Asian organizations must do more to tackle insider threats

Asian organizations must do more to tackle insider threatsRansomware has been a highly discussed topic by IT professionals and a bugging issue in the security landscape for years. The topic once again rose to prominence due to the recent WannaCry attack.

But ransomware is only one area of cybersecurity that IT/security professionals need to worry about.

 "Insider threats is [another area] which needs to be addressed across organisations", said Sudhir Panda, associate director, digital analytics, at Standard Chartered Singapore, during the panel discussion at the Computerworld Singapore Security Summit 2017.

 "A lot of employees are not aware how to make data more secure. [Even if] there are mandatory trainings to ensure employees have some sort of awareness, there is no follow up once the training is over. So what [IT/cybersecurity teams] need to do is to use data to constantly monitor and engage employees to make sure they give inputs so that we can improve our security processes," he added.

Agreeing with him, Steven Wong, associate professor and programme director at Singapore Institute of Technology suggested "creating awareness at a young age to drive security as a habit."

He said that doing so will help solve certain security problems so that they will not recur in future.

When asked how IT/cybersecurity teams can strengthen their cyberdefence in general, Lau Kai Cheong, chief information officer, Singapore Management University (SMU), suggested using artificial intelligence and advanced analytics to spot advanced persistent threats (APTs) and malware hidden in the networks.

Meanwhile, Christian Karam, director of Cyber Threat Intelligence, UBS, highlighted the importance of patching systems and/or replacing outdated machines with newer ones to decrease the chances of being hacked.

Karam and Panda also encouraged IT and cybersecurity teams to continue educating internal employees about cybersecurity. They can do so by deploying fake phishing emails or through gamification.

As for Wong, he strongly urged IT and cybersecurity teams to ensure that they have an effective incident response plan because getting breach is beyond control.

Computerworld Singapore