Forging Ahead With Cybersecurity
- By Paul Mah
- July 19, 2022
The digital world is a far more dangerous place today, says Chris Hockings, the Chief Technology Officer for IBM Security for IBM Asia Pacific. Speaking at a keynote at the 2022 Think Singapore conference at the Sands Expo & Convention Centre in Singapore, Hockings reminisced about how cybersecurity has evolved substantially over the years.
Concerns in the past revolved around keeping systems up and running, with cybersecurity professionals typically working to ensure systems are correctly configured, resolve software defects, and fend off the occasional DDoS attack. However, the situation today is “much more sinister”, he said.
High-impact cyber threats
“Internet-connected systems are currently being attacked by adversaries at a rate that we have never seen before. Just over 12 months ago, the United States suffered a gas outage in the Eastern states and fuel [prices] rose 10 percent. Similarly, there was an attack on a meat provider that affected the global distribution of beef, and prices rose 6 percent,” said Hockings.
“We have entered a new age in security, where adversaries leverage rising prices, supply chain shortages, and investor angst to deliver real-time consequences. The fusion of civic, cyber, and the physical worlds is playing out in front of our eyes in recent weeks and global conflicts are also starting to blend cyber and kinetic warfare to deliver maximum impact.”
Elsewhere, there were also instances of schools being attacked by ransomware, forcing IT teams to reconstruct systems before children can head back to school. To forge ahead, defenders must work together, says Hockings.
“We must consider a collective approach. And an investment in preparedness is an investment in progress. But progress is not a linear thing; there will be disruptions and distractions along the way. Being able to detect cyber intrusions and being able to pivot is what cybersecurity is evolving towards. We need innovation and a long-term vision with a path to implementation.”
Driven by greed
But why is everything coming to a head now? Hockings acknowledged the temptation to blame cybercriminals for their increasing sophistication or greater access to resources. But while these factors play a part, he noted that the root cause is ultimately financially-driven – and financially motivated criminals have critical infrastructure in their sights today.
“Data theft is expensive. And we focused on [solving] that problem, over the years. It is difficult to monetize, and it is difficult to collect the data and then sell it. But ransomware is ubiquitous, it is easy to deploy, the pain is instantaneous, and a remedy is easy to fund. Opportunity is about timing and attackers have caught us at our most vulnerable.”
“Cyber criminals know how much money it costs organizations and CEOs for every minute that their supply chain is disrupted. And those attackers are driving that pain in the manufacturing industry. Since time is money, payback can be quantified. Therefore, ransoms get paid,” he explained.
Speaking to CDOTrends at the sidelines of Think Singapore, Hockings called for a focus on holistic architectures that give organizations the flexibility to better protect themselves over an obsessive focus on singular capabilities.
“I have a very strong belief that when [security] architectures and practices start to become more standardized, we will have a more versatile workforce to deliver speed and scale rather than concentrate on singular industries or products,” said Hockings.
Raising the bar together
But what is the situation like in Asia Pacific (APAC)? Hockings pointed to the 2022 IBM Security X-Force Threat Intelligence report, which found that Asia was ranked as the most attacked region worldwide. Fortunately, various conversations he has had indicates that cybersecurity is a priority at the board level here, while senior executives are also aware of what needs to be done, says Hockings.
“I think Singapore is well positioned: There's cybersecurity maturity here and an understanding of its importance. I think the situation here is a reflection of Asia being a growth area for IT in general. I think the strengths in the technical domain and technology-oriented focus have permeated through the security industry [here].”
The key to success is to work together, according to Hockings: “Whether it's Singapore, Malaysia, Thailand, or even Australia, the interconnected world mandates that we must all collaborate and raise our standards together. Some countries may be ahead from a maturity and technology adoption phase, but others might be focused more on the strategy and process side,” he explained.
For sure, what has worked in the past is unlikely to work in the future, and cybersecurity practitioners will do well to collaborate and work together to implement holistic, versatile architectures to combat current and future threats.
“There is a strong push from regulated and government entities in the United States and standards bodies like the NIST [National Institute of Standards and Technology] to motivate interoperability and vendor agnostic solutions. With increasing momentum behind it, this will inevitably make its way to different countries in the Asia Pacific,” summed up Hockings.
Paul Mah is the editor of DSAITrends. A former system administrator, programmer, and IT lecturer, he enjoys writing both code and prose. You can reach him at [email protected].
Image credit: iStockphoto/Liorpt
Paul Mah
Paul Mah is the editor of DSAITrends, where he report on the latest developments in data science and AI. A former system administrator, programmer, and IT lecturer, he enjoys writing both code and prose.