Machine learning to overcome C-RAF challenges

"We are still coming to terms with the methodologies and tools to apply for this assessment," he said. While Leung is working with different vendors externally to identify the right tools for assessment, he is also dealing with the shortage of security talent internally.

"The severe shortage of qualified people in the cybersecurity space is pretty much a daily challenge for us,” he said. “We are stealing each other’s talents in order to get the job done."

Ulevitch from Cisco noted this is a challenge shared among enterprises across the world.

"We see that our customers are having difficulty to find qualified talent,” he said. “The joke I often make is the unemployment rate of security people is not only zero percent, but actually negative, because there are more unqualified people taking security roles."

Meanwhile, the fragmented security market is also creating problems for enterprises to achieve a consistent and standard security policy. According to Ulevitch, the security market is the only IT sector that does not have a single vendor taking more than 10% of the market share.

“In security, you often have 50 companies doing the same thing,” he said. “The problem is these products don’t talk with each other and they don’t integrate. When these products don’t work together, it’s hard to have a holistic approach to security.”

Architecture approach and intelligence sharing

To help enterprises develop a holistic security approach, Ulevitch said Cisco focuses on an architecture approach, aiming to allow different security products within and outside Cisco to integrate. 

One way to integrate threat intelligence and different security products is through the company’s Security Technical Alliance. With more than 100 partners, this alliance allows threats detected by other security vendors to be blocked by Cisco’s security products or vice versa.

“We have built technical integration with these vendors, even competitors, so their products directly tie-in with us,” he said.

Ulevitch added there are industry-specific intelligence sharing platforms available in the market like the Financial Services Information Sharing Center (FS-IAC). The HKMA is also developing a Cyber Intelligence Sharing Platform (CISP). But he noted that it is important that these platforms are not only sharing data, but defend strategy. 

"If a bank is being attacked, it’s highly likely that the same attack will target a different bank. When one company figures out how to defend against the attack, you want everyone to benefit from that intelligence," he said.

He added that on top of the technical integration through the Security Technical Alliance, Talos also acts as a facilitator to provide analytics and machine learning. “We run that [as a] brain with all the security intelligence,” he said.  Thus, individual companies are not fighting on their own, but being a larger team.

Moving forward, Ulevitch said the company plans to become a platform that acts like the App Store in iOS. It aims to allow startups to build security products within the Cisco portfolio of offerings.

“We are allowing small security startups to access customers,” he said. “Enterprises can also adopt small technology without being worried that it’s going away.”

Cybersecurity strategy as business enabler

Despite all the effort and resources put into the defense strategy, Lo from BNY Mellon noted the bank puts equal resources into building responsive practices.

"We spent a lot of time building a defense perimeter, equally we spent the same time to deal with it when things happen,” he said. “How do we respond? How do we recover? How to manage media and client communications? We cannot just focus on building defense and put resilience and recovery at the last stage."

According to both Lo and Leung from China CITIC Bank, comprehensive cybersecurity is no longer a “necessary evil,” but critical to business growth.

"Given the recent incidents and attacks, I started to think cybersecurity is not a necessary evil,” said Leung. “It generates confidence and trust among customers that will bring business to the bank."

"I’m seeing cybersecurity as a business enabler,” said Lo.  He added that some banks have requested their cybersecurity officers to join the front-end sales to meet with clients in order to gain their trust. “Security is no longer a cost center, it is becoming a revenue generation center,” he concluded.