News

Hype vs Reality in 2019: Experts Weigh in on Hotly Contested Statements about Cybersecurity

Industry Experts share their thoughts on IoT, critical infrastructure and more ahead of RSA Conference 2019 Asia Pacific and Japan

 

SINGAPORE Media OutReach -
July 4, 2019 - RSA Conference, the
world's leading information security conferences and expositions, today
unveiled expert insights into
salient issues around emerging threats and
security technologies.

 

Ahead
of RSAC 2019 APJ, which begins on Tuesday, 16 July, and runs through Thursday,
18 July, at the Marina Bay Sands Convention Center in Singapore, industry
experts, including speakers and the program committee of RSAC 2019 APJ  weigh in on the evolving threat landscape,
and uncover what is hype, what is reality and what this means for businesses
and CISOs in the Asia Pacific region.

 

"RSA
Conference serves to be a platform that facilitates pertinent conversations,
while informing businesses of how to make actionable decisions on all things
cybersecurity. With the continuous emergence of new technologies, enterprises
now find themselves having an ever-growing repository of security products that
do not necessarily help in providing strategic management of cyberthreats. We
gathered industry experts participating at RSAC 2019 APJ to share on what risks
are understated or overstated, so businesses and CISOs can distinguish between
hype and what should be genuine priorities," explained Linda Gray Martin,
Senior Director & General Manager, RSA Conferences.

 

Based
on industry observations and interactions with partners and customers across
the region, experts share their thoughts on four hotly contested statements
that impact regional businesses in 2019:

 

1.     It
is possible for a cybersecurity solution to be completely unhackable?

The adoption of
fraud detection and prevention solutions, including multifactor authentication
and biometric solutions have been on the rise in Asia. According to Grand View
Research, the Asia Pacific market will witness the fastest growth rate from
2018-2025, as a result the increasing emphasis on personal data security,
stringent regulatory compliances, and increased investments in connected
devices and cloud technologies. While such solutions buffer against attacks,
experts caution that businesses need to do more than just ensure that
technologies are in place.

 

"The reality is,
biometrics also brings with it some caveats and new risks, including privacy
concerns around how 'Personal Identifiable Information' is collected, shared
and secured as this data can also be a target for cybercriminals. As biometric
technologies depend on probabilities and confidence scores, there are also
risks that the systems can be spoofed by say, a photo. Therefore, it is always
best for biometrics to work in conjunction with other security measures,"
explained Vicky Ray, Principal Researcher, Unit 42 Threat Intelligence, Asia
Pacific.

 

An executive
advisor of a Fortune 100 company and member of the RSAC Program Committee
shared similar sentiments. "
We have seen security "silver
bullets" come and go over the years - it used to be biometrics and now,
vendors are praising AI as the ultimate cyber defense weapon. Unfortunately,
the one constant is that hackers will resolve to targeting the weakest link -
people. While biometrics are good as another layer of security, they are but
just an additional layer of security. If hackers can convince people to do
something that they should not do, no technology will help," he explains.

 

2.
When IoT devices are embedded with security vulnerabilities, it puts users at
risk

The
opportunities that the Internet of Things phenomenon has driven across
businesses and industries have been almost unparalleled, as ubiquitous
connected devices provide key physical data, unlocking further business
insights via the cloud. Yet, they have also turned into security concerns with
the emergence of distributed denial of service attacks and a rising number of
internet security breaches launched against servers.

 

Experts
warn that this is a valid concern, and that more needs to be done in order to
protect end users. Sunil Varkey, Chief Technology Officer and Security
Strategist, Middle East, Africa and Eastern Europe, Symantec, said, "Even as
IoT
adoption is in a rapid phase and may soon touch our everyday lives, security
needs to be accounted for. Currently, it is not a major consideration in the
development lifecycle. As such, most security practitioners are not yet
familiar with security protocols for IoT, and that needs to change. Else, any
exploit on the vulnerabilities or mis-configurations could lead to huge impact
on safety."

 

Srinivas
Bhattiprolu, Senior Director-Solutions and Services, Asia Pacific-Japan, Nokia,
elaborated on how threat vectors could potentially take advantage of IoT
devices, explaining that lateral movements to compromise assets within the
security perimeter has been on the rise. "In order to secure an end-to-end IoT
system, it is necessary to clearly understand the vulnerabilities and exploits
associated with specific components as well as of the system as a whole," he
explained.



3. Critical infrastructure owners should create separate networks to move
essential operations off the internet

In
recent years, governments and organisations across the APJ region have begun
the introduction of separate networks, and have even cut off internet
connection from employee devices in order to prevent potential leaks from
e-mails and shared documents. The Singapore government's move in May 2017 is
one such example in a move to prevent attackers from tapping the internet to
plant malware in work devices. As for whether this is essential, experts share
differing views.

 

"The
challenges that security professionals have been facing with legacy systems is
their complexity and lack of security by design, which necessitate off-network
operations. This is still a common practice as it reduces critical systems
exposure, providing mitigating controls, by limiting potential cyber-attacks
through segregation," explained Magda Lilia Chelly, Managing Director at
Responsible Cyber Pte Ltd.

 

Varkey
however pointed out the increasing challenge of this practice. "While isolation
and separation of network segments were an active defense strategy when systems
and information were well within defined perimeters and enterprise networks,
this might not be enough to solve challenges anymore. This is because
heterogeneous multi-cloud environments see users having multiple IT personas."

 

"Beyond
segregation,
owners and operators of critical infrastructure should make sure their
systems are properly secure, patched, updated and monitored. It is too easy for
an individual today to go on one of several search engines and easily find
misconfigured or unpatched critical systems," continued Varkey.

 

4.
AI-powered systems are self-sustaining and secure by design

According
to market research firm,
Reportlinker[1], the Asia
Pacific region is expected to be the largest AI cybersecurity market, as a
result of the high adoption of advanced technologies like IoT, big data and
cloud computing. As for its ability to keep out attacks, experts warn that AI
has both exacerbated advances in cybersecurity solutions and threats of
cybercrime.

 

"We have
seen recent AI deployments across cyber security solutions, where companies
claim that they can detect attacks faster using the technology. Academic
research proves a success rate between 85% and 99% - this all depends on the
implementation, algorithms and data," Chelly explained.

 

"In order
for AI to be successful, it requires the appropriate data input. If the data
input is manipulated, or biased, new security concerns can emerge very quickly.
The data inputs, and their integrity and availability present a crucial element
for the AI technology," she continued.



[1]  https://www.reportlinker.com/p05273236/Artificial-Intelligence-in-Security-Market-by-Offering-Technology-Deployment-Type-Security-Type-Security-Solution-End-User-And-Geography-Global-Forecast-to.html?utm_source=PRN

About RSA Conference:

RSA Conference
is the premier series of global events and on-demand programs where the world
talks security and leadership gathers, advances and emerges. Whether attending
in the US, the EMEA region, the Asia-Pacific region or online, RSA Conference
events are where the security industry converges to discuss current and future
concerns and get access to the people, content and ideas that help enable
individuals and companies to win, grow and do their best. It's about bringing
all people in the cybersecurity industry together and empowering the collective
"we" of the cybersecurity industry to stand against cyberthreats around the
world. RSA Conference is the ultimate marketplace for the latest technologies
and hands-on educational opportunities that help industry professionals
discover how to make their companies more secure while showcasing the most
enterprising, influential and thought-provoking thinkers and leaders in
security today. For information on events, online programming and the most
up-to-date news pertaining to the cybersecurity industry visit 
www.rsaconference.com.

 

RSA
Conference logo, RSA, Dell, EMC, Dell EMC and other trademarks are trademarks
of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their
respective owners.

To Top