Author: Events Team

Steven Sim, Vice President at ISACA Singapore Chapter, delivered a workshop around “Future-proofing against Emerging Cyber-Physical Threats”

With the advent of industrialization 4.0, the lines between cyber and physical continue to blur and this has become unavoidable. Against the gloom backdrop of an increasingly sophisticated threat landscape, re-alignment of security posture maturity is imperative. Threats especially the more recent NotPetya was a rude shout out that cyber resilience is ever more key to ensuring business continuity. During this session, Steven shared practical tips on protecting against such cyber-physical threats in a holistic manner.

ABOUT STEVEN SIM
Steven Sim drove information security initiatives, developed security standards, risk managed security threats, performed vulnerability research, promoted security awareness for Singapore and also led PSA Group’s IT Security Centre of Expertise to franchise best practices to other PSA terminals around the globe. He holds a Masters in Computing and is a certified CCISO, CGEIT, CRISC, CISM, CISA and CISSP. He also held certifications in industrial control security, malware analysis, incident handling, perimeter protection and audit. During his career, he developed a strategy for inexpensive automated containment of infected/vulnerable systems presented at FIRST conference aiding an NIQC gold win. Steven has also undertaken roles with various security associations including ISACA and SCS. At one point, he directed the setup of the largest honeynet project outside US. He is a Singapore SkillsFuture fellow and was a finalist for the Leaders category in the Inaugural The Cybersecurity Awards 2018 held in Singapore.

Anthony Lim, Director, Singapore at Cloud Security Alliance, delivered a workshop around “Digital Transformation – Are You Forgetting Something?”

Many organizations have been engaged in various aspects of digital transformation today and many vendors are egging them on. In the feverish embracement of new innovative technologies and services to reach out to new customers and markets and also enjoy operational efficiencies today, one needs to stop for a moment and consider the cybersecurity and governance considerations therein.

ABOUT ANTHONY LIM
Anthony is a pioneer of cyber-security and governance in Singapore and Asia Pacific, with over 20 years’ professional experience, as a business leader, consultant, advocate, instructor and auditor. He has held inaugural senior executive roles for AP security business at IBM, CA and Check Point, co-authored an international technical professional certification for cloud security, is a university fellow, adjunct instructor and module developer for some tertiary academic & professional institutions. He is a long-time well-known speaker and content provider for many business, industry, government and academic conferences, workshops, executive roundtables, trainings, committees and media (print, broadcast, internet) and is interviewed often on national TV news.

John Guo, Head of Professional Services, APAC at Thales e-Security, delivered a presentation around “Encryption needs to move beyond laptops and desktops”. 

Digital Transformation without data security is like driving off a cliff. Traditional security strategy is no longer effective as our networks are now borderless and data are spread across mobile, clouds, and networks. Organizations needs to protect their data regardless of where it’s used, shared or stored. In our rapidly digitalising world, cyber threats, laws and security are at the forefront of every business’ concerns. The exciting presentation by John Guo addressed these challenges, and explored the latest data security solutions we can adopt as we adapt with digital transformation.

ABOUT JOHN GUO
John is an experienced security professional helping customers around the world enhance their security postures. He has worked for major security vendors and financial institutions from the Silicon Valley, Australia and across APAC. John’s main expertise is around data and network security.

Paolo Miranda, Vice President, Partnership Director, (ISC)2 Singapore, moderated a panel discussion around “Cyber-threats – How are they different across the sectors?”

Panelists included:

David Gee, Head of Cyber Security (regional CISO), HSBC
Amanda Bluett, Head Cyber Defence and Assurance, CBRE
Ganesh Krishnaswamy, Chief Information Officer, NatSteel Holdings

This panel discussion addressed:

• How are the cyber-threats different across the sectors? Do we see cross sector threats, do we have cases where as an example the FI sector gets hit first followed by the other sectors? Alternatively, do we have cases where the non-FI sector acts as a ‘test-bed’ for the treat-actors, before the actual attack on the FIs.
• How could the sectors be working closer together, to share threat-indicators, and work cohesively?
• Are regulators helping the FI sector, by pulling up the level of security hygiene? Should other regulators follow suit?
• How are privacy laws different across the sectors, and how challenging has it been to implement PDPA or GDPR or other laws?
• Insider threats versus cyber threats, what are the main pain areas across the sectors?

ABOUT DAVID GEE
David is Head of Cybersecurity for HSBC Asia Pacific. He has worked on transformation from the CIO position for the last 19 years. Before joining HSBC, David was CIO and SVP at Metlife Japan, responsible for 8 million customers for the insurer’s largest retail market. David won CIO of the Year 2014, at Credit Union of Australia for successfully completing a large transformation programme that delivered new Core Banking, Online and Mobile Banking systems along with a total infrastructure revamp. David has a strong fintech background. He has been an advisor to many startups and consulted for VC firms. He has also been a partner-level IT consultant with KPMG, EY and ICG. David has been a regular writer for numerous IT publications including CIO Australia, Computerworld, ITNews and CSO (Cyber Security) magazines.

ABOUT AMANDA BLUETT
Amanda is an enthusiastic Information System Risk and Security practitioner. She has 18 years experience and have been involved in assisting some of the world’s largest businesses in all areas of the cyber security realm. Specialty areas include investigations, mobile forensics, internet intelligence, information system audit, information system analysis and risk management, information system security architecture, information governance and management, eDiscovery, security strategy, and enterprise security.

ABOUT GANESH KRISHNAWAMY
Ganesh has 19+ years of experience in IT, spanning global MNC’s across-industries covering, CPG, Telecommunication and Metals. He is passionate about providing best-in-class IT services that deliver a competitive advantage to the business and enable business growth. As the CIO for NatSteel he is also responsible for enabling the strategic objective of the organization to “Go Digital”.

Steven Sim is the Vice President of the ISACA Singapore Chapter. ISACA is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. With over 2,300 members in Singapore, part of its mission is to provide high-quality learning opportunities and organizes an annual GTACS conference.

He has worked for over 20 years in the cybersecurity field with large end-user enterprises and have driven security governance and management initiatives at local, regional and global levels. He holds a computing masters and is certified in multiple governance and cybersecurity domains. He developed a strategy for inexpensive automated containment of infected/vulnerable systems (NIQCC gold win) and directed the largest honeynet project setup outside US. He is a SkillsFuture Fellow and was a Professional (Leaders) Finalist in the inaugural Cybersecurity Awards 2018 held in Singapore.

1) What do you feel are the biggest challenges IT leaders are currently faced with within their business?

Some IT leaders felt that IT security investments never appear enough and is eating into their bottom line. The challenge is often answering the question of how much security would be considered enough and how to future-proof their business in a more proactive rather than reactive approach.

2) As an IT leader, what do you feel businesses continue to get wrong when it comes to their IT strategy?

Some businesses continue to get misaligned with enterprise risk appetite. It is also a common issue with the adoption of technology without first having a clearly-defined problem statement as well as the lack of adequately trained people with the right mindset and sufficiently stream-lined processes supporting it.

3) What are the latest trends and behaviors you predict will be surfacing on the market over the coming 12 months?

The rise in threat sophistication and business impact bolstered by the embrace of industrialisation 4.0 would demand every organisation to look into adopting a robust cyber resiliency maturity program that is well aligned to enterprise risk and architected with layered defences cutting across protection, detection, response and recovery and supported by trained right-mindset people, quality processes and cost-effective technologies.

4) What is the best piece of advice you have received within your job over the years?

My dentist has this principle that “As human beings tend to be over-confident, therefore it is important to over-compensate” and I quote Andy Grove who said that “only the paranoid survive”. These are especially true in cyber security. Having said that, it has always been about the business, therefore it is really about the continual pursuit of that sweet spot where security can truly and fully be an enabler of the business.

5) What is one key takeaway you hope our IT audience leaves with after hearing your presentation on site?

I hope that the audience can walk away with a pragmatic approach to manage current and future emerging threats while continuing to grow their businesses.