Information & Communication Technologies

Key takeaways from CyberConnect 360

by Charles Lim 29 Sep 2017
Share this:

Working on research reports covering the cybersecurity industry has a perk - to learn about new technologies that combat new attack vectors. With the proliferation of cybersecurity startups, my team attends to at least a new solution briefing every week, and in every session, we hear of innovative, new ways to combat cyberattacks. However, the recent ransomware attacks have proven that it does not need new attack vectors to fulfill its mission. The same EternalBlue exploit was used to cause a rampage, not once but twice within three months. As Rob Sloan, Director of Cybersecurity Research of WSJ Pro Cyber stated during his speech, "cyber threats don't change too much because it doesn't have to."

They CyberConnect 360 event, organized by Axis Innovation, Jubilee Capital, and WSJ Pro Cyber Security was one special event in Singapore that goes beyond the security tradeshows, analyst briefings that I usually attend. The event highlights best practices and innovation in security shared by leading cybersecurity firms and practitioners, and uniquely brings regulators, international cybersecurity startups, and investors to the same room. It meets the theme on the event concept of i3: Innovation, International, and Investment.

Innovating the way we look at threats can take on a human-based approach as shared by Sanjay Aurora, Managing Director of Darktrace Asia-Pacific. He introduced the enterprise immune system, in which the artificial intelligence-based security analytics solution replicates the concept that us humans are capable of doing - we learn what is normal for our bodies, and if there is an infection, we can detect it through the symptoms it brings. An interesting case was about a remote attack detected on a video conference system used in a meeting room, which highlights the importance of having the right visibility on our networks and nodes as we connect more devices and employ Internet of Things in the organization. 

During the panel discussion of "best practices and how to defend against a worldwide attack", Leonard Kleinman, Chief Cyber Security Advisor of RSA Asia-Pacific & Japan, shared his insights of the need to instill basic cyber hygiene such as ensuring patching and updates are done timely. It echoes the sentiments we observe in the latest breaches - the exploit kit is not unknown ("zero-day"), patches were issued, but several firms failed to do the task of patching. To ensure the efficacy of the cyber defenses that we build, Rob Van Der Ende, VP for FireEye Asia Pacific & Japan introduces the concept of red teaming exercises that can truly test the "cybersecurity guard" and ensure it can do its job to protect, detect and respond timely to all attack vectors. Ian Yip, CTO of McAfee Asia Pacific, highlighted the fact that we need to change the language of cybersecurity to a business language, and discuss it as a business risk that can resonate with the board. It is of paramount importance to drive the conversation at the highest level, for the right investments in having security as an enabler of business rather than a cost center.

As shared in these examples, humans are needed to drive security processes and management of tools, and one of the areas we foresee will be the shortage of cybersecurity professionals to meet the demand in the oncoming years.  Tung Meng Fai, Director Infocomms and Media at EDB Singapore shared about tertiary courses specifically for cybersecurity offered by our institutes of higher learning. This initiative is supported by Industry-led training programmes developed by organizations such as Deloitte, Quann, Singtel Cyber Security, ST Electronics Infosecurity, etc. to train/upskill mid-career professionals for cybersecurity roles.  To promote research and development activities in cybersecurity, Singapore has also established a S$190M fund for the National Cybersecurity R&D Programme (NCRP) to commence a research infrastructure, grant national cybersecurity postgraduate scholarships, partner with the private sector to establish the Singapore Cybersecurity Consortium, and joint research activities with UK and Israel. Roy Teo, Director of the Fintech & Innovation Group at Monetary Authority of Singapore, concurs the initiative with plans, possibly as the first regulator in the world, to bring innovative startups in FinTech and investors together in an event to be held this year. Startups and technology vendors in FinTech are also encouraged to use its Fintech Innovation Hub experiment their innovative technologies and receive consultative advice from the regulators directly in areas such as legal and regulations. 

In the discussion panel for "Protecting Critical Infrastructure & Supply Chain", Fabricio Granja, CIO of X5 Retail Group shared interesting facts of the trend in Russia, where due to strict data compliance standards, it was a challenge for them to use public cloud services to store their consumers' personal data. Abhi Bisarya, Director of Global Consumer Products at Paypal, believes in the importance of a seamless experience, and building checks for fraud through background monitoring is essential to strike the right balance between security and business. As one of the largest payment service provider in the world, Paypal needs to sell a promise of trust, and for online retailers to believe in the brand, that it is safe. Demetris Booth, Cybersecurity Product & Solutions Marketing at Cisco Security highlighted the need to monitor the flow from the supply chain and mitigate across multiple levels with the right tools and processes. 

In the discussion topic on "Evolution of Cyber Insurance", Professor Shaun Wang, Director of NBS’s Insurance Risk and Finance Research Center (IRFRC), based on his research gave a forecast that cyber insurance will combine with security services in the future. He also highlighted the need to build a good framework for this insurance sector.

A good mix of cybersecurity technology and service provider startups from various countries had a chance to present for ten minutes on stage:

Horangi - the word literary translates from Korean to "tiger" in English, which represents the Singapore-based firm's mission to hunt for attackers tirelessly and pro-actively pursue solutions for defending against attacks. It offers a monthly-based subscription from startup to enterprise levels, with services ranging from web scanning to security report cards, ad-hoc security consulting hours and endpoint detection and response services.

Sepio Systems - Ever heard of the "rubber ducky" - a popular USB keystroke injection tool, and similar ghost devices that are used to infiltrate organizations either by inserting into a USB port or tapping a network? The Israel-based startup provides solutions for detecting malicious hardware devices, blocks the illegal device or its activity and reports to the SIEM used in the organization.

CypViser - the Germany-based startup intends to improve the handling of the traditional public key infrastructure with the use of blockchain technology. One of the applications demonstrated will be for mobile communications where the use of blockchain will ensure the messages and phone calls are tamper proof.

Votrio - An Israel-based startup with solutions to neutralize exploit codes in malicious files using the technology known as content disarm and reconstruction. It also applies AV scanning, policies and content validation for the files used in the organization.

Reaqta - Endpoint detection and response solution provider from Italy that provides an artificial intelligence-based endpoint detection engine, which resides outside the operating system that cannot be seen by attackers. The solution also provides forensic visibility and enables threat hunting for anomalies in the organization. 

Apvera - With growing concerns of insider threats on the rise, the Singapore-based startup seeks to help organizations deliver insights into behavior patterns that may have malicious intent through user behavior and entity analytics (UEBA). It also provides the visibility of possible rouge applications that may exist in the network, to help refine policies and reduce the risk of shadow IT.

Digify - The Singapore-based startup focuses on ensuring security for files such as access control, watermarking, rights management, encryption and file tracking for confidential documents used in enterprises. It also offers virtual data rooms that provide a secure cloud platform to share files among trusted users, such as viewing classified documents related to mergers and acquisitions, audits and IP licensing. 

Anquan - Taking the cue from the Mandarin pronunciation of the Chinese words "安全" to make computing safe, the Singapore-based firm works on the belief that "software alone can't protect software," and provides security through a hardware rooted secure platform for its highly scalable distributed ledger technology.

In closing up, during the final panel of the day which discusses funding of cyber solutions, Alex Doll, founder and managing member of Ten Eleven Ventures that invested in security firms such as CounterTack and Cylance, provides his view of what is the "next big thing" in cyber. While the panel discussed the topic of AI-based cybersecurity solutions, it was evident to him that it will be two key segments: industrial cybersecurity, and IoT security.

Login or register to make a comment on this blog post

Help Desk

Full list of offices

For more information and general enquiries, contact Frost & Sullivan near you.

North America
tel: +1.877.463.7678

Select a location near you..