Technological advancements are a double-edged sword. While they promise benefits such as improved productivity and automation, they also introduce new risks that require new ways of securing the organisation. Understanding this, experts at the Computerworld Singapore Security Summit 2016 shared some tips on how IT professionals can effectively meet the security needs of the digital enterprise.
Alagappan Karuppiah, Head of IT department of Diners Club International, kicked off the conference by advising delegates to perceive risk mitigation as a business enabler. While there is no one-size-fits-all way of mitigating risks, organisations can better secure themselves by following well-known standards like the Control Objectives for Information and Related Technologies (CoBIT), following simple security practices, and ensuring that all employees are aware that they are the weakest link in the security chain.
Eric Neo, CEO and Founder of Neo & Partners Global, next shared how his company secures its high frequency trading systems. His company first researched on the cyber threats and attacks on the global finance industry before identifying its valuable assets and deploying the relevant security solutions. All his trading teams are also educated on security threats and understood the value proposition of the inconvenience brought about by security such as having workstations with no USB ports.
According to Ponemon Institute, 42 percent of organisations did not have enterprise-wide visibility for privileged user access in 2014. Moreover, 72 percent of the respondents were using authentication and identity management tools (which were not designed to combat insider threats) to manage privileged user abuse. To help organisations gain visibility of risky behaviours, Forcepoint's SureView Insider Threat applies user behaviour analytics to identify, assess, analyse, control, identify and reduce insider threats, said Ben Tan, the company's Regional Manager. He added that organisations can achieve complete data protection by coupling SureView Insider Threat with a data loss monitoring and protection solution.
The morning session concluded with a panel discussion, in which the panelists unanimously agreed that there is a need to balance internal and external security. To protect your organisation, Chin Kiat Chim, CISO- IT Security & Data Protection of DHL Express Global IT, advised keeping "basic security hygiene in place, and ensuring that you have an incident response plan in place." On the other hand, Andrew Koh, Deputy Chief Manager of Risk Management Department of China Construction Bank Corporation, suggested engaging ethical hackers to test your defence/security system. Meanwhile, Neo brought up the need for information security knowledge sharing between organisations, while Karuppiah advised educating employees on security risks.
The afternoon session was divided into two tracks: the 'Policy, Planning and Reporting' track and the 'Technology and Implementation' track.
Policy, Planning and Reporting track
In his presentation, Fredrik Ohlsson, Director of Enterprise IT Architecture of Tetra Pak, spoke about the need to build a global culture of analytics. Motivated by the benefits of analytics, Tetra Pak's business units were deploying and using business intelligence platforms without its IT department's knowledge, to the point that it had 1,147 ungoverned analytics apps in 2015. This is cause for concern as it may jeopardise the integrity and quality of data, thus negatively affecting business decisions.
Sign up for CIO Asia eNewsletters.