

Selain itu, sangat penting untuk mengadopsi kerangka keamanan bersatu yang menawarkan visibilitas dan kontrol yang terpusat atas seluruh ekosistem multi-cloud dalam sebuah organisasi. Pendekatan seperti ini menyederhanakan pengelolaan risiko dengan memastikan penegakan kebijakan yang konsisten, deteksi ancaman, dan prosedur tanggapan insiden yang seragam.

Pengelolaan identitas adalah aspek penting dari keamanan multi-cloud, terutama ketika individu seperti pelanggan, mitra, dan karyawan mengakses sumber daya dari berbagai perangkat dan lokasi. Manajemen Identitas dan Akses (IAM) memainkan peran penting dalam konteks ini, memungkinkan organisasi untuk mengimplementasikan kontrol akses yang tepat untuk memastikan hanya pengguna yang diotorisasi yang dapat mengakses sumber daya.

Selain itu, sistem IAM menawarkan kemampuan single sign-on (SSO), yang tidak hanya meningkatkan keamanan, tetapi juga menyederhanakan pengalaman pengguna dengan memungkinkan pengguna untuk mengakses berbagai sumber daya dengan satu set kredensial.

Seiring dengan maraknya adopsi arsitektur multi-cloud untuk melindungi data, aset, dan reputasi mereka dalam lanskap digital yang saling terhubung saat ini, adopsi otomatisasi dan praktik keamanan yang kuat menjadi sangat penting.

Strategi cloud yang komprehensif yang mencakup otomatisasi posisi keamanan, langkah-langkah pengurangan risiko, dan pengelolaan identitas yang efektif dalam konteks lingkungan multi-cloud adalah hal yang mendasar. Memberikan prioritas pada elemen-elemen ini memungkinkan organisasi untuk mengurangi risiko dan sepenuhnya memanfaatkan kelebihan dari pengaturan multi-cloud.

OpenGov Breakfast Insight telah menghadirkan para pemimpin teknologi di Singapura pada tanggal 26 September 2023 di Voco Orchard Singapore untuk mendiskusikan terkait perkembangan terbaru dalam integrasi data, kemanan siber, cloud, dan tata kelola data.

Salam Pembuka

Mohit Sagar∶ Automasi TI kian meluas sebagai basis memperkuat ketahanan siber

Mohit Sagar, CEO dan Kepala Redaktur OpenGov Asia, meyakini bahwa peran otomatisasi TI dalam memperkuat keamanan siber adalah penting terutama dalam menghadapi kecanggihan ancaman siber.

Dia menyoroti kompleksitas infrastruktur bisnis modern yang semakin meningkat. Hal ini diperparah oleh peningkatan pekerjaan jarak jauh, perangkat seluler, dan Internet of Things (IoT). Perkembangan ini telah memperkenalkan kerentanan yang sulit ditangani oleh pendekatan keamanan tradisional.

Pelanggaran data baru-baru ini seperti yang terjadi di Singapura, pusat keuangan dan teknologi global, juga menggarisbawahi urgensi untuk menciptakan keamanan siber yang kuat.

Dalam konteks ini, Mohit menekankan untuk memiliki sifat revolusioner dari Keamanan Zero Trust, yang menghilangkan kepercayaan inheren yang biasanya ditempatkan pada entitas internal dan eksternal. Pentingnya verifikasi identitas yang ketat untuk pengguna, perangkat, dan aplikasi, dengan menekankan penggunaan otentikasi multi-faktor sebagai prinsip inti dari pendekatan ini, sangat penting.

“Monitoring berkelanjutan berfungsi sebagai mekanisme deteksi anomali yang cepat, sementara segmentasi mikro secara efektif membatasi pergerakan jaringan lateral, pada akhirnya meminimalkan dampak pelanggaran potensial,” jelasnya. “Di sini, otomatisasi memainkan peran penting dengan cepat menganalisis data, menegakkan kontrol akses, dan memberikan tanggapan waktu nyata terhadap insiden.”

Menurut Mohit, adopsi otomatisasi sangat penting bagi organisasi yang ingin memperkuat langkah-langkah keamanan mereka. Otomatisasi mempercepat proses, meminimalkan kesalahan, dan memberdayakan deteksi ancaman proaktif dan tanggapan cepat melalui analisis waktu nyata.

Selain itu, manajemen patch otomatis menjamin pembaruan tepat waktu, dengan demikian mengurangi paparan terhadap kerentanan, sementara orkestrasi mengoptimalkan alat dan proses keamanan untuk manajemen ancaman yang efisien.

“Untuk bertahan dari ancaman siber modern, organisasi harus menggunakan pendekatan komprehensif yang mencakup pemrograman yang aman, perkuatan infrastruktur, dan prinsip-prinsip Zero Trust,” tekan Mohit. “Strategi ini tentunya dapat melindungi aplikasi melalui pemrograman yang aman, pengujian teratur, dan pemantauan berkelanjutan.”

Pemantapan infrastruktur bertujuan untuk mengurangi permukaan serangan sambil memperluas prinsip-prinsip Zero Trust melalui kontrol akses yang ketat dan otentikasi berbasis identitas, dengan demikian memperkuat pertahanan secara keseluruhan. Pendekatan komprehensif ini mengintegrasikan keamanan berbasis aplikasi, perkuatan infrastruktur, dan Arsitektur Zero Trust, menawarkan pertahanan multi-faset terhadap berbagai ancaman.

Kerangka kerja berbasis identitas yang mulus dimulai dengan pembentukan praktik Manajemen Identitas dan Akses (IAM) yang kuat, yang merupakan dasar keamanan modern. IAM mengelola identitas digital untuk pengguna, perangkat, dan aplikasi, memungkinkan kontrol yang tepat atas akses sumber daya.

Mohit menekankan pentingnya kebijakan kontrol akses yang terstruktur berdasarkan peran dan tanggung jawab melalui penekanan peran mereka dalam mitigasi risiko akses yang tidak sah. Dia juga menekankan pentingnya pemantauan berkelanjutan terhadap aktivitas pengguna, karena ini memperkuat keamanan dengan mengidentifikasi perilaku yang tidak biasa dan potensi pelanggaran.

Selain itu, dia merekomendasikan agar organisasi memprioritaskan keamanan kredensial untuk sistem dan data penting. Hal ini dapat dicapai melalui implementasi kebijakan kata sandi yang kuat dan edukasi user yang holistik.

Manajemen akses yang ditingkatkan mencakup pengamanan akun berhak dengan kontrol ketat, tinjauan teratur, dan akses sesuai kebutuhan. Enkripsi data melindungi informasi sensitif dalam keadaan diam dan saat transit, membuat akses tidak sah tidak efektif. Pemantauan berkelanjutan, dengan peringatan waktu nyata untuk perilaku yang aneh, memungkinkan tanggapan cepat terhadap pelanggaran risiko yang mungkin terjadi dan meningkatkan keamanan secara keseluruhan.

“Dalam lanskap keamanan siber yang terus berkembang saat ini, pendekatan komprehensif sangat penting,” simpul Mohit. “Mulai dari otomatisasi TI hingga Keamanan Zero Trust dan manajemen identitas yang kuat, organisasi harus menerapkan langkah-langkah keamanan untuk membela diri dari ancaman siber modern dan melindungi sistem dan data penting.”

Welcome Address

Morgan Hite∶  Otomatisasi infrastruktur membawa banyak manfaat bagi organisasi

Morgan Hite selaku Vice President untuk Asia di HashiCorp mengatakan bahwa dengan meningkatnya kompleksitas infrastruktur teknologi informasi yang modern, penting bagi perusahaan untuk mengamankan dan melindungi aset-aset pentingnya. Morgan menyoroti bahwa solusi otomatisasi mutakhir memang dapat secara efektif mengatasi kebutuhan keamanan yang rumit dalam lingkungan hybrid dan multi-cloud, memberikan wawasan tentang manajemen yang aman, deteksi ancaman, dan respons terhadap insiden.

Perubahan ke arah cloud memaksa organisasi untuk melakukan transisi dari pengelolaan infrastruktur yang kaku menjadi lebih dinamis di cloud publik. Konsekuensinya, tim operasi TI harus berurusan dengan berbagai tantangan yang baru muncul seperti kewalahan dengan alur kerja manual yang lambat dan potensi kesalahan yang tinggi. Tim pengembang juga terkadang merasa terhambat oleh proses manual yang rumit dan sistem tiket yang tidak efisien.

Tidak hanya itu, kendala dalam mengimplementasikan kebijakan yang konsisten juga memengaruhi produktivitas dan menambah risiko yang harus dihadapi. Penting bagi organisasi untuk memiliki otomatisasi infrastruktur yang dapat disesuaikan dan diskalakan untuk mengatasi tantangan ini. Oleh karena itu, banyak organisasi yang lebih memilih untuk menghindari kerumitan tersebut. Bahkan, data Cloud Thales 2023 menyebutkan bahwa hanya 41% organisasi yang telah menerapkan kontrol zero trust dalam infrastruktur cloud mereka.

Morgan menjelaskan bahwa HashiCorp memberikan pelayanan instruktur automasi. HashiCorp membantu perusahaan mengatasi masalah ini melalui infrastruktur sebagai kode untuk penyediaan, kepatuhan, dan manajemen di seluruh cloud publik, pusat data pribadi, dan layanan pihak ketiga. Automasi infrastruktur adalah elemen kunci dalam pengelolaan lingkungan cloud yang semakin kompleks. “Ini adalah komponen penting dalam upaya untuk menjaga keamanan dan melindungi aset kritis dalam lingkungan yang sering berubah-ubah.”

Dalam dunia cloud yang dinamis, di mana permintaan dapat berfluktuasi secara drastis, kemampuan untuk dengan cepat menyesuaikan dan mengelola sumber daya menjadi sangat penting. Automasi memainkan peran kunci dalam memastikan skalabilitas yang efisien, memungkinkan organisasi untuk menambah atau mengurangi kapasitas sesuai kebutuhan tanpa melibatkan tindakan manual yang memakan waktu.

Selain skalabilitas, efisiensi operasional adalah alasan penting lainnya untuk menerapkan automasi infrastruktur. Dengan otomatisasi, tugas-tugas rutin seperti penyediaan, penjadwalan, dan manajemen sumber daya dapat diotomatiskan. Hal ini mengurangi beban kerja manual, menghindari kesalahan manusia, dan menghemat waktu yang berharga dalam pengelolaan lingkungan cloud yang kompleks.

Lebih lanjut, Morgan menjelaskan bahwa keamanan adalah faktor kunci lainnya yang menjadikan automasi infrastruktur sangat penting. Dengan otomatisasi, organisasi dapat menerapkan kebijakan keamanan secara konsisten di seluruh infrastruktur mereka. Ini membantu mencegah konfigurasi yang rentan dan memastikan kepatuhan terhadap standar keamanan yang diperlukan. Dalam dunia yang penuh dengan ancaman keamanan, automasi membantu menjaga lingkungan cloud tetap aman.

Selain itu, automasi juga membantu meningkatkan resiliensi infrastruktur. Dengan kemampuan mendeteksi dan merespons insiden keamanan atau kegagalan infrastruktur dengan cepat, organisasi dapat menjaga ketersediaan layanan mereka. Dalam hal ini, automasi membantu menghadapi tantangan-tantangan yang timbul di lingkungan cloud yang dinamis.

Morgan dengan tegas menggarisbawahi betapa esensialnya langkah penerapan otomatisasi infrastruktur dalam lingkungan organisasi saat ini. Dalam pandangannya, otomatisasi tidak hanya berperan dalam meningkatkan produktivitas, tetapi juga berpotensi mengurangi risiko dan mengoptimalkan pengeluaran.

Pertama-tama, otomatisasi membawa dampak positif terhadap produktivitas organisasi. Dengan menghilangkan berbagai alur kerja manual yang sebelumnya memakan waktu berharga terkait infrastruktur cloud, organisasi dapat merasakan penghematan waktu yang signifikan. Itu berarti ada lebih sedikit waktu yang terbuang untuk tugas-tugas seperti penciptaan, pengelolaan, dan penyediaan infrastruktur cloud. Sebagai hasilnya, tim TI dan staf terkait dapat fokus pada tugas-tugas yang lebih strategis dan bernilai tambah.

Selanjutnya, otomatisasi juga berkontribusi pada peningkatan tingkat keamanan. Ini terwujud melalui pemeliharaan konsistensi operasional yang ketat dan penegakan kepatuhan terhadap kebijakan keamanan yang telah ditetapkan. Dalam konteks ini, otomatisasi membantu mengurangi risiko insiden keamanan yang mungkin timbul akibat kesalahan manusia atau pelanggaran kebijakan. Dengan otomatisasi, langkah-langkah keamanan dapat dijalankan dengan konsisten dan efisien, memberikan ketenangan pikiran kepada organisasi.

Namun, salah satu manfaat paling mencolok dari otomatisasi adalah aspek ekonomisnya. Dengan memungkinkan organisasi untuk mengidentifikasi dan mengurangi penggunaan sumber daya cloud yang tidak diperlukan atau berlebihan, otomatisasi dapat menghasilkan penghematan biaya yang substansial.

Bahkan, Morgan mengungkapkan bahwa organisasi dapat menghemat hingga 40% dari biaya infrastruktur cloud mereka. Ini adalah potensi penghematan yang signifikan, yang berarti anggaran yang tersedia dapat dialokasikan dengan lebih efisien untuk kebutuhan lain yang mendesak. Sebagai akibatnya, organisasi dapat mencapai manfaat ekonomis yang nyata melalui investasi dalam otomatisasi infrastruktur.

Dengan demikian, dalam pandangan Morgan, otomatisasi infrastruktur adalah langkah strategis yang tidak hanya memberikan keuntungan operasional, tetapi juga memitigasi risiko serta memastikan penggunaan anggaran yang cerdas dan efisien. Itu adalah langkah yang membawa dampak positif dalam berbagai aspek operasional dan keuangan organisasi.

Knowledge Insight

Mary Wee ∶  Riwayat medis yang terintegrasi dan aksesible dapat meningkatkan pelayanan pasien

Pandemi telah menjadi pukulan telak bagi banyak individu, dan telah menyadarkan betapa pentingnya memiliki keamanan finansial di tengah ketidakpastian. Perubahan mendadak dalam gaya hidup dan cara kerja selama pandemi membuat banyak orang merasa tidak siap menghadapinya. Akses ke berbagai kebutuhan dasar seperti makanan, perawatan kesehatan, dan pendidikan tiba-tiba menjadi lebih sulit.

Penting untuk memiliki simpanan finansial yang memadai untuk menghadapi situasi darurat seperti yang disebabkan oleh pandemi. Keamanan finansial ini dapat memberikan ketenangan pikiran dan membantu individu dan keluarga mengatasi tantangan ekonomi yang mungkin muncul. Itu sebabnya keberadaan CPF, atau Central Provident Fund, sangat penting dalam memberikan pelayanan keuangan kepada masyarakat.

CPF adalah salah satu cara untuk membantu individu dan keluarga merencanakan keuangan mereka dengan lebih baik. Ini dapat mencakup investasi jangka panjang, tabungan pensiun, dan perlindungan kesehatan. Dengan memiliki simpanan finansial yang dikelola dengan baik, individu dapat merasa lebih siap menghadapi masa-masa sulit seperti pandemi.

Mary Wee, Director, Cloud Services and Support di CPF Board, mengatakan betapa pentingnya menjaga data klien dengan baik, terutama dalam konteks perusahaan sosial. Dalam era di mana data memiliki peran kunci dalam menginformasikan keputusan dan memberikan layanan yang lebih baik kepada klien, menjaga keamanan dan integritas data merupakan prioritas utama.

CPF seringkali memiliki akses ke informasi pribadi dan sensitif dari klien mereka, termasuk informasi keuangan, medis, atau pribadi lainnya. Oleh karena itu, mereka memiliki tanggung jawab besar untuk melindungi data ini dari ancaman siber dan potensi penyalahgunaan. Kehilangan data atau pelanggaran keamanan dapat berdampak serius tidak hanya pada kepercayaan klien, tetapi juga pada operasi organisasi.

“Menjaga keamanan siber untuk infrastruktur cloud adalah prioritas kami. Dengan menjaga keamanan cloud, kepuasan pelanggan karena pelayanan yang baik akan semakin meningkat,” ujar Mary.

Dalam era di mana layanan dan operasi semakin terkait dengan teknologi cloud, keamanan tidak bisa diabaikan. Ketika pelanggan mempercayakan data dan informasi penting mereka kepada suatu organisasi, mereka mengharapkan bahwa data tersebut akan dikelola dan disimpan dengan sangat aman. Ini bukan hanya masalah praktis, tetapi juga masalah kepercayaan.

Mary Wee memahami bahwa ketika pelanggan merasa yakin data mereka aman dalam infrastruktur cloud CPF Board, mereka akan merasa puas dengan layanan yang diberikan. Keamanan yang kuat adalah dasar dari kepercayaan pelanggan, dan hal ini tercermin dalam kualitas pelayanan yang diberikan.

Oleh karena itu, CPF Board tidak hanya berfokus pada aspek teknis keamanan siber, tetapi juga pada memastikan bahwa pelanggan merasa aman dan yakin dengan keamanan data mereka. Hal ini tidak hanya menciptakan kepuasan pelanggan, tetapi juga membangun reputasi CPF Board sebagai organisasi yang bertanggung jawab dan dapat dipercaya dalam pengelolaan data klien.

Mary Wee telah menegaskan bahwa CPF Board berkomitmen untuk menjaga data klien mereka dengan sangat baik. Mereka telah mengambil langkah-langkah penting dalam mengimplementasikan protokol keamanan yang ketat, termasuk penggunaan teknologi keamanan terkini dan pelatihan karyawan dalam mengenali ancaman siber. Selain itu, mereka juga memiliki kebijakan ketat dalam hal pengelolaan dan penyimpanan data yang mematuhi peraturan privasi yang berlaku.

“Di era multi-cloud, terjadi pergeseran signifikan dalam lokus kontrol. Alih-alih mengandalkan kontrol fisik, sekarang penekanannya beralih ke identitas yang terpercaya. Ini berarti setiap entitas harus melalui proses otentikasi dan otorisasi untuk mendapatkan akses ke sistem atau sumber daya.

Dengan mengadopsi kerangka kerja berbasis identitas ini, organisasi dapat secara efektif menavigasi kompleksitas pengamanan lingkungan multi-cloud yang dinamis sambil memastikan tingkat keamanan yang lebih tinggi,” tutup Mary

Salam Penutup

Binny Peh∶ AWS berdedikasi untuk mentransformasikan tata kelola di seluruh dunia

Binny Peh, Head of Partners & Alliances untuk Singapore Public Sector, Amazon Web Services (AWS), mengungkapkan apresiasinya atas kehadiran peserta yang berwawasan dan berpandangan tajam dalam acara ini saat mereka bersatu untuk menjelajahi kekuatan transformasional teknologi dalam sektor publik.

“Diskusi dan interaksi yang telah kita lakukan telah mengonfirmasi peran sentral teknologi dalam membentuk masa depan masyarakat kita, dan yang lebih penting, dalam meningkatkan kehidupan warga negara kita,” katanya.

Binny mengonfirmasi bahwa Amazon Web Services sangat berkomitmen untuk mendorong inovasi dan memungkinkan transformasi digital bagi pemerintah dan organisasi di seluruh dunia. “Misi kami adalah memberdayakan Anda untuk memanfaatkan cloud untuk membangun layanan yang lebih lincah, efisien, dan berorientasi pada warga. Tapi, ini bukan hanya tentang teknologi; ini tentang kemitraan dan aliansi yang kita bentuk, semangat kolaboratif yang kita pelihara, dan visi yang kita kejar bersama.”

Dia percaya bahwa kesuksesan yang telah mereka capai di sektor publik adalah hasil dari kerja sama antara lembaga pemerintah, mitra industri, dan penyedia teknologi seperti AWS, “Wawasan Anda, komitmen Anda terhadap keunggulan, dan upaya tanpa lelah Anda untuk mendorong batas-batas apa yang memungkinkan telah membuat perjalanan transformasi ini begitu menarik dan berdampak.”

Binny mendorong peserta untuk terus melakukan inovasi, membangun kemitraan yang kuat, dan merangkul peluang yang ada. Dia menekankan pentingnya untuk mendorong batas-batas dan memanfaatkan teknologi untuk mengatasi tantangan paling kritis dalam masyarakat, dengan tujuan akhirnya bekerja menuju masa depan yang lebih cerah dan lebih terhubung untuk semua orang.

“Terima kasih sekali lagi atas partisipasi Anda, semangat Anda, dan dedikasi Anda terhadap misi OpenGov Asia. Bersama-sama, kita dapat mencapai hal-hal besar, dan saya menantikan kerjasama berkelanjutan kita dalam membentuk hari esok yang lebih baik,” Binny mengakhiri dengan tegas.

Li Wen Chi∶ Cloud adalah basis transformasi untuk dapat menjangkau teknologi lebih jauh

Li Wen Chi, Group Chief Technology Officer at Cloud Kinetics, Dia menyatakan apresiasinya kepada OpenGov Asia dan semua peserta atas kontribusinya dalam kesuksesan acara tersebut, menyoroti peran OpenGov Asia sebagai fasilitator pertukaran pengetahuan, inovasi, dan kolaborasi.

“OpenGov Asia secara konsisten telah menciptakan platform efektif untuk berbagi ide, merangsang diskusi, membangun hubungan, dan mendorong perubahan,” katanya. “Dan tahun ini tidak terkecuali!”

Sesuai dengan biasanya, Wen Chi memastikan bahwa acara tersebut menampilkan presentasi yang penuh wawasan, interaksi yang merangsang pemikiran, dan peluang jaringan berharga, memamerkan evolusi dinamis transformasi digital di Asia dan dukungan antusiasme terhadap teknologi oleh pemerintah, bisnis, dan individu untuk memacu perubahan positif.

“Salah satu tema berulang dalam acara ini adalah peran penting teknologi dalam mengatasi tantangan-tantangan mendesak kita. Kami telah menyaksikan contoh-contoh inspiratif dari potensi teknologi untuk kebaikan bersama. Jelas bahwa kita tidak hanya membayangkan masa depan; kita sedang secara aktif membangunnya bersama,” tegas Wen Chi.

Cloud Kinetics yakin bahwa cloud mewakili lebih dari sekadar pergeseran teknologi; itu mencerminkan pergeseran mendasar dalam pendekatan kita terhadap bisnis dan masyarakat, dan mereka berkomitmen untuk memimpin transformasi ini, bertujuan untuk memberikan organisasi solusi cloud mutakhir untuk mengarungi kompleksitas era digital dengan efektif.

Wen Chi mendorong para peserta untuk mengambil pengetahuan, wawasan, dan koneksi yang diperoleh selama acara ini dan untuk lebih berkolaborasi, berbagi, belajar satu sama lain, dan bersama-sama berusaha untuk masa depan yang inklusif dan berkelanjutan yang didorong oleh teknologi demi kesejahteraan semua.

“Perlu diingat bahwa inovasi tidak mengenal batas, dan bersama-sama, kita dapat mengatasi setiap tantangan yang datang,” tutup Wen Chi, “Jalan ke depan mungkin tidak pasti, tetapi dengan semangat kolaborasi dan inovasi, kita dapat menavigasinya dengan sukses.”

Dalam penutupan tersebut, Mohit menyampaikan rasa terima kasih yang tulus kepada semua pembicara terhormat, peserta, dan mitra yang memeriahkan acara ini dengan kehadiran dan kebijaksanaan mereka. Keahlian mereka dan komitmen yang teguh terhadap inovasi tidak hanya menerangi diskusi tetapi juga merancang arah untuk masa depan.

“Bersama-sama, kita telah menjelajahi kemungkinan tanpa batas yang muncul ketika pemerintah, pemimpin industri, dan penyedia teknologi bergabung. Kita telah mendalami kekuatan transformatif komputasi awan,” Mohit mengapresiasi.

Hal ini penting, tambahnya, untuk mengakui potensi transformatif dari kecerdasan buatan (AI), keamanan siber, dan analitik data dalam ranah pelayanan publik. Teknologi-teknologi ini sangat penting dalam membentuk masa depan operasi pemerintah dan penyampaian layanan dalam beberapa cara.

Selain itu, Mohit tetap kuat yakin bahwa di era perubahan yang belum pernah terjadi sebelumnya ini, kolaborasi bukan hanya sekadar kata-kata yang digembar-gemborkan; itu adalah pondasi kesuksesan, “Melalui kemitraan, aliansi, dan pertukaran ide, kita dapat membuka potensi penuh teknologi dan secara efektif mengatasi tantangan yang rumit yang ada di depan.”

Dia mendorong peserta untuk terus bergerak dalam semangat kolaborasi, mendorong mereka untuk membentuk aliansi baru, merawat kemitraan yang ada, dan tetap terbuka terhadap peluang yang terus-menerus muncul dari teknologi.

“Marilah kita selalu mengingat bahwa misi kolektif kita adalah untuk meningkatkan kesejahteraan warga negara dan merangsang pertumbuhan yang komprehensif,” Mohit mengakhiri, “Kita harus selalu mempertimbangkan tujuan yang lebih luas dari usaha kita dan membuka jalan menuju masa depan yang lebih berkelanjutan dan inklusif untuk semua orang.”

Strengthening Thailand’s Digital Defences

Image credits: dga.or.th
Share via

Recently, the Digital Government Development Agency (DGA) and the Thailand Digital Government Academy (TDGA) have joined forces to provide training to raise awareness about cybersecurity. This collaborative effort is designed to enhance participants’ knowledge and comprehension of the fundamental principles and the significance of cybersecurity laws, regulations, and announcements. Moreover, the training seeks to promote awareness of information systems’ safe and secure use.

Panithan Khennanuay, Director of the Cyber Security Department, emphasised the increasing prevalence of cyberattacks in today’s digital landscape, affecting many sectors. As organisations transition into the digital realm, they become more susceptible to cyber threats. These threats can range from data breaches and hacking attempts to ransomware attacks and other malicious activities that can compromise sensitive information and disrupt essential services.

Recognising the evolving nature of these cybersecurity challenges, the collaboration between the DGA and TDGA underscored the importance of equipping individuals and organisations with the knowledge and skills to safeguard their digital assets. The training initiative aims to empower participants to proactively identify and mitigate potential cyber risks, thereby enhancing the overall cybersecurity posture of both the public and private sectors.

Panithan Khennanuay further emphasised that as digital transformation continues to reshape the governance, commerce, and communication landscape, it is imperative to prioritise cybersecurity as an integral component of this evolution. By fostering a cybersecurity-conscious culture and ensuring that individuals and organisations stay well-informed and vigilant, Thailand can better protect its digital infrastructure and sensitive data. “Ultimately, it will contribute to the country’s resilience in the face of cyber threats and bolster its position as a leader in the digital age,” he expressed.

Additionally, Khomkrit Khamsawat, Head of the Service Operations Team, added that the workforce and citizens are crucial to any cybersecurity strategy’s success. As the Head of the Service Operations Team, Khomkrit Khamsawat recognises that a well-informed and cyber-aware workforce is the first line of defence against cyber threats. Employees and citizens alike play pivotal roles in maintaining the security of digital systems and data.

In the ever-evolving landscape of cyber threats, individuals within organisations and the broader public must be educated and trained to recognise and respond effectively to potential security risks. It includes understanding the latest cyber threats, practising good cybersecurity hygiene, and adhering to best practices for secure digital behaviour.

Moreover, citizens and employees should be aware of cybersecurity laws, regulations, and guidelines. Compliance with these measures is essential for protecting critical infrastructure and sensitive information.

The collaboration between the DGA and TDGA not only aimed to equip individuals with the technical knowledge needed to defend against cyber threats but also strives to cultivate a cybersecurity mindset. This cultural shift toward cybersecurity awareness can help foster a safer digital environment for all.

Thailand is taking proactive steps to fortify its defences against cyberattacks by focusing on workforce and citizen education. These efforts will ultimately contribute to the country’s ability to harness the full potential of digital technologies while safeguarding its digital assets and interests.

“Cybersecurity is not just a technical issue but a shared responsibility. It requires collaboration across sectors, proactive measures to stay ahead of emerging threats, and a commitment to ongoing education and awareness,” Mr Khomkrit emphasised. “We are optimistic that with the concerted efforts of organisations, government agencies, and individuals, Thailand can build a robust cybersecurity ecosystem. This ecosystem will not only protect critical infrastructure but also promote innovation, trust, and economic growth in the digital age.”

U.S. Tackling Deepfake Challenges

Share via

The National Security Agency (NSA) and its federal agency partners have released new guidance concerning a cybersecurity risk posed by deepfakes, a type of synthetic media. This emerging threat poses cybersecurity challenges for National Security Systems (NSS), the Department of Defence (DoD), and organisations within the Defence Industrial Base (DIB).

They have jointly published a Cybersecurity Information Sheet (CSI) titled “Contextualising Deepfake Threats to Organisations” to assist entities in recognising, safeguarding against, and responding to deepfake threats. NSA developed the CSI with the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).

The term “deepfake” encompasses multimedia content that has been either artificially created or manipulated through machine learning and deep learning technologies, which are forms of artificial intelligence (AI). Other phrases used to describe such synthetically generated or altered media include “Shallow/Cheap Fakes,” “Generative AI,” and “Computer Generated Imagery (CGI).”

Candice Rockell Gerstner, an NSA Applied Research Mathematician with expertise in Multimedia Forensics, emphasised that while the tools and methods for altering authentic multimedia have been in existence for some time, the noteworthy shift lies in the ease and widespread adoption of these techniques by cyber actors. This evolving landscape introduces a fresh set of challenges to national security.

Gerstner pointed out that organisations, as well as their employees, must adapt to this changing environment. They need to identify the tradecraft and techniques associated with deepfakes. Moreover, it is essential to establish comprehensive plans to respond to potential deepfake attacks and mitigate their impact effectively. As cyber adversaries increasingly leverage these technologies, recognising and countering deepfake threats becomes paramount to ensuring national security and safeguarding sensitive information.

The joint Cybersecurity Information Sheet (CSI) provides valuable recommendations for organisations to address the challenges posed by synthetic media threats, particularly deepfakes. The CSI suggests implementing various technologies and strategies to counter this emerging threat.

One key recommendation is adopting real-time verification capabilities, which enable organisations to identify and respond to potential instances of deepfake content swiftly. Passive detection techniques are also emphasised for ongoing monitoring and early detection. Furthermore, the CSI highlighted the importance of safeguarding high-priority officers and their communications, as they are often the targets of deepfake attempts.

In addition to detection, the guidance underscores the significance of minimising the impact of deepfake attacks. This involves information sharing within and across organisations to stay ahead of evolving threats. It also advocates for comprehensive planning and rehearsing of responses to potential exploitation attempts, ensuring that organisations are well-prepared to mitigate the consequences of deepfake incidents. Personnel training is another crucial component, equipping individuals with the skills and knowledge to recognise and respond effectively to synthetic media threats.

The CSI underscores the diverse nature of synthetic media threats, encompassing techniques that jeopardise an organisation’s brand, impersonate its leaders and financial officers, and employ fraudulent communications to gain unauthorised access to networks and sensitive information. These threats highlighted the need for a holistic approach to cybersecurity.

Advancements in computational power and deep learning have facilitated the mass production of fake media, making it more accessible and cost-effective. This not only undermines brands and financial stability but also has the potential to incite public unrest by disseminating false information on critical issues such as politics, society, the military, and the economy.

The CSI draws attention to the concerning availability of deep learning-based algorithms on open-source repositories. These accessible resources pose a security risk, as their application requires minimal technical skill and can be executed using little more than a personal laptop. Consequently, the widespread availability of such tools amplifies the urgency of addressing synthetic media threats.

In light of these evolving challenges, the NSA, FBI, and CISA strongly encourage security professionals to adopt the strategies outlined in the report. By proactively implementing these recommendations, organisations can enhance their resilience to the growing threats posed by synthetic media and deepfakes. This collaborative effort among government agencies and security experts is vital to ensuring the integrity of digital information and safeguarding national security.

Singapore-U.S. Partner for Cybersecurity and Emerging Tech

Image credit : mindef.gov.sg
Share via

The 13th Singapore-US Strategic Security Policy Dialogue (SSPD) was convened, and co-chaired by Permanent Secretary of Defence, Chan Heng Kee and United States Acting Under Secretary of Defense for Policy, Sasha Baker. This dialogue, embedded within the 2005 Strategic Framework Agreement and Defence Cooperation Agreement, serves as a cornerstone for shaping the future of Singapore-US defence relations.

Beyond the traditional domains of defence, Singapore and the US are venturing into uncharted territory – cybersecurity and critical emerging technologies. This signifies a strategic shift that acknowledges the evolving nature of security threats in the digital age.

Both nations have recognised the enduring strength of their bilateral defence relationship. Singapore’s unwavering support for the U.S. regional presence, outlined in the 1990 Memorandum of Understanding (MoU) Regarding the U.S. use of Facilities (1990 MoU), remains a crucial pillar of their alliance. Simultaneously, the US continues to bolster the Singapore Armed Forces (SAF) capabilities through overseas training and technology access. This includes the RSAF’s acquisition of the cutting-edge F-35 fighter aircraft.

The dialogue marked a significant milestone by introducing discussions on cybersecurity. In an interconnected world, where information is power, securing digital infrastructure cannot be overstated.

By engaging in collaborative efforts to enhance their cyber defences, Singapore and the US are not only safeguarding their interests but also contributing to global cybersecurity resilience. This proactive approach sets a precedent for other nations to follow suit and collectively combat cyber threats.

Also, the emphasis on critical and emerging technologies highlights the foresight of both nations. In today’s fast-paced technological landscape, advancements in areas such as artificial intelligence (AI), quantum computing, and biotechnology can tip the scales of national security.

By pooling their expertise and resources, Singapore and the US are positioning themselves at the forefront of innovation, ensuring they are well-prepared for the security challenges of the future.

The dialogue also featured discussions on regional developments and the continued engagement of the US in the Asia-Pacific region. The ASEAN Defense Ministers’ Meeting (ADMM)-Plus framework serves as a platform for constructive dialogue and cooperation among ASEAN member states and their partners. Singapore and the US both recognise the significance of this framework in promoting regional stability and security.

Regular bilateral and multilateral training exercises form another vital facet of this partnership. Exercises like Tiger Balm, Pacific Griffin, Commando Sling, Red Flag, and Super Garuda Shield serve as platforms for joint training and skill development. These exercises not only enhance the operational readiness of both armed forces but also foster greater cooperation and understanding between Singapore and the US.

One noteworthy aspect of this collaboration is the US’s support for SAF’s overseas training, exemplified by Exercise Forging Sabre. This training, conducted at Mountain Home Air Force Base, Idaho, has played a pivotal role in honing the skills of RSAF personnel.

In 2023, two RSAF detachments, Peace Carvin II (F-16 fighter aircraft) and Peace Vanguard (Apache AH-64 helicopters), marked their 30th and 20th anniversaries of training in the US, respectively. These milestones are a testament to the enduring nature of the Singapore-US defence relationship.

The 13th Singapore-US Strategic Security Policy Dialogue not only reaffirmed the steadfast commitment of both nations to their long-standing defence partnership but also showcased their readiness to adapt to the evolving security landscape.

As reports cited the inclusion of cybersecurity and critical emerging technologies in the discussions reflects the forward-thinking approach to safeguarding the national interests of both nations. As they continue to train together, exchange knowledge, and invest in cutting-edge technologies, Singapore and the US are poised to navigate the complex challenges of the future, hand in hand.

New Zealand’s Investment in Cyber Resilience

Share via

In an era defined by the pervasive influence of digital technologies across industries, the Government Communications Security Bureau’s National Cyber Security Centre (NCSC) has taken a significant step forward by releasing a comprehensive resource to enhance the comprehension and proficient management of cybersecurity investments. This resource is not just another document but a strategic tool tailored to guide business leaders and cybersecurity professionals towards a deeper understanding of the intricacies associated with cybersecurity investments.

As the landscape of cyber threats continues to evolve and intensify, Lisa Fong, the Deputy Director-General of GCSB and the individual tasked with overseeing NCSC, underscored the pressing need for organisations to adopt a well-structured and strategic approach to their cybersecurity investments. She emphasises the growing importance of aligning an organisation’s cybersecurity strategy with its broader goals and financial governance.

Ms Fong recognised that cybersecurity is not merely a standalone function but an integral component of an organisation’s overall strategy in this digital age. Within this strategic framework, an investment plan is a pivotal element that requires careful consideration and meticulous planning.

With the digital realm woven into the fabric of modern business operations, organisations must recognise that a robust cybersecurity strategy is no longer an option but a necessity. Ms Fong believed this resource will provide invaluable guidance for organisations looking to fortify their cybersecurity posture. It serves as a roadmap, helping organisations chart a course that aligns their cybersecurity investments with their unique organisational objectives and financial governance structures. Doing so empowers them to address the complex and ever-evolving landscape of cybersecurity threats with greater efficiency and confidence.

As the digital landscape continues to expand at an unprecedented pace, organisations face the dual challenge of harnessing the benefits of digitalisation while concurrently navigating a rapidly evolving threat landscape. With this escalating digital transformation, the risks associated with protecting sensitive information assets and ensuring the uninterrupted operation of critical services have become more pronounced than ever before.

In light of these challenges, Lisa Fong, Deputy Director-General of GCSB and overseer of NCSC, underscored the overarching objective of effective cybersecurity investment: the seamless integration of cyber resilience into an organisation’s culture.

This vision extends beyond merely being a set of protective measures—it envisions cybersecurity as an ingrained mindset and practice, shaping how an organisation approaches its operations, decisions, and interactions in an increasingly digital world.

However, Ms Fong acknowledged that investing in cybersecurity isn’t a one-size-fits-all endeavour. Instead, it is an intricately tailored process, precise to each organisation’s requirements. The multifaceted nature of cybersecurity investments, characterised by their organisation-specific complexities, underscores the need for flexibility in planning and execution. Organisations must be prepared to adapt and recalibrate their cybersecurity investment strategies to keep pace with the constantly shifting landscape of digital threats and vulnerabilities.

To facilitate this adaptability and provide organisations with a structured approach, the guidance presented by NCSC outlines a four-phase, cyclical methodology for cybersecurity investment. This approach encompasses a comprehensive understanding of the organisation’s threat landscape, formulating a strategic cybersecurity plan, the execution of initiatives, and rigorous measurement of success.

Ms Fong further emphasised that this guidance doesn’t aim to provide exhaustive, prescriptive instructions but is a valuable point of departure. It empowers organisations to initiate their cybersecurity investment journey with a robust framework, enabling them to structure their thoughts and strategies effectively. It offers a starting point, a roadmap, that can be customised to an organisation’s unique context, needs, and objectives, providing invaluable insights into cybersecurity investment.

Interactive Comics for Cybersecurity Education

Image credits: bssn.go.id
Share via

The National Cyber and Crypto Agency (BSSN) acknowledges that technological advancements will trigger increasingly massive and diverse cybersecurity risks and threats. These threats focus on social, psychological, and behavioural aspects and activities aimed at influencing or manipulating individuals, groups, or communities, which can disrupt mindsets, behaviours, and human interactions.

Instances of these social cybersecurity threats include disseminating false electronic information, also known as information disruption. Information disruption is divided into misinformation, disinformation, and misinformation, real threats that can spread fear or provoke and lead to the widespread dissemination of false news and even propaganda.

One of BSSN’s steps in anticipating social cyberattacks is to strengthen the culture of information security by collaborating with the Directorate General of Public Information and Communication (Ditjen IKP) of the Ministry of Communication and Information Technology through the joint creation of content in Komik Komunika with the theme “Digital Deception.”

Acting Director of Security and Information Control Operations at BSSN, Satryo Suryantoro, welcomed the cooperation and collaboration established by publishing Komik Komunika edition 48. The introduction of the character Cody in this comic edition strengthens the connection between the world of cybersecurity literacy and a more engaging visual approach.

Previously, Cody was introduced in the cybersecurity literacy series titled “Cybernaut Generation 1.0.” Cody’s presence in the comic provides continuity in delivering crucial messages about cybersecurity to various audiences, especially the younger generation, who may be more connected to visual forms of communication.

There is also the Latest Social Cyber Education News (BESTI), which has successfully published 8 editions in 2 languages. The presence of bilingual versions is an effort to ensure that as many people can receive messages related to cybersecurity as possible. Using two languages, BESTI strives to embrace diverse audiences, including those who may be more comfortable with one language. It also makes the cybersecurity education approach more inclusive and far-reaching.

In other words, this comic is part of a broader strategy to educate the public about the importance of cybersecurity and how they can protect themselves online. Through various communication tools such as comics, literacy materials, and educational news, this effort aims to reach a wider audience and create a better understanding of the challenges and solutions in the ever-evolving cyber world. The more people receive this message, the better the community’s ability to face existing cybersecurity threats.

Satryo is optimistic that cybersecurity literacy in Indonesia can be strengthened through ongoing cooperation and collaboration. He plans to collaborate even in Remote, Frontier, and Outermost Areas (Daerah 3T).

“I am optimistic that the results of the collaboration, such as Komik Komunika, can be accessible to the younger generation, both in urban areas and in Daerah 3T,” Satryo adds.

Nursodik Gunarjo, Director of Media Management at the Directorate General of IKP Kemenkominfo, stated that cybersecurity awareness is conveyed through various media, including comics. According to Gunarjo, comics are deliberately chosen because images and visual presentations appeal more strongly to the younger generation. Moreover, the fact that Indonesia is the largest consumer of comics in the world.

He also expressed his optimism that cybersecurity literacy through comics can increase the younger generation’s understanding, awareness, and participation in efforts to maintain Indonesia’s cyber sovereignty.

“Without active participation from the younger generation in applying cybersecurity, the risks to our country in the digital world will increase,” he said.

Recommended Stories

Linkedin-in Twitter Facebook-f Youtube Instagram
© 2023 OpenGov Asia – CIO Network Pte Ltd.

MENU

Linkedin-in Twitter Facebook-f Youtube Instagram

PARTNER

#image_title

Qlik

Globe Facebook Twitter Linkedin

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

#image_title

CTC

Globe Facebook Twitter Linkedin Youtube

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

#image_title

Planview

Globe Facebook Twitter Linkedin Youtube

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

#image_title

SIRIM

Globe Facebook Twitter Linkedin Youtube

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

#image_title

HashiCorp

Globe Facebook Twitter Linkedin Youtube

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

#image_title

IBM

Globe Facebook Twitter Linkedin Youtube

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend