However, he reminded organisations that instead of blindly deploying machine learning solutions, they should "use the right techniques at the right time." "Only then will they get the best protection against a broad range of threats, with the most efficient performance for each environment-- whether it's physical, virtual or cloud," he added.
Since there is no silver bullet for cybersecurity, organisations might be using a number of cybersecurity solutions. "The biggest issue here is that if they aren't able to correlate data from those solutions and build up context, they will take a long time to be able to see the whole story (i.e. why it happened, what to do next etc) when a breach/data leak happens," shared Paul Hidalgo, regional solution architect, Trend Micro.
People: The other success factor for cybersecurity
As people are often the weakest link in the security chain, cybersecurity education is vital to improve an organisation's security posture.
"It is important to upgrade your workforce, even if you have the latest technology in place. And the bulk of learning has to be internally driven. You also need to cater to the different ways different generation prefers to learn. Some prefer classroom-style lessons, some want online courses structured through a microlearning format like those offered by Udemy, while others prefer learning through gamification," said Ong Whee Teck, CEO, Trusted Source.
Ong Whee Teck, CEO, Trusted Source, presenting his keynote titled "Realising the Full Potential of your Workforce".
For companies looking to use gamification for cybersecurity education, Ong suggested using digital badging to motivate employees to upskill. Similar to games, employees will need to take the necessary steps (eg. completing a number of video tutorials) to attain a digital badge.
The digital badge will clearly display the skill/knowledge attained, criteria for issuance, evidence, the issuer and date of issue. It will be recorded in the company's learning management system, and can be shared to the employee's personal Facebook and LinkedIn accounts.
Meanwhile, Johnny Kho, associate director, Managed Security Services at Singtel, urged businesses to build an effective organisation-wide cyber resilience programme.
To do so, end-users should be taught about the cyberthreat landscape and the fundamentals of cyberdefence, while operations should go through simulation of cyberattacks and countermeasure drills.
As for the C-suite, they should take a look at scenario planning, crisis management and communications, and prepare cyber standard operating procedure. The board, on the other hand, should conduct cybersecurity overview and look into risk management, said Kho.
Other keynote speakers at the CLOUDSEC 2017 event in Singapore were:
- Anthony Lim, market strategy director, Asia Pacific, Cloud Security Alliance
- Francis Fan, group director, Technology Management, Integrated Health Information Systems (IHiS)
- Pieter Danhieux, principal instructor, SANS Institute
- Simon Piff, vice president IT Security Practice, IDC Asia/Pacific
- Arup Deb, systems engineer, Networking and Security, Southeast Asia and Korea, VMware
- Mark Johnston, Google Cloud security engineer - JAPAC, Google Cloud
- Jonathan Limbo, CEO, RightCloud Pty Ltd
- Jason Kan, system engineer Asia, Veeam Software
- Myla Pilao, Director, TrendLabs
- Philippe Lin, senior threat researcher, Forward-looking Threat Research, Trend Micro
- Tarun Gupta, regional solution architect, Trend Micro
Sign up for CIO Asia eNewsletters.