Security and data breaches are a concern for all organisations today. 2022 has already witnessed several companies being hit by data breaches in the APAC region. For example, Singapore was ranked sixth in the world for having the most databases exposed last year. As more IT security threats emerge and mitigation of vulnerabilities and attacks becomes more robust, streamlining IT operations and security becomes more critical than ever. This calls for immediate attention by organisations to review their SecOps and ensure close collaboration of IT security and operations in order to respond with agility to security threats and vulnerabilities, harden the digital attack surface and mitigate data loss and in the process gain maximum ROI from security investments.
In this exclusive CIO forum brought to you by ETCIO Southeast Asia, in association with ServiceNow, leading CIOs and tech leaders from India, Singapore, Malaysia, Indonesia, Thailand, Hong Kong, Taiwan and Philippines joined us to share insights on how organisations can revamp their security infrastructure, cyber vulnerabilities and challenges staring them in the face, and ways to harden the digital attack surface and mitigate data loss.
Here are the key highlights from some sessions at the SecOps Summit 2022:
How SOAR is helping transform security operation centres
According to Charmaine Valmonte, Chief Information Security Officer, Aboitiz Group, the security orchestration, automation and response (SOAR) platform helps collect information properly, lowers the amount of time of incident response, executes the implementation of optimal monitoring systems, and accurate threat intelligence to allow an organisation to make the necessary correlations while anticipating risks. SOAR also helps automating the mundane tasks that entail security.
Devinder Singh, Chief Information Officer, Maybank added to the conversation by saying that the most important thing is breaking down silos. He said, “SOAR is a tool facilitating teams, collaborating across enterprises, and enabling timely security measures.”
Major challenges of SOAR implementation
Devinder started the conversation by urging organisations to use security across their environment. Teams must collaborate with each other to ensure security is being deployed across an organisational environment. He said, “What I’ve learned is that we need to know what we want. Tools can have all the abilities in the world, but you need to know what you need to fix. Which points do your organisation need to address based on what the offering is in your industry? We need to provide a very clear context.”
Charmaine further stated, “If you don’t have specific workflows that you’re looking for, in most cases, like a SIEM, you’ll have to sift through the whole bunch of alerts. As the process continues, organisations start to build workflows. And organisations need to build several workflows. When we do so, we need to know the end-to-end process of the incident response specific to any threat vector.”
She also raised an important point about how today, threat models are mostly manual. Tech is still developing that one dashboard that has it all collated so that it doesn’t require manual response, but we’re far from that day. What organisations can do is ensure their workflows are in sync, important information is visible, and have proper integration between their vendors and service providers.
“When we are faced with a new system such as SOAR, if implemented haphazardly, will just result in more redundant information that businesses have to contend with,” Charmaine rightly concluded.
SOAR tools building better security frameworks, policies, and improve compliance regulations
Charmaine stated that SOAR is a fairly new entrant in the security space after SIEM and other systems. She believes that if implemented correctly, having connected workflows, threat intelligence, and workable artificial intelligence, SOAR helps in:
- Get ahead of compliance, because it’s embedded.
- Building on threat models based on the organisational risks.
Most organisations have their own security postures. In the future, the intelligence that organisations gain from their SOAR systems, will help in gaining new policies and improve the readiness of their response.
Devinder agreed and said, “From a security perspective in a global standpoint, most organisations are facing difficulties in developing their security protocols. As we move along, there will only be an overwhelming number of complexities, making it imperative to build better frameworks and policies attuned to the modern threat landscape.”
How can organisations build an agile SOC?
According to Tithirat Siripattanalert, Group Chief Information Security Officer and Chief Digital Officer, True Corporation, an agile SOC has three elements: people, process and technology. In terms of people, SOC analysts and their job is underestimated, they need to understand, implement, and analyse SOC security tools. Organisations need to maintain their SOC analysts through upskilling, motivation, and incentive for them to play their role effectively.
In terms of process, organisations need to have proper processes in place to have security orchestration, automation, and response, by changing human processes to an automated playbook.
In terms of technology, all the tech-oriented platforms, infrastructure, and 0verall tools need to be in check in order to automate mundane processes so our manual intelligence can be applied to analyse the threats that machines still can’t. The technology employed should be an enabler and not a prohibitor while responding to any threats.
Lastly, organisations need to have the proper incident handling to make sure that when an alert is received, an orderly process is performed for further investigation, responsible to remove the threat factor instantly.
How security leaders should address the shortage of talent in security
Arivuvel Ramu, Chief Information Officer, Tonik Digital Bank shed light on the different types of workforce being employed in managing security. He added, “A skill that organisations require is differentiating their on-ground workforce from remote workforce. They operate with different technological connectivity, making their security compliance vastly different. Even the device experience is ever-changing, making the traditional security firewalls unequipped to handle modern device policies.”
Therefore, organisations must find the right talent who can understand the various processes, define the data, and have certain role management techniques to help them function efficiently.
The benefits of using SOC as a service
Sachin Nair, Chief Information Officer, Khan Bank brought up an important point that entails building and integrating Security Operations Centres into organisations, which is about the distinction between the responsibilities of the CIO’s department overlooking IT, and the CISO’s department overlooking enterprise-wide security protocols, which his company follows as a business protocol.
Building a hybrid SOC within Khan Bank, Sachin built on its benefits to execute certain functionalities as only the remaining need to be outsourced from a third-party, if at all. He deliberated on how it has been an effective experience for the bank and its processes amidst an environment where security and its talent is scarce.
According to him, the constant evolution of malicious, internal, external threats, makes it tough for organisations to keep up with the threat landscape, and building a Security Operations Centre attuned to an organisation and its unique threat landscape is the only way forward.
An ideal cloud security infrastructure
Teguh Febrianto Setiawan, Information Security Head, PT. Bank Tabungan Negara (Persero) Tbk shed light on the benefits of cloud and focused on cloud efficiency. He stated that organisations want a cloud system that is reliable and gives the business an opportunity to grow and maintain the costs. As per Teguh, here are some of the best practices in cloud security are:
- Understanding the way cloud is working: Teguh stated that the identification of sensitive and regulated data is very important. Companies should understand how they are leveraging and storing data.
- Understand how sensitive data is being deciphered and shared between from the internal corporate to the external ones.
- Understand what kind of costs that have impacted the organisation.
- Understand the configuration and infrastructure as a service that delivers important compute, storage and networking resources on request.
- Apply data protection policy
Future of Digital Risk: Building resilience by design
In an interesting fireside chat, Steven SIM kok Leong, President, ISACA Singapore Chapter elucidated organisations must be resilient enough and be able to protect the business interest, despite having a breach. That means they should not only look at security by design but also resilience by design.
Mel Migriño, Vice President and Group Chief Information Security Officer at Meralco stated that to manage and control threats that can affect our organisations, companies must look at the collective defence approach by strengthening our defences in cyber security which would mean they would need to integrate interface with local regulators and agencies as well.