June 28, 2018

Embracing innovation without compromising on security is Asia Pacific CISOs top concern

Brandon Swafford

As organizations re-invent themselves and continue to leap forward, it leaves decision-makers with a tough balancing act to manage – protecting critical business data always as employees’ access data anywhere within the company’s network, in cloud or mobile devices. This blog covers some recommended security innovations for CISOs to consider as they strive to stay safe and competitive.

I have been flying around the Asia-Pacific region this spring, presenting at a string of Forcepoint customer events. These events are timely as Asia-Pacific sits on the cusp of digital transformation but amid looming privacy and security concerns. In my many discussions with cybersecurity leaders in the region, I realized one thread runs deep - the need for organizations to innovate to create better customer experiences and remain competitive by adopting technology. Governments too are not far behind – many Southeast Asian countries have introduced several policy measures and launched many ground breaking initiatives to move towards digital economy and offer their citizens better access to their services e.g. Singapore government’s initiative of cashless society or Thailand 4.0.  Adoption of cloud, mobility, artificial intelligence, blockchain, and internet-of-things are just some of the technologies that are redefining the way enterprise and government organizations are innovating to become more productive and differentiated.

While business productivity certainly reaps rewards, the migration to cloud and mobility have opened organizations for cyber attackers to exploit loopholes and launch sophisticated cyber-attacks. It is now one year since one of the largest global cyber-attacks, WannaCry, hit Singapore. The ransomware affected shopping malls and compromised possibly many users in the nation state.

As organizations re-invent themselves and continue to leap forward, it leaves decision makers with a tough balancing act to manage – protecting critical business data always as employees’ access data anywhere within the company’s network, in cloud or mobile devices. IT leaders need to maintain certain cyber defense anchors that should be the core of every organization’s security implementation architecture. The cyber defense anchors function like design principles in guiding the security team so digital innovation can continue to flourish in the workplace.

Here are some of the cyber defense anchors I recommend for organizations to stay safe and competitive:

1. Usability in a growing, dynamic workplace

Whatever the size of the organization, the cybersecurity strategy deployed needs to sustain future growth in terms of workforce and solutions. This often comes in two parts. Firstly, the segmenting of the expanded network to maintain privileged access to critical information. This step, while important to restrict data loss, also inhibits employees from accessing or sharing important data to fulfil a legitimate objective. It is thus imperative that organizations take a two-step approach to foster speed, efficiency, and scale through the ‘visibility through usability’ model. This model promotes the sharing of data between segmented networks by enhancing visibility in the corporate network and transfer system. End-users can effectively and efficiently support the organization’s missions, while system administrators have enhanced visibility and enterprise-scale administration tools to support the global footprint from a single location, all with the highest degrees of security.

2. Entering the Zero-Perimeter World

Traditionally, security was simply about keeping “bad” people out. We put up fences and locked our doors to prevent any unauthorized entry. The early days of cybersecurity focused around preventing unknown outsiders from hacking their way into computers. Today, however, cybersecurity is much more complicated; in the past CIOs had control of their entire corporate network but with cloud coming in, the CIOs no longer have the control, it is now a borderless world. There is no perimeter to it.

To stay safe in this zero-perimeter world, organizations will need a cybersecurity strategy that focuses on the human risk than just threats. As technologies change and threats evolve, people are the only constant. By understanding the behavior of cyber identities and context behind their actions, organizations can have a better response against advanced threats. 

3. Shift to a continuous risk adaptive model

Legacy cybersecurity solutions today rely on traditional threat blocking that not only introduce security friction into business transactions but also overwhelm security analysts with millions of alerts from threats. These are often static and do not adjust to account for different types of users and transactions. They are also binary, either allowing fully or blocking completely. With the growing sophistication in cyber threats, embracing security innovation via a risk-based approach that continually assesses human-centric factors like intent and behavior to adapt and enforce more granular policy responses and more effective protection against breaches.

4. Privacy is key

Largescale data breaches like Equifax and Facebook are raising pertinent questions about the privacy of consumers’ personal data in general. With the European Union (EU) General Data Protection Regulation (GDPR) coming into force on May 25th of this year, global organizations that hold the personal data of EU residents are rquired to adhere to new requirements around control, processing and protection. The GDPR may be the first regulation to set the bar so high, but other countries are likely to follow the EU in terms of updating their regulations to match this new standard for data protection. Organizations need to place compliance and data protection as a top priority to prevent loss of reputation, customer trust, and revenue.

5. Bridging physical and digital security realms

The integration of the digital and physical realms has reached a tipping point. We see the world transforming itself, blending both the digital and physical into a new and emerging world. Rather than focus on building bigger divides between the physical and digital, the industry needs better visibility into what is happening to their critical data - understanding how, when and why people interact with critical data, no matter where it is located, is crucial. By building synergies between physical security measures like the ‘badge reader’ and cybersecurity solutions, organisations will be able to assess where an individual is physically and flag risky activity if there are log-in attempts from another part of the world. With risk-adaptive solutions that understand user behavior across physical and digital security realms, security teams will be able to find out if a user has been compromised and nip hacks and attacks at the bud.

These risk-adaptive and future-proof cyber defense anchors tackle the key vulnerabilities in the modern organization and cover external factors like privacy and compliance issues that play a part in shaping data protection policies. With them in place, organizations can continuously expand and innovate with peace of mind in the digital economy.

Brandon Swafford

Chief Technology Officer of Data Security and Insider Threat

Read more articles by Brandon Swafford

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.