NotableTalks with Genie Sugene Gan, Head of Public Affairs & Government Relations, APAC at Kaspersky

07.03.22 11:54 AM By Aishwarya

Talks about: #ZeroTrustPolicy, #NoMoreRansom, #DigitalTransformation, #SecureHybridWorkplace, & #TheFutureOfCybersecurity 

Genie Sugene Gan, Head of Public Affairs & Government Relations, APAC at Kaspersky

NotableTalks By AnyTechTrial

In this NotableTalks episode, we got a chance to have an interaction with a very talented thought leader Genie Sugene Gan, Head of Public Affairs & Government Relations, APAC at Kaspersky. Here is her interesting conversation with us on Zero Trust Policy, Protection against Ransomware, The Future of Cybersecurity, Digital Transformation, and a variety of more hot topics. Stay tuned for more episodes of NotableTalks Series with cross function thought leaders from across the globe.

Snippet will be rendered in the published site.

Prevention is possible.

Good News: Following simple cyber security advice can help you to avoid becoming a victim of ransomware.


Bad News: Unfortunately, in many cases, once the ransomware has been released into your device there is little you can do unless you have a backup or security software in place.


Good News: Nevertheless, it is sometimes possible to help infected users to regain access to their encrypted files or locked systems, without having to pay. We have created a repository of keys and applications that can decrypt data locked by different types of ransomware.

NO MORE RANSOM

Rapid Fire Round with 
Genie Sugene Gan

How does governments and authorities ensure cybersecurity for their citizens and how effective they are to tackle the present cyber threat?

CyberSecure Nations

The Big Challenge: Transparency, Privacy, Ethics & Laws. The world adapted to the digital medium very quickly because it offered convenience and also became the need of the hour cause of the pandemic. However, that convenience required people to share their personal information knowingly or unknowingly which has been misused by many. You have been at forefront of both the legal side and the rapidly evolving cybersecurity ecosystem, we would like to learn from you about what kind of steps are been taken by governments to ensure cyber security for their citizens and to what extent you feel these policies are in alignment to counter the present cyber threats at large?

It is a very important issue, it is something that everybody is talking a lot about this in recent times. So, focusing my remarks on the Asia- Pacific region that I look after in government affairs, I have observed that different countries are on different stages in building their cybersecurity ecosystem in part rising from their unique needs and challenges. In recognition of this diversity, we have broadly categorised countries into three main groups according to their levels of readiness to deal with cyber attacks. First of course we have got the advanced countries who are what we can call are the leaders in the cybersecurity field they have got clear strategies in place and they are already acting upon them. The second group would be intermediate countries, which have identified cyberattacks as the area they need to look into and have attempted to make some rules. And the third would be third what we call the initial countries who have just begun paying attention to the area for a variety of reasons including giving the pandemic more pressing domestic needs in the meantime. Don’t get me wrong these categories are certainly not an attempt to downplay the efforts or efficacy of the country at all. In fact on the contrary it helps us to better tailor solutions to meet the specific need of any country based on its current level of cybersecurity readiness. We do draw expressive and best practices for countries that are more advanced and their cybersecurity journey. Maybe one example I can raise is Singapore is an advanced country that is putting a lot of effort into boosting cybersecurity capacity. So, for instance just last year 2021, it is updated its natural cybersecurity capacity which they have planned to strengthen the security avenue of this digital structure and enable safer cyberspace to support the digital way of life across society. These efforts are also complemented with an advisory to reach the companies and programmes to raise the level of cyber hygiene from that community. Some of these are even conducted in person by digital ambassadors and groups so on and so forth. Moving up north a little bit I can give another example that is Vietnam which has also been actively improving its legal framework. For instance, establish national cyber security law along with standards and blueprint for government and industries.
 

Also working at Kaspersky, I have been privileged to acknowledge national campaigns including malware detection and nationwide awareness campaigns across all sectors in dealing with individuals and countries as well. And the result of these efforts have reflected in the global cybersecurity index by the ITU in 2020. Where you can see that Vietnam was ranked 25th out of 104 countries in total and 4th out of 11 countries.


That is quite a lot of progressions there and that is a testament to the efforts that they have put into this area. A key focus for Kaspersky is enabling countries in the intermediate category who are building up their cybersecurity tool to the advanced group. And of course, this includes identifying and talking about the gaps in the infrastructure or skills in developing a clear strategy. It is clearly not an easy step with countries, leadership and all that it is very hard to identify where exactly these gaps are because sometimes people just don’t know what they don’t know. I want to give one or two examples from within the region both Indonesia and India are on top of releasing their national cybersecurity strategies and highlighting the importance of the issue particularly in the recent spike in cyberattacks around the world. It also speaks to the challenges of integrating nationwide efforts into the cohesive camp to get stakeholders to manage disruption from the pandemic. I am waiting to see what these national cybersecurity strategies might entail. We have the privilege of working alongside to provide the expert which is very necessary. India and Indonesia are both making a great way in building the cyber security skills of thousands of government officials in critical sectors. And we are pleased to have been supporting them to build their cyber capacity as well. The backdrop of everything that has been painted till now I hope that it could set the context of our discussion about pandemic, politics, government organization and all the natural targets of cyberattacks. It is pivotal for countries to really build cyber capacity to continuously update their knowledge and skills given the evolving landscape and such progress we all know not come in just a day or overnight. It is productive many people chip in with long term efforts by the central government and local authorities to formulate sound, legal and policy framework action on the ground to protect the critical national information system. So, my final point is wanting to tie back to your question, Yes there have been many steps to the very extent taken by the government depending on their level of authority or states of development to ensure policy framework is well in place to enable cybersecurity for their citizens, for the enterprises, for the industries. But to me, it is not the end of the problem being able to align policies to counter present these cyber threats is not enough because new cyber threats are emerging every day. As our CEO Eugene Kaspersky has said recently about 380 thousand new malicious files were found daily in 2021. And this is reflecting a growth of twenty thousand compared to the previous year it is a continuous effort the design and adapt the policy to ensure their alignment to the ever-changing cyber landscape and to handle new threats of tomorrow.


How to ensure the cybersecurity of the organization without invading employees privacy in the hybrid working model?

Secure Hybrid Workplace

How to ensure the cybersecurity of the organization without invading employees privacy in the hybrid working model?

Impressive, this question is an important observation and one of the biggest challenges in cyber security which is the human factor. Based on our survey on 6K+ employees around the world at least 73% of respondents said that they have not provided with cyber security training when they started working remotely and when the covid pandemic hits. Many of them reveal that they increase their usage of online services that were not approved by the IT department I think 70 % of the respondent said that video conferencing and 60 % said that instant messaging was some of the online services which they have started using which were not approved by the IT department. Actually, more than 80% of cyber incidence is caused by human error. Which arrives with a multitude of factors of course lack of awareness or perhaps complexity and carelessness. Now the question is what do organisations do about it because we know the problem that is one thing and doing something about it to solve is very important. So the organisation can really adopt a range of solutions that are widely available. The first is to increase the visibility of the IT and security team they help a lot in communication within the organisation in terms of the importance of these security issues and secondly establishing dedicated cyber security policies and guidelines within the organization and thirdly importing key data protection measures including switching on password protection encrypting enabled devices ensuring data is packed up and updating the latest patches. All these things can be in place but I think that it is insufficient if employees do not comply and of course in the worst-case don’t see the need for that at all. Kaspersky is a huge proponent of cyber security awareness building and education.

And it is essential for all employees to be aware of cyber threats and what to do even when they are not in a specific job role. For instance about my usual day at work occasionally my IT colleagues work on my computer to solve some of the problems that I have with machines or devices. And I always make sure that I stay with my computer all the time and do not share any password with even my trusted IT colleagues. So, these are some of the hygiene factors happening to be in place and every employee needs to be aware of the importance. We started working with companies that are giving the tools as well to educate more people and to see an individual level of cyber security awareness and to tailor learning based on that and stimulated based exercises for employees to practise responding to cyberattacks in real-time so that they can be prepared for the real problem occurs. I hope not but if at least one is done at least people know what to do and the key intention is to keep the individual engaged so that learning is maximised lastly I would add one last word about the culture. Culture goes a long way, a culture that is vigilant and dangerous the work online can provide accessibility to cyber threats and affect data protection overall. And this begins with leaders who keep signalling the importance of cyber security and practising what they preach and every other level of organization and understanding the gravity of the risk and action that need to be taken to mitigate them.


How is Zero-Trust Policy impacting general internet users experience?

Zero-Trust Policy

Their’s a lot of buzz about Zero Trust Policy in context to cybersecurity and data protection, as Head of Public Affairs & Government Relations for APAC region at Kaspersky, a globally leading cybersecurity organisation, how do you see these policies impacting a general internet users experience?

Cyber security policies like Zero-Trust is really about improving user experience while strengthening cyber security. It may sound kind of intimidated, I’ll explain zero-trust assumes that every user of every device that wants to access applications and data is untrustworthy until prevent otherwise. This happens at the backend but once that is sorted they can enable users to work from home and use new devices from anywhere hold secure meetings and achieve new levels of productivity by delegating responsibility to the right level and facilitating automatic production. It also serves another problem with every process and activity being checked and re-checked continuously companies can more easily adapt to change for example by removing the access privileges of employees rather former employees that have left the organization or adjusting the privileges of those whose responsibility may have changed already because of change of role.

Perhaps what is tricky in the Zero-trust policy, is the transition to zero trust this entails the adopting of a new framework all over again and IT and security teams are responsible for controlling and managing this new infrastructure. For instance, they will have to enforce a trust boundary that is extended to employees based on what they need in order to get the jobs done with a fair amount of being judicious there. The process could take a week or months depending upon how dispersed the organization that work is or the scale of the organization does play a role as well how long it could take and how complex it could be. But the process can be facilitated with the transition plan and companies like Google which is on a  very large stage is developing to support that transition.


How does the future of cybersecurity looks like and what are the core shifts expected in cybersecurity ecosystem in context to hybrid work model?

Future of Cybersecurity

How does the future of cybersecurity looks like & and what are the core shifts expected in cybersecurity ecosystem in context to hybrid work model?

When we are talking about the future we cannot talk about it without talking about the present or the past. Because we learn lessons from trends. A lot of things that we observe today are indications of the trends we are expecting to go in future, first of all, the cyberattacks on the financial sector will continue to grow because that is where the money is. Therefore cyber attackers tend to follow where the money goes. We expect the market for cryptocurrency to grow since cryptocurrency is a digital asset and all the transactions can be done online which offers anonymity to users these are attractive features for cybercriminals. Adding to that complications, Kaspersky researchers have already witnessed APT groups rising to attack cryptocurrencies aggressively and we anticipated that this activity will continue. And to top of that where you can witness attacks on the payment systems and more advance mobile threats such as mobile banking trojans for the android platform that can be secured with the current security measures adopted by the bank. Secondly, we expect to continue threats against the healthcare sector, perhaps because of the pandemic that is overstaying its time. With the pandemic increases usage of online services and creating fake medical documents like covid -19 vaccination certificates and fake results in 2021. Fake vaccines have even been spotted for sale on the dark web. So as more countries have privileges alongside vaccinations or test documentation we can expect criminals to roll up more fakes in the form of test results or notification messages from doctors so on and so forth. Third, maybe this can come as a surprise would be industrial tax and industrial tax will become more focused in the future in many parts of the world to laser-focus the tac, particularly on investors’ computer systems.

We have seen increasing theft of authentication data using spy web with only a handful of targets.  These kinds of attacks will make up and even break opportunities for the threat landscape this year 2022. These attacks show why industrial shopfloors must be protected as industrial internet and devices are easily overlooked and are vulnerable. The fourth and final would be ransomware attacks becoming more targeted in 2022. 2021 was a big year in ransomware with a 30% role with ransomware 2.0 also known as double extortion. These attacks go beyond demanding ransom to the crypt systems to use stolen sensitive data to leverage to pressure victims to pay up. In November 2021 the US FBI warns that ransomware actors are using some kind of financial events such as mergers and acquisitions to target and leverage victim company's ransomware attacks. In these circumstances, any leaked information could have devastating consequences making victims more inclined to pay ransoms. So, in 2022, this year we expect this type of extortion to be less and regular high-quality cyber security training for all the staff is one of the ways of avoiding falling victims to ransomware.  It is important to mention that Kaspersky among several organizations behind the global ransomware initiatives providing free decryption tools and advice to ransomware and I hope that initiative will help people at large.

Filling the gaps: The story of APAC’s cyber capacity building

Authored by Genie Sugene Gan

Head of Public Affairs for Asia Pacific at Kaspersky
Laying the foundation for an organization’s cyber-resiliency starts with having a cyber-capacity-building program in place and cultivating a culture of cooperation among all stakeholders. Learn more about stages of Cyber-Resiliency and The S
ate of Play in APAC. Click Here To Learn More

Genie Sugene Gan's journey from an Advocate and Solicitor of the Supreme Court of Singapore for a decade to Head of Public Affairs & Government Relations for APAC region at Kaspersky

Motivation

From an Advocate and Solicitor of the Supreme Court of Singapore for a decade to Head of Public Affairs & Government Relations for APAC region at Kaspersky, we would love to learn some insights about your experiences and motivation behind this journey?

Well, part of my training was that of the lawyer, I was also an entrepreneur who then spent several years in government service and now I am working in Kaspersky. So, every phase of my life offered something different to me and collectively they make for a great set of correct experiments for myself. I always advise people, especially the younger ones whom I mentor to live life curiously. So it was curiosity that land me into Kaspersky to join this sector, particularly in cyber security the challenge implies all the skills that I have to take with me whether it is my legal knowledge and understanding of policies, people and leadership skills, critical and strategic thinking skills and experience of working in the government and of course have worked with different government multilateral setting. They all have come in very handily for me now.


Guiding steps to protect an SMB organization from ransomware attacks

Say No To Ransomeware

What should be steps taken by SMB Users to safe guard there Businesses from Ransomeware.?

A lot of people actually think that small-medium enterprises will be the last ones to be targeted by any cyber attackers of any sort. But I think that can be farther away from the truth in fact in 2020 Kaspersky found that the average count of the data breach for the small-medium enterprise was worth 100,1000 USD. So attacking smaller businesses still can be attractive for certain criminals because they believe that big businesses are more likely to have cutting edge security and a harder breach. Big businesses might be lucrative targets also more challenging to tackle. Most cybercriminals are really opportunists like they go after money but they also go after the easy money. 

So, the smaller business may not have the IT specialist on-site or IT engineer on the premises they rely heavily on managed service providing or even just basic consumer tech know-how just to get by everything. Without cyber security infrastructure and expertise to compare valuable data will find a way. I can provide you with some pointers to stay out of the traps. First I think, be vigilant know the laws and the jurisdictions in which you operate and understand how the government can regulate those works. Be aware of the falls that are more dangerous than others. Minimally install anti-virus solutions and preferably one with protection with spam and phishing on all work devices because that can go a long way in preventing breaches in the system.


Full Episode: NotableTalks with Genie Sugene Gan

Explore More Episodes Of NotableTalks By AnyTechTrial.Com

Snippet will be rendered in the published site.