Threats in today’s world are more sophisticated than ever, operating like an organization

Due to the current geopolitical climate, Palo Alto Networks is keenly observing the fast changing cyber activities in Southeast Asia. Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks, stated at a press conference held in Singapore last September that the company will actively work with its clients and governments to review their cybersecurity policies and incident response plans as well as to strengthen their security posture against the backdrop of the changing threat intelligence landscape to steer clear of potentially destructive cyberattacks.

Palo Alto Networks offered advice on how to get ready for cyberattacks that can interrupt, disable, or destroy vital infrastructure, in line with earlier reporting on the subject. Ransomware attacks had an unprecedented impact, posing a threat to hundreds of businesses throughout the world and seizing control of vital infrastructure. It is advised that all organizations proactively prepare to protect against this potential danger. Future assaults may target APAC organizations as revenge for additional sanctions or other political steps against the Russian government. CIO World Asia spoke with Sean Duca, Vice President and Regional Chief Security Officer, Asia Pacific & Japan, Palo Alto Networks to share more on the 2022 Incident Response Report.

---

It is understood from the 2022 Incident Response Report that threats are more sophisticated than before, and they work like an organisation. How can AI and systems identify threats more effectively than before?

At Palo Alto Networks, AI is a critical piece of our history of solutions that prevent successful cyber-attacks. The in-line network and endpoint security components of the Security Operating Platform spread out across the enterprise and cloud, providing data to AI services that can detect new malware and identify malicious domains within minutes. The components also provide the point at which policy enforcement, based on the results of the AI services, which these solutions leverage on to prevent successful cyber-attacks.

While the industry has been talking about Zero Trust Network Access (ZTNA), companies must evolve to leverage solutions that enable ZTNA 2.0 – a zero-trust solution that continuously validates and inspects all traffic that is entering or happening on the network and application. ZTNA 2.0 also authenticates the digital interactions between the users and the application or platform. The theory behind zero trust is never to trust and verify everything; hence it must be scrutinised. By validating each and every interaction within the network or application, businesses can effectively and swiftly identify suspicious activity in real-time.

Many companies in 2022 are stepping up their cybersecurity budget. What are more actions that CIOs can prioritize to combat the state of cybersecurity threats in ASEAN?

According to Palo Alto Networks’ State of Cybersecurity Report in ASEAN 2022, 92% of business leaders are planning on making cybersecurity a priority, 75% have an increased focus on cybersecurity and two-thirds of organisations plan on increasing their cybersecurity budget. Armed with this data, during annual budget meetings, CIOs need to negotiate and persuade the C-suite on why it is critical that the company should allocate a budget for cybersecurity and how it impacts them and the business if they do not. Below are some tips and pointers CIOs can employ during their conversation with the board:

• Make conversations less technical and apply relevance to business initiatives and drivers.

Using data to report on the pertinent cybersecurity problems plaguing businesses and the world today is more likely to catch the attention of the C-suite board than technical talk. For example, how 94% of ASEAN organisations experienced an increase in cyberattacks in 2021. Presenting such data and linking it back to why the board should take immediate action to address potential cybersecurity problems would drive your point on why a budget is needed for cybersecurity.

• Have collaborative discussions on security

Instead of making the discussion a “technology problem”, it is imperative to turn it into a policy collaboration between the IT and various departments. For example, a CIO shared how she asked the board how they would like to implement and activate the new applications that the business would like to use moving forward instead of rejecting the request immediately. This made the discussion engaging and positive and increased her chances of attaining a budget for cybersecurity.

• Show how cybersecurity contributes to the company’s savings and innovation.

It is important to convince the board of the significance of investing in proactive cybersecurity measures and how it would save the company from greater financial losses. For example, bringing up instances where the IT department creatively resolved an issue by balancing the needs of the business or preventing a cyberattack would be a crux in the discussion. Having more budget would mean the team could reduce outsourcing certain services or give them the autonomy to innovate and improve the technological processes within the company.

What are some key first steps in taking a cybersecurity assessment?

Companies need to conduct a risk assessment – identifying the most vital assets and data that require the best protection. For example, this could be a customer’s confidential intellectual property, credit card details, personal information, medical information or industrial data.

Next, an assessment of potential cybersecurity risks and attacks that could potentially endanger these data needs to be taken. For example, having a brainstorming session with employees from various teams would be useful in identifying risks and even solutions that could mitigate these risks.

How important is it to choose a ‘partner’ and not just simply choose a ‘product’?

Instead of relying on the IT team to choose products that can resolve issues as and when it happens, choosing a good cybersecurity partner will be beneficial in the long run.

In the long term, a partner could conduct a risk assessment and better identify solutions that would be best suited to your organisation’s needs and security gaps. IT teams would also have full visibility of the security systems safeguarding the companies’ networks on one integrated platform rather than keep track of multiple solutions separately. This would reduce their workload and blind spots and fortify the companies’ data and network infrastructure.

---