“We need to modify our thinking that people are the weakest point in cyber security when we take a people, process and technology approach. I think technology is equally crucial and weaker link as people are.”
While underlining a few best practices for cyber security, Ken Soh, Founding CEO Athena Dynamics, CIO/Director e-Strategies BH Global Corporation Ltd, in an insightful fireside chat with Kalpana Singhal, Editor-in-Chief, Techplus Media, highlighted that security experts focus should not be overprotecting or under protecting – it should be protecting the right thing.
What are the top security concerns you would like to highlight, which affects the functioning of businesses across the world?
If you look back 10 years, cyber security was not structured during that time. The security budgets at that time would be about five percent of the IT budget. Today, cyber security has gained huge importance and budgets could go up to 30-40 percent.
Further, a few things deserve to be changed; I think we need to modify our thinking that people are the weakest point in cyber security when we take a people, process and technology approach. I think we need to re-look at it. I think technology is equally crucial and weaker link as people are. For instance, even well-trained people are falling prey to the menace of Deep Fake. So, technology and people now are at par by way of importance, it’s not that people are the weakest point anymore. In a nutshell, we can see that the progression has been so fast that advanced technology is getting quite a concern as well.
With growing dependence on cloud, hybrid nature of work and growing volume of data spread across hybrid and multi-cloud, security has become most important than ever. What is the seriousness you see among the customers to safeguard their assets?
Today, seriousness is in place because of fundamentals. Many people spend millions in buying a lot of tools; however, they forget that cyber security is not a product. There are certain methodologies of block-based references. Being a security practitioner, I can say compliance is good, but there are many companies that are not fully compliant. The focus should not be overprotecting or under protecting – it should be protecting the right thing. So, we need to understand, do an assessment, and brief profiling. Hence, protection should be like where we can focus efforts on the weakest point. Many customers are not doing it. The common denominator lies in using the most advanced technology that we can detect. Even if we detect them today, we can’t detect them tomorrow.
Currently, if you look at many cyber security organizations, they are pretty focused on detection. The majority of the security technologies are inclined towards detection. The common denominator is always to use the most advanced technology, to detect the bug so that it can be removed, but many forget that in the first place we cannot detect all of them. There are millions of new bugs coming up every day. Even if we can detect them today, they can’t be detected tomorrow.
The detection, AI, intelligence, machine learning – all of them are extremely advantageous, but we shouldn’t compromise the detection capability, which means the sanitization barrier, micro-segmentation, or even down to basics, for e.g., by looking at the code, sanitizing the code, and also the sanitization dimension can come in the form of SOS network.
Security is a mindset, not just the responsibility of IT as a whole, but it also depends on the other departments in the organizations and their behavior. What are the best practices you would suggest in order to overcome the challenges?
Let me come back to people, processes, and technology. People’s side is extremely challenging. Many IT operators don’t understand the fundamentals. To improve the knowledge, some kind of campaign is very useful. We usually host phishing campaigns and we have to focus on these people and educate them. We love to share very interesting learning points. We are in the continuous quest for new technology.
A lot of companies are investing in security compliances, which is good. Compliances are good, but we should think about the external environment to do the necessary and the unnecessary, to protect the base. On the technology side, we need to do a lot of understanding by using the best security system to be safe. The moment we spot any kind of phishing email, we already know that the hackers are already in the shop because they come from one track, they are silently hiding inside, observing the activities and coming in the opportune time. So, this is a very good indicator that you need sanitization in the email or any entry point so as to take care of the cause than the effect. This is how the technology can be handled so that the focus can be on the cause rather than the effect.
Please tell us how Athena Dynamics is helping its customers to address the security challenges. How do you differentiate from the competition?
We only focus on disruptive thinking and technologies, because the advanced technology is too dynamically progressing, the only way to secure is to find a way to the common protection. We don’t focus so much on traction, sanitization of advanced threats, sanitization inside the email, and junk server. We have protection devices that don’t have IP addresses, so they cannot be hacked. Hacking techniques are not possible due to binary access. We scan the binary. Another innovation that is coming up all the time is automated security, because of the same issue the SaaS can work perfectly in a dynamic environment.
Please talk about your global footprint and your plans for business expansion.
Currently, we are focused much on Singapore. SMEs and the public sector are our focused verticals. Of course, we are looking for global expansion in several countries, critical structural side; we try to help them in a very different way. We use a different method to protect data. A global footprint is part of our plan and we work with many partners who would like to collaborate and open up different areas.
What are your top-5 focus areas over the next couple of years?
Here are the top focus areas for us:
- Continuously looking for innovation: Innovate and continue to integrate in order to protect ourselves strongly.
- Security education: How technology conquered the world as it’s a very big subject to understand.
- Innovate or evaporate: We follow this motto; there is nothing which we cannot compete today, we have grown up extremely smart.
- Global framework to improve: The traction thinking and resource for application.
- Further, cyber security is extremely important and we should start speaking mostly about it whether it’s private sector companies or SMEs.