ASEAN companies face cybersecurity challenges
23 October 2014 (The Brunei Times)

AS COMPANIES in the region go online, they face cybersecurity challenges in an evolving business landscape with new threats and security systems that are often too fragmented and complex.

In an interview with The Brunei Times, Sugiarto Koh, CISCO System’s regional director for ASEAN for global security sales organisation, there are three main issues that companies have to deal with when it comes to cybersecurity.

The first is a changing business model. In order to be competitive and more efficient, companies adopt various technologies such as mobility, virtualisation and cloud computing.

“This makes it a bit harder for the security professional in protecting the networks as now there is a larger attack surface. You have to worry about threats that come in from mobile devices or threats that can be embedded into various virtual technologies,” Koh said.

He said that the threat landscape itself is a second challenge as it continues to evolve.

“Almost every other day, there is news of companies being hacked or data being stolen. Attacks have become more sophisticated, actually it is kind of an industry of its own,” he said.

Koh said there are people who go all out to profit from stolen intellectual property or financially data.

“You also have those who are backed by nation states or organised crime or ‘hacktivists and so forth,” he said.

The third challenge is the complexities of security infrastructures that have to be managed.

“What happens is that if a customer has one issue, they buy one security device. If they have another issue, they buy another one. So they end up dealing with so many security vendors, and for a security guy to manage and deal with 10-15 security vendors actually makes it very challenging,” he said.

Koh suggested several ways to overcome these challenges.

“For small businesses, who general have fewer resources, you probably should try to reduce your infrastructure and maybe outsource to people with more expertise that can take care of your networks,” he said.

He said that they can also adopt some of those cloud technologies by putting various applications on the cloud so that they do not have to maintain their own infrastructure.

Big organisations, meanwhile, can protect their networks in their own way such as reducing the number of security devices they have to deal with.

He said that for CISCO, they provide integrated security solutions.

“So instead of buying three or four different appliances, you just have a single appliance which lowers cost of operations,” he said.

He also said that the company also tries to reduce or automate security tasks that a professional will have to look at.

“We also hope to automate the tuning, because every security system has to be tuned and configured to the specific customer,” he said.

Koh said that it’s important, in terms of IT infrastructure, to know where critical assets are located.

“A lot of people do not even know what applications are running on their networks. So I think it’s important to have tools to give visibility on what is being run on the network environment,” he said.

The Brunei Times