Hype vs Reality in 2019: Experts Weigh in on Hotly Contested Statements about Cybersecurity

July 04, 2019 - 02:18
Hype vs Reality in 2019: Experts Weigh in on Hotly Contested Statements about Cybersecurity

Industry Experts share their thoughts on IoT, critical infrastructure and more ahead of RSA Conference 2019 Asia Pacific and Japan

 

SINGAPORE Media OutReach -July 4, 2019 - RSA Conference, theworld's leading information security conferences and expositions, todayunveiled expert insights into salient issues around emerging threats andsecurity technologies.

 

Aheadof RSAC 2019 APJ, which begins on Tuesday, 16 July, and runs through Thursday,18 July, at the Marina Bay Sands Convention Center in Singapore, industryexperts, including speakers and the program committee of RSAC 2019 APJ  weigh in on the evolving threat landscape,and uncover what is hype, what is reality and what this means for businessesand CISOs in the Asia Pacific region.

 

"RSAConference serves to be a platform that facilitates pertinent conversations,while informing businesses of how to make actionable decisions on all thingscybersecurity. With the continuous emergence of new technologies, enterprisesnow find themselves having an ever-growing repository of security products thatdo not necessarily help in providing strategic management of cyberthreats. Wegathered industry experts participating at RSAC 2019 APJ to share on what risksare understated or overstated, so businesses and CISOs can distinguish betweenhype and what should be genuine priorities," explained Linda Gray Martin,Senior Director & General Manager, RSA Conferences.

 

Basedon industry observations and interactions with partners and customers acrossthe region, experts share their thoughts on four hotly contested statementsthat impact regional businesses in 2019:

 

1.     Itis possible for a cybersecurity solution to be completely unhackable?

The adoption offraud detection and prevention solutions, including multifactor authenticationand biometric solutions have been on the rise in Asia. According to Grand ViewResearch, the Asia Pacific market will witness the fastest growth rate from2018-2025, as a result the increasing emphasis on personal data security,stringent regulatory compliances, and increased investments in connecteddevices and cloud technologies. While such solutions buffer against attacks,experts caution that businesses need to do more than just ensure thattechnologies are in place.

 

"The reality is,biometrics also brings with it some caveats and new risks, including privacyconcerns around how 'Personal Identifiable Information' is collected, sharedand secured as this data can also be a target for cybercriminals. As biometrictechnologies depend on probabilities and confidence scores, there are alsorisks that the systems can be spoofed by say, a photo. Therefore, it is alwaysbest for biometrics to work in conjunction with other security measures,"explained Vicky Ray, Principal Researcher, Unit 42 Threat Intelligence, AsiaPacific.

 

An executiveadvisor of a Fortune 100 company and member of the RSAC Program Committeeshared similar sentiments. "We have seen security "silverbullets" come and go over the years - it used to be biometrics and now,vendors are praising AI as the ultimate cyber defense weapon. Unfortunately,the one constant is that hackers will resolve to targeting the weakest link -people. While biometrics are good as another layer of security, they are butjust an additional layer of security. If hackers can convince people to dosomething that they should not do, no technology will help," he explains.

 

2.When IoT devices are embedded with security vulnerabilities, it puts users atrisk

Theopportunities that the Internet of Things phenomenon has driven acrossbusinesses and industries have been almost unparalleled, as ubiquitousconnected devices provide key physical data, unlocking further businessinsights via the cloud. Yet, they have also turned into security concerns withthe emergence of distributed denial of service attacks and a rising number ofinternet security breaches launched against servers.

 

Expertswarn that this is a valid concern, and that more needs to be done in order toprotect end users. Sunil Varkey, Chief Technology Officer and SecurityStrategist, Middle East, Africa and Eastern Europe, Symantec, said, "Even as IoTadoption is in a rapid phase and may soon touch our everyday lives, securityneeds to be accounted for. Currently, it is not a major consideration in thedevelopment lifecycle. As such, most security practitioners are not yetfamiliar with security protocols for IoT, and that needs to change. Else, anyexploit on the vulnerabilities or mis-configurations could lead to huge impacton safety."

 

SrinivasBhattiprolu, Senior Director-Solutions and Services, Asia Pacific-Japan, Nokia,elaborated on how threat vectors could potentially take advantage of IoTdevices, explaining that lateral movements to compromise assets within thesecurity perimeter has been on the rise. "In order to secure an end-to-end IoTsystem, it is necessary to clearly understand the vulnerabilities and exploitsassociated with specific components as well as of the system as a whole," heexplained.


3. Critical infrastructure owners should create separate networks to moveessential operations off the internet

Inrecent years, governments and organisations across the APJ region have begunthe introduction of separate networks, and have even cut off internetconnection from employee devices in order to prevent potential leaks frome-mails and shared documents. The Singapore government's move in May 2017 isone such example in a move to prevent attackers from tapping the internet toplant malware in work devices. As for whether this is essential, experts sharediffering views.

 

"Thechallenges that security professionals have been facing with legacy systems istheir complexity and lack of security by design, which necessitate off-networkoperations. This is still a common practice as it reduces critical systemsexposure, providing mitigating controls, by limiting potential cyber-attacksthrough segregation," explained Magda Lilia Chelly, Managing Director atResponsible Cyber Pte Ltd.

 

Varkeyhowever pointed out the increasing challenge of this practice. "While isolationand separation of network segments were an active defense strategy when systemsand information were well within defined perimeters and enterprise networks,this might not be enough to solve challenges anymore. This is becauseheterogeneous multi-cloud environments see users having multiple IT personas."

 

"Beyondsegregation, owners and operators of critical infrastructure should make sure theirsystems are properly secure, patched, updated and monitored. It is too easy foran individual today to go on one of several search engines and easily findmisconfigured or unpatched critical systems," continued Varkey.

 

4.AI-powered systems are self-sustaining and secure by design

Accordingto market research firm, Reportlinker[1], the AsiaPacific region is expected to be the largest AI cybersecurity market, as aresult of the high adoption of advanced technologies like IoT, big data andcloud computing. As for its ability to keep out attacks, experts warn that AIhas both exacerbated advances in cybersecurity solutions and threats ofcybercrime.

 

"We haveseen recent AI deployments across cyber security solutions, where companiesclaim that they can detect attacks faster using the technology. Academicresearch proves a success rate between 85% and 99% - this all depends on theimplementation, algorithms and data," Chelly explained.

 

"In orderfor AI to be successful, it requires the appropriate data input. If the datainput is manipulated, or biased, new security concerns can emerge very quickly.The data inputs, and their integrity and availability present a crucial elementfor the AI technology," she continued.

About RSA Conference:

RSA Conferenceis the premier series of global events and on-demand programs where the worldtalks security and leadership gathers, advances and emerges. Whether attendingin the US, the EMEA region, the Asia-Pacific region or online, RSA Conferenceevents are where the security industry converges to discuss current and futureconcerns and get access to the people, content and ideas that help enableindividuals and companies to win, grow and do their best. It's about bringingall people in the cybersecurity industry together and empowering the collective"we" of the cybersecurity industry to stand against cyberthreats around theworld. RSA Conference is the ultimate marketplace for the latest technologiesand hands-on educational opportunities that help industry professionalsdiscover how to make their companies more secure while showcasing the mostenterprising, influential and thought-provoking thinkers and leaders insecurity today. For information on events, online programming and the mostup-to-date news pertaining to the cybersecurity industry visit www.rsaconference.com.

 

RSAConference logo, RSA, Dell, EMC, Dell EMC and other trademarks are trademarksof Dell Inc. or its subsidiaries. Other trademarks may be trademarks of theirrespective owners.

E-paper