Pages

Tuesday, 27 June 2017

Cybersecurity challenges for ASEAN

From left: Mohan Veloo, CTO, Asia Pacific, F5 Networks (moderator), Lim May-Ann, World Economic Forum Global Future Council member and Executive Director, Asia Cloud Computing Association, Sean Lam, founder and CEO, Jewel Paymentech and a co-inventor of Visa's technology to combat fraud, Benjamin Ang, Coordinator for Cybersecurity Programs, Rajaratnam School of International Studies, Nanyang Technological University (NTU), and Karthik Ramarao, Director, Field Systems Engineering, ASEAN, F5 Networks.
From left: Mohan Veloo, CTO, Asia Pacific, F5 Networks (moderator), Lim May-Ann, World Economic Forum Global Future Council member and Executive Director, Asia Cloud Computing Association, Sean Lam, founder and CEO, Jewel Paymentech and a co-inventor of Visa's technology to combat fraud, Benjamin Ang, Coordinator for Cybersecurity Programs, Rajaratnam School of International Studies, Nanyang Technological University (NTU), and Karthik Ramarao, Director, Field Systems Engineering, ASEAN, F5 Networks.

A panel held on the sidelines of F5 Networks' Anticipate event in Singapore has touched on major challenges around cybersecurity in the region. With the Southeast Asian environment characterised by a young economy - the median age in ASEAN economies is 28.9 years old, compared to 37.5 in China, and 37.8 in US - and the popularity of mobility and the digital economy, security is critical, said Mohan Veloo, CTO, Asia Pacific, F5 Networks, the panel's moderator.

The question is whether there are enough people with the right cybersecurity skills in the region to deliver on that security, Veloo asked.

Sean Lam, founder and CEO, Jewel Paymentech and a co-inventor of Visa's technology to combat fraud, noted that the shortage of great cybersecurity talent is a global problem. "Demand has grown quite significantly; supply has not grown as much. It's definitely felt, even by the startups," he said.

Karthik Ramarao, Director, Field Systems Engineering, ASEAN, F5 Networks, shared that businesses are "constantly pinching" talent from F5. The work does not stop after someone is hired, either. Ramarao said that it is also about getting people who are constantly updated and helping them prepare better to handle cybersecurity issues.

Benjamin Ang, Coordinator for Cybersecurity Programs, Rajaratnam School of International Studies, Nanyang Technological University (NTU) suggested that the skills shortage could not have been avoided as no one foresaw how things would change over the years. 

"The whole market has shifted, the world has changed in ways that we could not have imagined 10 years ago," he said, leading to situations where graduating students are simply not prepared to hit the ground running when they join the workforce. "The key thing is to respond as quickly as we can - building up the education of the existing student cohort and reskilling the workforce for those who are thinking of making a change."

Ang also warned that it will be a rough road ahead as automation replaces many jobs. Ramarao commented that it is a catch-22 situation as the talent shortage is driving the need to have automation in the first place.

Lim May-Ann, World Economic Forum Global Future Council member and Executive Director, Asia Cloud Computing Association, pointed out that one reason why there is such a shortage is that opportunities to acquire the skills are also lacking. "Even the teachers aren't ready themselves to teach," she explained.

While the Singapore government has come up with reskilling and self-improvement schemes such as Skillsfuture to incentivise self-motivated people, Lim said there are few training courses that such people could actually leverage on.

Another challenge, Veloo said, is the question of responsibility when a cybersecurity breach occurs at the government level, as different government agencies typically take charge of different aspects of cybersecurity. "How do you conceptualise the multidisciplinary nature of the threats and transcend the silo?" he asked. "There is a lot of focus on coding; should kids be taught good digital security habits when they code?"

Lam said good cyber hygiene is a must within companies, and felt that the government has a role in driving awareness that cybersecurity must be considered in all things. "It adds up to creating next-generation skillsets," he said.

Ang responded that the education aspect is already being introduced in schools. "Primary one schoolkids already know they shouldn't give out their personal particulars online," he said. "As the Internet of Things (IoT) gets into everybody's home it is getting to people who are not exposed to that technology level. No amount of technology is going to protect us. It would be one more step built into our resilience, not just to protect but also to respond."

Ramarao said a 'containment' mindset is needed. For example, instead of assuming the network is working well, people should assume that there are cybercriminals already on the network, and to act accordingly.

He added that there is no way to know if an organisation is adequately protected. All they can do is evaluate the need for confidentiality, privacy, and risk, and then try to build what is most appropriate for them.

Lam, on the other hand, feels that with enough of a budget, that organisations can be protected. "It boils down to cost and what the customer wants," he said.

"The focus these days seems to be risk assessment... If it is external-focused you tend to spend a little bit more on cybersecurity (as) if (a breach) hits the press, your pants are on fire," observed Lim.
 
Ang had the last word: "Businesses have to set their own priorities regardless of what the regulations are. Wannacry doesn't care for your race, language, or creed."
at

No comments:

Post a Comment