Left to right: Ms. Mary Grace Mirandilla-Santos, Mr. Aalok Kumar, Mr. Frits Gerald Enriquez, Mr. Kuok Chiang Kim, Senior Security Advisor, and Mr. Keith Detros
The recent surge in cyber risks threatens the promise of technology to deliver sustainable development. Organised by the Asian Development Bank, various cyber experts discussed how countries can cope with the evolving cyberthreats.
Moderator and panellists:
- Ms. Mary Grace Mirandilla-Santos, ICT Research Consultant
- Mr. Aalok Kumar, Corporate Officer and Sr. VP-Head of Global Smart City Business and President and CEO, NEC Corporation India
- Mr. Frits Gerald Enriquez, Principal, KPMG
- Mr. Kuok Chiang Kim, Senior Security Advisor, AWS
- Mr. Keith Detros, Programme Manager, Tech for Good Institute
Key Insights from the Panel:
- Encouraging a mindset shift is critical for cyber resilience.
With the advent of emerging technologies, the way countries and organisations approach cybersecurity needs to also change. Threats are increasing not only in volume, but also sophistication. Experts noted the importance of cybersecurity not as a one-time investment, but a continuous process to ensure that networks and processes remain secure and safe amidst the rapidly evolving threat landscape.
Resilience is an important part of this critical mindset shift. Resilience, as highlighted in TFGI’s study, is defined as the capability of organisations to constantly seek improvements in people, processes, and technologies to adapt to new threat developments. In addition, there is a need to update outdated policies and archaic strategies to mirror the dynamic threat landscape. Experts also noted the importance of encryption by default, adopting a zero-trust approach with granular permissions, continuous verification of user actions, supply chain risk management, operational continuity planning, and implementation audits to promote a more secure environment.
- Protecting critical infrastructure will be increasingly important in the digital age.
With the cyberspace and physical world being tightly interconnected in today’s world, this has given rise to critical information infrastructure that are vital to the smooth functioning of our daily lives. Critical infrastructure include sectors that have implications towards national security, economic security, public health, public safety, or any combination thereof.
Globally, attacks on critical infrastructure led to real-life disruptions. The speakers emphasised the need for governments to invest in the necessary resources to protect these sectors. This includes creating responsive frameworks that would cover asset visibility, asset management, and effective monitoring to protect critical systems and networks. Physical and logical segmentation of critical infrastructure assets are also necessary to contain any attacks or breaches. More importantly, capacity building and development of the workforce, which may not traditionally be considered cybersecurity professionals, should be a priority. An inclusive and whole-of-government approach would ensure all bases are covered in protecting critical infrastructure.
- Leveraging artificial intelligence to promote a more secure environment.
The use of AI and AI-powered tools can be considered both an opportunity and threat in cybersecurity. AI is considered a risk because threat actors are also using AI to compromise systems. A study by London-based cybersecurity consulting provider RiverSafe noted that a majority of security leaders (80%) believe AI is the biggest threat to their businesses. While security professionals may observe the responsible use of AI, cyber criminals do not play by the same rules.
On the positive note, cybersecurity professionals can use AI to deploy autonomous processes to identify anomalies and vulnerabilities. For cybersecurity professionals, however, a better understanding of AI tools is needed to be able to deploy them effectively. This includes understanding of the model’s training data, the encryption it uses, and the algorithm it runs to make decisions.
- Cross-functional, cross-sectoral, and cross-border collaboration will enable a resilient cyberspace.
To promote a resilient cyberspace, collaboration across teams, across sectors, and across borders is key. Within organisations, awareness building is necessary–from the executive level down to individual users. Regular discussions about cyber risks can instill a comprehensive, inclusive, and proactive cybersecurity culture. Investments in training and education is key towards bridging cybersecurity gaps.
In addition, there should be efforts towards sharing information across different economic sectors. Industries are more connected than ever in the digital age. Running a smart city, for example, involves various public and private organisations to ensure smooth delivery of services. Sectoral knowledge-sharing platforms would help countries remain one step ahead of possible cyber threats.
Finally, cross-country collaborations would foster a more resilient cyberspace. For example, threat intelligence sharing can help promote best practices. Countries can also collaborate to have mechanisms for early warning systems that would prevent threats from transcending national borders. Collaborations can also lead to coordinated response, leaning on various resources and cyber expertise of different nations, to mitigate cyber risks.