Photo - Delegates prepare for the opening of the 11th Computerworld Malaysia Security Summit.
The talent conundrum
The changing cybersecurity landscape is matched by a changing cyber talent landscape. "A company's culture, values and policies resonates with the millennial workforce, and affinity and attachment to the culture and values is deemed equivalent to the dollars on offer. In other words, cultural value outstrips brand value," stated Standard Chartered Bank head of Information Security Murari Kalyanaramani. "Enterprises have to shift their mindset of having unrealistic expectations and an over-reliance on benchmarks to define what security capability fits best if they want to attract and retain the best talent."
"Enterprises have to re-look at prohibitive policies which do not promote a progressive workplace and look at innovative ways to keep talent engaged," he believed. "This includes acknowledging that for some people, career progression is classified as enjoying what they do on a daily basis. They prefer to remain individual contributors and do not necessarily want to be people managers even as their career progresses."
Hitting new threats with better technology
"Today's attack campaigns are targeted, persistent, well-resourced, and they sneak by traditional defences which were built to defend, not to find and contain. However, organisations can enhanced their security with specialised threat analysis and protection (STAP) solutions," said Arbor Networks principal security technologist C F Chui. "Internal network analysis is a vital STAP tool in fighting off cyberattacks as it monitors network flow for anomalies within the network such as attacker reconnaissance, movement, and command and control activity. Network traffic gives unique clues to suspicious or malicious activity, and it gives enterprises the ability to quickly see all nodes and users in the network."
"At the end of the day, it is the endpoint which requires protection. Traditional signature-based antivirus is predicated on backend operations that are completely reactionary. There is a better way forward that doesn't involve using these labour-intensive signatures but uses math-based detection and artificial intelligence. This is a complete departure from this assembly-line method," argued Cylance APAC senior sales engineer Kelvin Wee. "The future of security is powered by machines and this method leverages the power of machines, not humans, to dissect malware's DNA. Artificial intelligence then determines if the code is safe to run."
The human factor
In a panel discussion on the human factor, Malaysia Digital Economy Corporation (MDEC) head of Information Security, Enabling Ecosystem, Victor Lo advocated further empowering security talent. "Security personnel must have the ability or authority to do something if an attack occurs," he urged. "There must be long term talent planning and training to ensure that there is always someone who can immediately take up the security role if needed."
Sign up for CIO Asia eNewsletters.