In the Industry 4.0 era, the stakes for security are higher than ever. Cisco’s Cybersecurity Readiness Index underscores this, showing that only 18% of organisations in Asia-Pacific have the mature level of readiness needed to withstand modern cybersecurity risks. Additionally, 88% expect cybersecurity incidents to disrupt their business in the next 12 to 24 months.
Despite these risks, many CTOs and CISOs struggle to secure funding for increased security measures. In the face of economic headwinds, businesses hesitate to invest in any security products, highlighting a need to reconcile cybersecurity imperatives and corporate priorities.
During a media briefing held on the sidelines of the recent GovWare event in Singapore, several Cisco executives discussed possible solutions to address the issue.
According to Brad Arkin, SVP and Chief Security and Trust Officer, Cisco Systems, it all boils down to value creation, considering the cost of inaction against security risks.
“Make sure you understand who in your decision-making environment wakes up in the morning thinking about the risks. Identify how best you can educate and communicate with them about your view as a security leader on where those risks lie. Then, consider what the right intervention is and what to do about it,” he said.
Slowly but surely
During the pandemic, many organisations hastily deployed multiple security solutions, in response to growing threats posed by remote/hybrid work. When the dust settled, many realised that most of these solutions do not talk to each other, leading to a decision towards consolidation.
The reasons for this, according to Yoshiyuki Hamada, Managing Director, GSSO (Global Security Sales Organization) APJC, Cisco Systems, are twofold: to reduce OpEx and complexity.
“I’m recommending to the customers that first and foremost, we need to understand the security posture of the company, and create a safety culture. Sometimes we may need to explain that it’s not just about the money, because creating a safety culture is important, from the employees to the boardroom,” he said.
Citing recent studies, Hamada said 65% of enterprises still use a VPN, which attackers can easily exploit.
Meanwhile, more than 80% of ransomware attacks are phishing, underscoring an apparent people problem within an organisation.
Arkin agreed with this observation: “When you look at a modern enterprise deployment, and the humans authenticating using their username, password, and MFA, it turns out that attacking the service directly is just too hard. So it’s cheaper and easier to attack the human.”
Countermeasures
With hybrid work here to stay post-pandemic, enterprises face two key challenges: ensuring seamless connectivity and collaboration, and bolstering security.
“We strongly believe that the network is central to managing all the connectivity, and also managing the risk. So network matters. The network plays a key role in ensuring the connectivity from end to end,” Hamada noted.
To address these challenges, Cisco has introduced its secure networking strategy in APAC. This strategy, which is based on the zero-trust concept, aims to enhance connectivity and security in response to the cyberthreats prevalent in the current hybrid work environment.
“In today’s hybrid work environment, the challenge for organisations is to protect their distributed infrastructure while ensuring reliable and secure connectivity,” Hamada noted. “Our goal with the secure networking strategy is to support these organisations in strengthening their security measures and facilitating secure innovation.”
Cisco’s secure networking strategy includes features such as:
- A common access experience.
- Intelligent, secure policy management.
- “Quick” threat visibility and detection.
- Enforcement of zero-trust policies at scale.
Moreover, Cisco is integrating AI and machine learning into its security products. Arkin shared a scenario within their SOC environment as an example:
“Within our SOC environment, there are various triggers for an event. These events might indicate something malicious, be a false positive, or be benign but uninteresting. The first responders in the SOC, the tier-one team, engage with these events. Depending on what happens, it might escalate to tier two or three. The idea is that the tier-one SOC work might lend itself towards automation using AI tools,” he said.
The vision, as Arkin shared, is to advance tier-one personnel to more complex tier-two tasks, allowing tier-one tickets to be handled by AI.
“That frees up more human hours to work on the tier-two and higher issues. Overall, what that means is you have more eyeballs on the tickets that are most interesting,” Hamada added.
Meanwhile, following Cisco’s recent acquisition of AI company ArmorBlox, the aim is to incorporate ArmorBlox’s technology into Cisco’s existing email security solutions. Juan Huat Koo, Director of Cybersecurity at Cisco ASEAN, shared insights on this strategic move.
“Eighty percent of the threats originate from email phishing,” he explained. “If customers continue to rely on standard detection patterns or typical email instructions, their defences may not be as effective. There are various methods through which phishing emails can infiltrate and still entice users to click on malicious links.”
As per Koo, ArmorBlox’s technology focuses on analysing specific patterns and the crafting methods of emails.
“We’re not focusing on data privacy in this context. Instead of looking at the data itself, our approach is to identify specific patterns within the emails, so that we can detect and appropriately respond to phishing attempts,” he said.
No perfect solution
In the realm of cybersecurity, there is no “magic bullet” that can repel every malicious attack. Yet there’s a clear distinction between a flawless solution, which does not exist, and an effective one.
“The way that I define success is by learning from the feedback on what’s happening in the real world and integrating that so we can do better next time. The idea is that, as engineering teams build products, they think about security more thoughtfully and learn from things that have gone poorly in the past. It’s all about feedback loops,” Arkin stressed.
As Cisco builds software, understanding and solving the customer’s problem is always the first step, the executive asserted.
“Thinking of the clever and creative ways the bad guys might attack the software is often beyond what we can anticipate in the lab. There are things we do to design robustness and resilience against offensive techniques. But when you actually deploy it, the cleverness of attackers will invariably find something unexpected. That’s where the feedback loops come in. What’s just been deployed in the field gives us a chance to learn from real-world occurrences,” he pointed out.
Arkin also shared one of Cisco’s initiatives: creating a safe, secure environment for employees to experiment and learn, minimising undue risk.
“We’ve set up a private ChatGPT instance for our employees to use and interact with. We have the right agreements in place, ensuring that the data we feed into the ChatGPT environment is used to train future models,” he concluded.
