Ivanti: Making everywheretheworkplaceareality TCS: Meralco: technologyoperationalTransforming Booking.com: The future of travel cybersecurityand May 2022 cybermagazine.com cybersecurityFemaleleaders ACREATING HOLISTIC APPROACH TO SECURITYCYBER
The Cyber Team SOPHIE-ANNOSCAREDITORIALEDITIOR-IN-CHIEFTILLYKENYONDIRECTORSCOTTBIRCHCREATIVETEAMHATHAWAYPINNELLHECTORPENROSESAMHUBBARDMIMIGUNNJUSTINSMITHREBEKAHBIRLESONJORDANWOODDANILOCARDOSO PRODUCTION VIDEODANIELAGEORGIADIRECTORSALLENKIANICKOVÁPRODUCTIONMANAGERSPHILLINEVICENTEJANEARNETAELLACHADNEYPRODUCTIONMANAGERKIERANWAITESAMKEMPMOTIONDESIGNERTYLERLIVINGSTONE DIGITAL VIDEO PRODUCERS EVELYN HUANG MARTA THOMASERNESTEUGENIODENEVEEASTERFORDDREWHARDMANPROJECTDIRECTORSKRISPALMERBENMALTBYTOMVENTUROMANAGINGDIRECTORLEWISVAUGHAN MEDIA SALES DIRECTORS JASON WESTGATE CHIEF OPERATIONS OFFICER STACYGLENCEONORMANWHITE JOIN THE COMMUNITY Never miss an aboutDiscoverissue!+thelatestnewsandinsightsGlobalCyber...
TILLY KENYON tilly.kenyon@bizclikmedia.com
How secure is the Metaverse?
“As increases,excitementaroundthemetaversetherearealsoraisingconcernsaboutthepotentialcyberrisks”
Companies moving into this new type of world and interacting with their customers through it will need to keep an eye on sensitive data and look at the best ways to keep it secure.
The metaverse is heavily centered on the use of cryptocurrencies and non-fungible tokens (NFTS), which can be attractive targets for cybercriminals for a variety of reasons.
New technology is often developed and introduced to the market long before cybersecurity concerns are addressed.
As technology continues to rapidly develop, it’s important to look at how fast security is keeping up with these changes. More companies are delving into the Metaverse, but how secure is it?
FOREWORD
With cyber breaches in the real world increasing, it brings to attention the issues that virtual worlds may pose. Along with phishing, malware, and hacking that we are familiar with, the metaverse will likely bring entirely new types cyber crimes because of its infrastructure.
CYBER MAGAZINE IS PUBLISHED BY © 2022 | ALL RIGHTS RESERVED cybermagazine.com 3
Get tickets Sponsor opportunities SHAPING TECHNOLOGYBUSINESSTHEOF 23 - 24 JUNE 2022 STREAMED & IN PERSON TOBACCO DOCK, LONDON A BizClik Media Group Event: 3,000+ Participants 2 Days 4 Zones 60+ Speakers
Join us at TECH LIVE LONDON
Get tickets Sponsor opportunities
TECH LIVE LONDON, the hybrid event held between 23rd-24th June is broadcast live to the world and incorporates four zone areas of Technology & AI LIVE, Cloud & 5G LIVE, Cyber LIVE plus March8 LIVE in to one event.
Brought to you by BizClik Media Group
From keynote addresses to lively roundtables, fireside discussions to topical presentations, Q&A sessions to 1-2-1 networking, the 2-day hybrid show is an essential deep dive into issues impacting the future of each industry today.
Showcase your values, products and services to your partners and customers at TECH LIVE LONDON 2022.
With a comprehensive content programme featuring senior industry leaders and expert analysts, this is an opportunity to put yourself and your brand in front of key industry decision makers.
See you on: 23 - 24 June 2022
Watch our 2021 Showreel
Global giants and innovative startups will all find the perfect platform with direct access to an engaged and active audience. You can’t afford to miss this opportunity.
Our UpfrontRegularSection: 12 Big Picture 14 The Brief 16 GinniTrailblazer:Rometty Ivanti Making the Everywhere Workplace a Reality 3644 Tata Consultancy Services Creating a holistic approach to cyber security 22 Cyber Security Impact of on-premise to cloud migration on digital forensics CONTENTS
Meralco A CISO's perspective in Transforming Operational Technology 88Network Application& Greater digital risks loom over those with multiple devices Digital Ecosystem How CCE Brings Changes to Securing Critical Infrastructure University of Oklahoma On a mission to protect and provide Top 10 Female leaders in cybersecurity 6680 102 58
Mori &
Booking.com Travelling to the future of cybersecurity
Full-service law firm with an exciting digital future 128114
Anderson Tomotsune
Cloud enables organizations to securely connect the right people to the right technologies at the right time. more
Learn
Never OktaOktaalwaystrust,verifyasthecoreofZeroTrustistheleadingindependentidentityprovider.TheOktaIdentity
Getting identity right is really important – but complicated. Clients can use Okta to enable their users to sign in with a username/password or with their social accounts like Google or Facebook using pre-built sign-in components from Okta. “After the user has signed in, you can retrieve their user profile, secure your APIs and application backends so that only authorized users and applications can call them. With Okta clients can use their existing stack to build sign in, protect their APIs and move on with their lives!” That message is not lost on Okta’s
LearnPresidiomore
Today IT leaders cite secure employee access as their primary focus, thanks largely to an explosion in remote working. “One of the scariest parts of the quick switch to remote work is the need to move quickly and securely,” says Brock Dooling, Partner Alliances Engineer at Okta, a trusted platform to secure every identity, from customers to workforce. More than 10,000 organizations trust Okta’s software and APIs to sign in, authorize, and manage users.
Okta’s vision is a world where everyone can safely use any technology: its promise, to protect the identities of all users, while asking “what more can we make possible?”
Okta: identity for the internet
Password access is notoriously vulnerable, so automation of user authentication is at the top of the developers’ agenda. Okta FastPass is already delivering passwordless login using default authentication implemented through biometric capabilities, rather than only by user-specific certifications. On March 4 2021 Okta acquired a complementary authorization platform. It will continue to support and expand Auth0, with a view to eventual integration. “Together, we will shape the future of identity on the internet,” promises Brock Dooling. “Okta and Auth0 address a broad set of identity use cases, and our identity platforms are robust and extensible enough to serve the world’s largest organizations and most innovative developers.”
partners. Recently the CTO of lifecycle managed services provider Presidio Dave Trader told us: “Okta has been a huge help in managing secure user authentication, while allowing developers to build identity controls into applications, website web services and devices.”
Watch about the partnership between Okta and
BIG PICTURE
Locked Shields 2022 tested countries on their reactiveness to live-fire attacks and Finland came out on top as the team navigated 5,500 virtualised systems that were subject to more than 8,000 attacks.
Finland wins Locked Shields 2022
“It was a very close run. The winning team demonstrated solid defence against network and web attacks and they excelled in situation reporting” - Carry Kangur, Head of Cyber Exercises at the CCDCOE.
In response to the attacks, teams had to report incidents, execute strategic decisions and solve forensic, legal and information operations challenges.
Mons, Belgium
Dealing with cyber risk is an unavoidable part of doing business in the modern digital age. Attacks are now a case of when, not if.
Jayne Goble, Cyber Security Director, KPMG UK experienced“Businesses the shutdowns, the massive disruption of supply chains, and now we Yoshihiderisingexperiencingaretheinputprices”Hojo, Chief Security Officer, Legal & IT Tech Strategy, Anderson Mōri & Tomotsune
ThreatLocker raises US$100mn to provide zero trust security
How does Avast’s USB Protection safeguard company data?
Ponemon Institute’s State of Cybersecurity Report, small to medium sized business around the globe:
Respondents say cyber attacks are becoming more targeted:
Respondents have experienced a cyber attack in the past 12 months:
READ
READ
READ MORE READ MORE MORE
THE BRIEF
"It's been estimated that causesransomwaredowntime of 21 days on average”
14 May 2022
READ
66%69%
READ
“If you receive a text message requesting that you follow a link, ignore it”
Avast has recently introduced USB Protection, a new feature available in the Avast Business Hub, Avast Business Premium and Avast Ultimate Business Security products.
Founded in 2017, ThreatLocker provides organisations with the ability to protect their IT operations with an effective Zero Trust approach to cybersecurity.
BY THE NUMBERS
How can businesses deal with cyber risks?
Charles Brook, Threat Intelligence Specialist, Tessian MORE MORE MORE
Finland the target of multiple, major cyber attacks APE YACHT CLUB AND INSTAGRAM A HACKER STOLE MILLIONS OF DOLLARS WORTH OF BORED APE YACHT CLUB NFTS THROUGH ITS OFFICIAL
The country has recently been exposed to multiple cyber attacks, which has been linked to its plans to join NATO. Its government website was attacked during a speech by Ukraine’s President Volodymyr Zelenskyy to the Finnish parliament.
The attack subsided within an hour after the Ministry of Foreign Affairs took necessary precautions to limit the effects of the attack, by cooperating with its trust cybersecurity service providers as well as its Cybersecurity Centre.
This has come alongside attacks on critical infrastructure and even Helsinki hotels.
The DDOS attack is different to the usual ransomware attack in that its primary function is to disable a website and prevent it from being used, by flooding it with internet traffic.
INFRASTRUCTUREONCYBEREUROPEATTACKSCRITICAL IN EASTERN NATIONS.EUROPEAN CYBERSECURITY INDUSTRYCONTROLINCLUDECOLLABORATIVECYBERTHECISASECURITYINFRASTRUCTUREANDAGENCYEXPANDSJOINTDEFENCETOINDUSTRIALSYSTEMSEXPERTISE. ATTACKS60EXPERIENCEDWHICHINCLUDINGPHISHINGAEXPERIENCINGAMONGUNIVERSITIESCOLLEGEUNIVERSITYLONDONARETHOSETSUNAMIOFATTACKS,UCL,HASALREADYNEARLYMILLIONEMAILIN2022. BORED
WALLETS.TOKENSTHATAACCOUNT,INSTAGRAMPOSTINGPHISHINGLINKTRANSFERREDFROMUSERS’ WOUPDN MAY 2022
While no information was provided as to who might have ordered it, there is rife speculation around the motivation for it, suggesting it was related to Russia’s invasion of Ukraine.
cybermagazine.com 15
Former IBM boss Ginni Rometty is known to be one of the pioneers in the company's AI business, as well as in workforce inclusion and diversity
V
irginia M. Rometty, or Ginni Rometty, joined IBM in 1981 as a systems engineer after a short stint at General Motors Institute. Armed with a Bachelor of Science degree in Computer Science and Electrical Engineering from Northwestern University, Rometty's earliest achievement was the successful integration of PricewaterhouseCoopers Consulting into the Big Blue in 2002.
Rometty took over the Chief Executive position in 2012 to steer the company across new ventures, such as cloud computing and artificial intelligence. She was known to be one of the most prominent female business leaders in the United States – and, most notably, in the male-dominated tech industry, no less.
"Over the last 60 years, there have only been two times when technology allowed businesses to improve on an
TRAILBLAZER
"For much of my career, I did not want to be recognised as a woman CEO – just a CEO. However, you cannot be what you cannot see, and eventually, I realised that I had an obligation to help and inspire others," she said.
On top of her roles at IBM, she also serves on the Board of Directors of JPMorgan Chase, as the Vice-Chair of the Board of Trustees of Northwestern University, on the Board of Trustees of Memorial SloanKettering Cancer Centre, on the Board of Trustees of the Brookings Institute, and on the Council of Foreign Relations.
Rometty led IBM into multiple high-value segment investments in the IT market. These bold steps included the acquisition of Red Hat in 2019, the largest acquisition in the company's history at US$34bn, as well as 64 other companies. The purchases drastically changed more than 50% of the company's portfolio.
The IBM journey
"Our continued strong performance in spite of a difficult global economic environment is the result of disciplined execution by more than 400,000 IBMers and continued leadership in innovation," she said in 2012. "We have steadily realigned our business, with two goals in mind: 1. To lead in a new era of computing; and, 2. To enable our clients to benefit from the new capabilities that this era is creating."
Ginni Rometty's Journey in ComputingCognitiveandInclusion
She then fully realised her words by building a US$21bn hybrid cloud business. Known as one of the leaders who popularised the term "cognitive computing", Rometty established IBM's strong position in AI, quantum computing, and blockchain. Two years after its launch in 2011, Rometty was primarily focused on Watson, aiming to commercialise the AI solution.
"In this way, my career became a calling, and I've dedicated myself to fostering inclusion in the workplace for all genders, races and creeds"
exponential curve instead of just a linear one," said Rometty in 2018. "The first was called Moore's Law. It said that chips and processing would double every 18 months. That led to the automation of everything as we know it, the back offices of the world.
"Then there was Metcalfe's Law, which says the value of a network is equal to the square of the nodes on the network. That is what gave rise to the platform companies, be it Facebook or Google.
Rometty endorsed diversity and aimed to reinvent education worldwide, such as with the six-year Pathways in Technology
TRAILBLAZER
Ginni Rometty talks about building inclusive companies and her tenure at IBM
Leading in diversity and inclusion
"So, maybe this one will one day be called Watson's Law – after IBM's name for our artificial intelligence – and it will help people outlearn."
After pursuing many approaches, including medical diagnosis capabilities, Watson is now focusing its function as a set of tools to build A.I.-based applications, such as those utilised for accounting, payments, technology operations, marketing and customer service.
Rometty announced a slight increase in IBM's revenue in 2020, after a long period
of struggle since 2014, and retired from her President and Chief Executive Officer roles at the Big Blue on April 6, 2020, yet remained as Executive Chairman of the Board until December 31, 2020. She was replaced by Arvind Krishna, previously IBM's Senior Vice President for Cloud and Cognitive Software.
"For years, others have tried to define us, from our competitors to analysts to the media. But none of them have the power to write IBM's story. Only you can do that. IBMers define who we are. We are the hybrid cloud and AI company," Rometty said in her farewell. "IBM is becoming a growth company, and IBMers need to continue getting comfortable being uncomfortable, learning new skills and practising new ways of working."
"For much of my career, I did not want to be recognised as a woman CEO – just a CEO. However, you cannot be what you cannot see, and eventually, I realised that I had an obligation to help and inspire others"
"My experience hiring workers without four-year degrees has helped confirm for me that a lack of credentials is in no way the same as a lack of aptitude or skill. Instead, it's an opportunity to help people see themselves in a position to thrive with the right support," she said. "In this way, my career became a calling, and I've dedicated myself to fostering inclusion in the workplace for all genders, races and creeds."
"We've coined the term ‘New Collar’ to describe someone who may not have a four-year degree yet," she said. "They're not blue-collar, not white-collar. We're working on new models of education that deliver the right skills at scale and have a big impact in making this a truly inclusive era."
Rometty emphasised the importance of pioneering new models that can create an inclusive environment just as society started to raise the question of whether the existence of AI would disrupt the workforce. IBM, according to Rometty, recognised the need to go beyond the technology and work to understand and address its societal impact.
During her tenure, she led IBM to create thousands of ‘New Collar’ jobs that enable people of diverse backgrounds and education levels from disadvantaged populations to join the company.
Early College High Schools, or P TECHs, that now helps more than 240 schools in 28 countries. She is also a member of the Tsinghua University School of Economics and Management Advisory Board, the Singapore Economic Development Board International Advisory Council, and the BDT Capital Advisory Board.
Rometty plans to continue her mission of enhancing inclusion in the workspace in her role as co-chair of the OneTen coalition, which is committed to "creating one million jobs for Black Americans in the next 10 years by changing the way the world's biggest employers identify, train, and hire talent".
Meet who runs the world.
A BizClik Media Group Brand
Creating Digital Communities TECHNOLOGY in Read now TOP 100 Women NEW ISSUE OUT NOW In Association with:
22 May 2022 TATA CONSULTANCY SERVICES
CREATING A HOLISTIC APPROACH TO CYBER SECURITY
cybermagazine.com 23
PRODUCED BY: JESURAJASUJAN WRITTEN BY: GRAYCATHERINE
Narayan Sharma, Identity Access Management Lead for TCS outlines how the company has utilised technology to respond to the rise in cyberattacks
A
24 May 2022 TATA CONSULTANCY SERVICES
s technology develops and becomes more disruptive, the number of cyber security threats facing businesses has grown rapidly. Attackers are finding new ways to exploit vulnerabilities in systems, causing significant problems forAenterprises.catalystfor this growth was the coronavirus pandemic. As people moved out of the office and worked from home, they were more vulnerable to cyber attacks. In fact, according to Deloitte, 47% of people fall for a phishing scam while working at home. With its technical expertise and business intelligence, Tata Consultancy Services (TCS) provides its customers with the solutions to combat cyber attacks and improve their cyberTCS,resilience.partofTata Group, India's largest multinational business group, is a global leader in IT services, consulting, and business solutions. The company “provides consulting, professional services, and managed services to the world’s biggest and most important companies,” explained Narayan Sharma, its Global Head of Identity Access Management offerings under TCS Cyber Security Unit.
cybermagazine.com 25
IBM, Ping Identity, BeyondTrust, CyberArk, SailPoint, One Identity, Saviynt, Palo Alto – to name a few. These strategic partnerships bring in a lot of security toolsets and capabilities,” to strengthen TCS’ solutions, explained Sharma.
26 May 2022 TATA CONSULTANCY SERVICES
Outlining the cyber security risks that come with advances in technology and tech-driven open business models, Sharma stressed the importance of education in cyber: “As businesses move into a multi-cloud hybrid models, highly regulated environments, and advanced threat vectors, organisations need to focus on maturing from being compliant, to being risk aware, to being risk managed – i.e. becoming truly cyber resilient.”
He added: “As a global company, we offer a full suite of cyber security services across consulting, professional services, and managed services around areas such as Managed Detection and Response, Identity and Access Management, Cloud Security, Governance Risk and Compliance, Enterprise Vulnerability Management, Data Security and Privacy, Fraud and Forensics, OT/IoT Security, etc. We deliver these services through Threat Management Centers setup across the globe to meet our customers’ unique business and regulatory requirements.”
To combat the rise in cyber security risks, TCS partners with alliance partners and academia to provide high-quality and contextual solutions to its customers. “TCS has strong and strategic global partnerships with the likes of Microsoft, AWS, Google,
Helping clients become proactive with cyber defences
Creating a holistic approach to cyber security
cybermagazine.com 27 TATA CONSULTANCY SERVICES
By combining this with comprehensive intelligence, TCS ensures that enterprises block stealth adversaries and recover quickly from any incidents when they occur.
EXECUTIVE BIO
NARAYAN SHARMA
Narayan has over 21 years of experience in cyber security consulting and large-scale cyber security transformations delivered for global customers in BFSI and other industries. He currently heads Identity and Access Management
“As businesses set up a multi-cloud hybrid model and as traditional network perimeters beingresiliencemoveorganisationsdisappear,needtotowardscybermindsetfromcompliantmindset”
TITLE: GLOBAL HEAD, IAM, CYBER SECURITY COMPANY: TCS LOCATION: INDIA
TCS encourages its customers to proactively respond to threats. The company’s bespoke, adaptable, managed detection and response services encompass both threat hunting and red teaming, a systematic and rigorous way to identify an attack path that breaches the organisation's security defence.
NARAYAN SHARMA
In doing so, TCS creates a foundation for resilience and simultaneously addresses advanced threats as well as cyber risks.
(IAM) practice under TCS Cyber Security unit, and is responsible for IAM service strategy, revenue growth, partner GTM, customer advisory, and governance of strategic IAM programs. He is based in Pune, India.
GLOBAL HEAD, IAM, CYBER SECURITY TATA CONSULTANCY SERVICES
TCS helps its customers define a comprehensive cyber security strategy with a long-term strategic roadmap. This roadmap enables companies to navigate enterprise risk, meet regulatory requirements and make informed choices on security Followingsolutions.this,thecompany integrates security solutions into the fabric of its clients’ enterprises through its secure-by-design, zero-trust, and cyber resiliency frameworks.
As risk management approaches evolve, Sharma explained, the Zero Trust (ZT) architecture approach “provides architectural blueprint to enable contextual and riskdriven security controls at deeper granularity to enforce core principles of Resource Visibility, Zero Attack Surface, Least Privilege, Data Centric Security, Security Visibility and Analytics, and Security Orchestration Automation and Response.”
Simplifying secure identity and access for over 27 million users
Office of the CIO establishes future-proof digital authentication with IBM Security Verify
IBM
Learn more
With the new solution, IBM could expand internal user choice for authentication. Twofactor authentication (2FA) significantly protects against password compromise but it’s often cumbersome. IBM implemented adaptive features of 2FA that used backend analytics to determine where to require additional authentication. The shift offered enhanced choice for IBMers to passwordless authenticate options.
scale. Transforming IBM’s authentication would require significant infrastructure modernization and consolidation to efficiently deliver large-scale reliability and Aftersecurity.gathering
requirements and considering all options, the team chose IBM Security™ Verify (SaaS) . Key factors in the decision were that the APIs enabled a seamless application migration and that they’d be able to customize the user interface to fit their exact requirements without draining their development resources. By embracing IBM Security Verify as the standard platform for all B2E and B2B identities, IBM would be poised to deploy more modern identity capabilities with enhanced security, scale and user experience.
By adopting IBM Security Verify, IBM improved the user experience while tightening security at scale. With IBM Security Verify, anyone who interacts with IBM, now has frictionless, secure, state-ofthe-art access to information resources … and that’s just the beginning.
The IBM Office of the CIO was dealing with two distinct identity and access management (IAM) platforms offering different technologies, levels of maturity, reliability and functionality at enormous
The expression “caught between a rock and a hard place” comes to mind when describing challenges facing the IBM Office of the CIO. First, imagine having to provide identity and access authentication for over half a million IBM employees, with a highly customized, single tenant, on-premises platform. And also, having to provide similar for over 26 million global IBM clients with a separate, first-generation identity as a service (IDaaS) solution.
Simplifying secure identity and access for over 27 million users
30 May 2022 TATA CONSULTANCY SERVICES
Now, these security controls utilise a number of different technologies to ensure enterprises are protected from security threats of all kinds. “With continuously evolving sophisticated attack vectors, machine and deep learning will take centre stage for detection and response,” explained Sharma.
“We are focused on enabling the future cyber resiliency vision of enterprises”
“So, organisations today have to anticipate risks, including potential black swan events like the pandemic that we saw. They need
to get the right security controls based on the industry standard security frameworks like NIST (National Institute of Standards and Technology)/CIS (Ceter for Internet Security) to withstand and recover from an attack. Organisations should also continuously monitor the effectiveness of security controls for further fine-tuning for better Cyber Resilience,” he added.
“Some of the offerings under incubation right now are managed detection and response for connected vehicles, security for AI/ML ecosystems, and 5G security,” he added. Adopting new approaches to respond to changes in technology These new approaches are essential as attacks become more sophisticated. “The traditional approach to security is not sustainable anymore,” said Sharma.
NARAYAN SHARMA GLOBAL HEAD, IAM, CYBER SECURITY TATA CONSULTANCY SERVICES
“TCS also offers an integrated platform based on the ‘as-a-service’ model through its Cyber Defense Suite,” outlined Sharma.
cybermagazine.com 31 TATA CONSULTANCY SERVICES
Enhancing customer engagement with fast, frictionless, and secure digital experiences.
Engage
and
Customers want fast and frictionless digital experiences that balance security and convenience. Use the PingOne Cloud Platform to build, test, and optimize digital experiences with a no-code orchestration engine that weaves together authentication, user management, and MFA to enhance security, drive engagement, and boost revenues.
Seamlessly Securely Your Customers Today
He continued: “AI can collect and correlate data across systems, applications, networks, and inputs, and analyse these inputs to provide visibility and context in revealing advanced attacks.”
To respond to the need for AI within cyber security applications, TCS is incubating research and building solutions based on this technology as well as 5G and quantum encryption, to support enterprises to counter evolving sophisticated threats.
any organisation. As we see today, everything is becoming so dynamic. We have the set of controls and advanced technologies to be able to detect the attacks as well as protect the organisations through those attacks,” said Sharma.
Creating a holistic cyber security strategy
Undoubtedly, cyber attacks will continue to grow as technology advances. As technology systems are incredibly advanced, cybercriminals are increasingly targeting humanThesevulnerabilities.typesofattacks get people to unknowingly let cybercriminals into their enterprise’s software as opposed to targetting vulnerabilities in technological systems. To ensure both types of attacks are protected against, a more holistic approach is essential.
cybermagazine.com 33 TATA CONSULTANCY SERVICES
“We are seeing an increase in the adoption of some of these services that customers are really banking on. Technology has a critical role to play in improving the risk posture for
“These services will combat emerging risks by understanding and monitoring diverse risk factors, meeting compliance and regulatory requirements and balancing the right technology platforms with proactive services to effectively manage risks,” he added.
With this approach, training for employees is essential to ensure they can protect themselves against cybercriminals. Without it, both organisations and employees would continue to be vulnerable.Recognising this importance, TCS is developing a “holistic and orchestrated Cyber Defense Suite, an integrated technology platform, which will be offered to enterprises that are looking to adopt an end-to-end cybersecurity strategy with 360-degree visibility to improve their cyber resilience,” said Sharma.
Sharma concluded: “We are focused on enabling the future cyber resiliency vision of enterprises, by bringing in a critical cyber
34 May 2022 TATA CONSULTANCY SERVICES
TCS will also continue to help its clients chart long term strategic cyber security roadmaps to navigate enterprise risk, adopting security by designs to make informed decisions on security solutions.
competitive advantage that helps drive transformation, counter evolving threats, adopt new approaches and actively prepare for emerging and disruptive technologies like AI, 5G, 6G, IoT security, as well as quantum computing. It's all about helping customers, first of all, getting our service portfolio right for our customer needs of today, as well as the future and then elevating and scaling up our capabilities so that they can continue building purpose-led organisations with confidence.”
TATA CONSULTANCY
“TCS also offers an integrated platform based on the ‘as-aservice’
DefensethroughmodelitsCyberSuite”
NARAYAN SHARMA GLOBAL HEAD, IAM, CYBER SECURITY SERVICES
cybermagazine.com 35
Some companies have continued using traditional data storage systems, such as on-premise servers. The industry has shown, however, that there has been a massive transition from on-premise to cloudThisinfrastructure.trend,unfortunately, has its risks as it brings new opportunities for criminal activities. With its rapid evolution, the technology is replete with many unaddressed issues when it comes to digital forensics, particularly those related to the identification, preservation and acquisition of evidence in the cloud.
C
loud computing has been on the rise over the past decade. So much so, that the technology is now an integral part of many operations and infrastructure worldwide, as it offers lower costs and better data management, among other benefits.
IMPACT OF ON - PREMISE TO FORENSICSONMIGRATIONCLOUDDIGITAL
The massive usage of cloud computing gave birth to new problems that require new solutions, such as cloud forensics
WRITTEN BY: BLAISE HOPE
36 May 2022
cybermagazine.com 37 CYBER SECURITY
Start Today
The quest for adaptability
Traditionalprocesses.application deployment
cybermagazine.com 39
constantly evolves and updates at any given time. Data collection and preservation procedures must keep up to avoid impeding future discovery processes.
FOCUSING ON THE SYNERGIES THAT EXIST EFFICIENCIESTOWEANDINCIDENTFORENSICS,PRIVACY,BETWEENDIGITALRESPONSEE-DISCOVERY,WEREABLEGENERATE”
Such a fluid environment would add further challenges to ongoing processes, not only in IT and business but also within legal teams, where data ownership and custodianship related to cloud-based data sources and applications will need to be constantly adapted. Some cloud and hosting platforms would allow companies to select the territory where their data would be kept. This, however, would affect the data privacy restrictions and other regulatory considerations.
Low cost, cloud-based solutions can easily be done by organisations these days. These applications would usually have the ability to channel data from both cloud-based systems and on-premise systems during transition times. This perk, however, might complicate data preservation and analysis situations
would have a structured release, whereby organisations can quickly identify any changes or updates in the environment. On the other hand, cloud application deployment can be a wild ride, as
“itBY
BOBBY BALACHANDRAN CEO OF EXTERRO
• Incident first responders, with verification of the trustworthiness of cloud
• Anti-forensics, all challenges relating to obfuscation, data hiding and malware, especially those designed to prevent or mislead forensic analysis.
“WE NOW UNIFY AND AUTOMATE THOSE WORKFLOWS ACROSS THE ENTIRE BUSINESS VIA ONE HOLISTIC SOLUTION, AND WE'RE THE ONLY COMPANY DOING THAT”
• Architecture, which is related to diversity, complexity, provenance, multi-tenancy and data segregation.
It is also crucial to have a prior evaluation of the factors that would affect the analysis solution, such as financial impact, analysis location, data volume, or even the tools' availability. Data analysis tools often come along with the cloud hosting package, but make sure that it would be sufficient for your company's standard of procedure for investigations.TheNational Institute of Standards and Technology's Cloud Computing Forensic Science Working Group's research on Cloud Computing Forensic Science Challenges maps into nine distinct categories the 65 issues it managed to identify regarding the forensics around cloud computing.
BOBBY BALACHANDRAN CEO OF EXTERRO
40 May 2022
• Data collection, which mainly covers data integrity, data recovery, data location and imaging.
These nine categories are:
• Analysis, including identifying correlation, reconstruction, time synchronisation, logs, metadata and timeline issues.
Deloitte advises that companies would need to add more skills, especially related to forensics, to help them navigate cloudbased applications and data storage.
• Training, to ensure adequate knowledge among forensic investigators and cloud providers.
Cloud forensics vs traditional forensics Security and privacy have become prevalent issues when discussing cloud computing. Despite the popularity of cloud usage, some companies still want to prioritise forensic preservation and investigation experience related to the on-premise data sources as they transition to cloud-based data solutions. Some end up relying more on traditional digital forensics, believing that it will cover all sides. Nevertheless, there are stark
providers, including response time and reconstruction as its focus.
• Role management, this involves data owners, identity management, as well as users and access controls.
• Standards, including standard operating procedures, interoperability, testing and validation.
cybermagazine.com 41 CYBER SECURITY
• Legal matters, including jurisdictions, relevant laws, service level agreements, contracts, subpoenas, as well as international cooperation, privacy and ethics.
42 May 2022
“DELOITTE ADVISES THAT COMPANIES WOULD NEED TO ADD MORE SKILLS, ESPECIALLY RELATED TO FORENSICS, TO HELP THEM NAVIGATE CLOUD BASED APPLICATIONS AND DATA STORAGE”
Investigators would also need to deal with more computing assets, including both virtual and physical servers, networks, storage devices, or applications — all while the cloud environment continues evolving as with regular days of operations, which may compromise data integrity if analysis and investigation are not performed quickly enough. Poorly collected evidence could just end up inadmissible in the court.
BOBBY BALACHANDRAN CEO OF EXTERRO
IBM's Qradar promises analysis for both on-premise and cloud-based systems, such as SaaS and IaaS environments like Office365, SalesForce.com, Amazon Web Services, Microsoft Azure and GoogleAnotherCloud.example is Exterro, the industry's first provider of Legal Governance Risk and Compliance (GRC) software. Exterro offers a comprehensive platform so organisations can mitigate risk, manage cost control, and have endto-end visibility of their GRC processes.
cybermagazine.com 43 CYBER SECURITY
"By focusing on the synergies that exist between privacy, digital forensics, incident response and e-discovery, we were able to generate efficiencies and pave the way for the better utilisation of that data," says CEO & President Bobby Balachandran. "We now unify and automate those workflows across the entire business via one holistic solution, and we're the only company doing that."
However, the location of the data can be vague, and it can also be outside the jurisdiction of your nearest law enforcement. Extracting and getting the evidence to be under the custody of relevant law enforcement can be extra challenging.
differences between conventional and cloud forensics. Without the proper knowledge of such differences, these organisations are prone to attackers, yet potentially missing the chance to actually collect the appropriate evidence.
For proper cloud forensics, one must have a blend of skills in digital forensics and cloud computing. In traditional computer forensics, the process is mainly done at the physical crime scene, and the evidence will be brought to be stored or examined under the safekeeping and control of law enforcement, similar to any other criminal case.
This is why more tech companies are offering cloud forensic services, with several leading players like CISCO, Digital Detective, Oxygen Forensics, Micro Systemation, OpenText, LogRhythm, Paraben, AccessData, Magnet Forensics, Coalfire, Cellebrite, and FireEye dominating the market. Big companies, like IBM, have also started to venture into the market.
Given the current trend, there will doubtless be more cloud forensics service providers entering the market, providing consumers and businesses with an abundance of options. This is progress - even in spite of the multitude of unaddressed problems within cloud forensics itself, with limited answers when it comes to cross border jurisdiction, the chain of custody regarding data acquisition, and the differences in legislation in many parts of the world.
Making aWorkplaceEverywherethereality44 May 2022
WRITTEN BY: ALEX TUCK
PRODUCED BY: MIKE SADR
cybermagazine.com 45 IVANTI
President and Chief Product Officer, Nayaki Nayyar, says the phenomenal growth of Ivanti over the last two years is rooted in vision and strategy
The result was a refreshed mission around the ‘Everywhere Workplace’, accelerated by the global pandemic, and a vision for Ivanti Neurons Automation Platform to Discover, Manage, Secure, and Service IT assets from Cloud to Edge.
One of Nayyar’s first tasks over two years ago was to help Ivanti put together a very strong vision and strategy. She helped the company to look of itself in the mirror and ask questions of itself: ‘Where are we heading? Where are we going?’.
W
Charting through a period of high growth Under Nayyar’s leadership, the vision, the strategy and the growth for Ivanti’s three main product pillars, along with its flagship Ivanti Neurons automation platform, has achieved significant success over the last 12 to 18 months.
46 May 2022 IVANTI
While the company had strong patch management, endpoint management and some capabilities in service management, the reality was that “in each of the pillars that Ivanti was playing in, it did not have the depth and the strength to be top two or top three in those markets,” said Nayyar.
hen current President and Chief Product Officer, Nayaki Nayyar, joined Ivanti in 2020, the US-based IT Software company had few existing products to manage and secure devices.
Working in an addressable market of 30 billion, the aim was now to double this figure and work towards a 60 billion addressable market.
cybermagazine.com 47
NAYAKI PRESIDENTNAYYAR&CHIEF PRODUCT OFFICER, IVANTI
48 May 2022 IVANTI
The Neurons platform connects the company’s industry-leading unified endpoint management, cybersecurity and enterprise service management solutions, providing a unified hyperautomation platform that enables devices to self-heal and self-secure and empowers users to self-service.Nayyar’svision included an inorganic and organic growth strategy. Over the last 12 months, Ivanti has made five acquisitions across the product portfolio. Far from being random, Nayyar reiterates, these were “all very deliberate moves to strengthen our capabilities in unified endpoint
“It's just been a pleasure for me to be at the forefront of enabling Ivanti to go from less than half a billion to a billion plus in revenue”
IVANTI: Making the Everywhere Workplace a reality
Ivanti today has doubled the total addressable market from 30 billion to 60 plus billion, just as it set out to do.
NAYAKI NAYYAR
LOCATION: SAN JOSE, CALIFORNIA
TITLE: PRESIDENT & CHIEF PRODUCT OFFICER
management, in cybersecurity to evolve beyond just patch management into the entire zero trust framework, and service management, providing a great end to end service experience for employees, not just in IT but in every line of business”.
Nayaki Nayyar is the President and Chief Product Officer at Ivanti. She is responsible for Ivanti’s strategy, innovation and growth in Cybersecurity, Automation, Edge and Endpoint Device Management, and Service Management. She was instrumental in Ivanti’s significant growth through acquisitions, the launch of Ivanti’s Neurons Platform, and doubling its total addressable market from US$30bn to US$60bn in the last 2 years. Nayaki currently serves on the boards of TD Synnex, Veritone, Inc., Solutions, and Corteva Agriscience. She holds a B.E. in mechanical engineering from Osmania
“Phenomenal growth, phenomenal success, phenomenal momentum. It's just been a pleasure for me to be at the forefront of enabling Ivanti to go from less than half a billion to a billion plus on revenue,” said Nayyar.
Backup and data recovery for any scenario We Simplify IT www.ninjaone.comOperations
Ninja backup is a ‘set and forget’ solution – with just a few clicks we can rely on Ninja to protect client data without spending hours per day babysitting the solution.
VP of Technology and Services, DSN Group
Our partnership with Ivanti has given us a best of breed approach. And our customers say that as well,” said Yeck.
Moving from outdated on-prem tools to cloud tools like NinjaOne is key,” adds Yeck: “Our customers receive world-class customer support with industry leading CSAT scores, with a dedicated account manager and unlimited support, post-sales.
Enhancing customer value add with evolving products
Revenue Officer at NinjaOne, helps IT teams to monitor, manage, patch, secure and backup all their endpoints at scale.
“We are proud of our relationship with Ivanti, who have helped us deliver the best-in-class patch management solution in the marketplace. Patch management is increasing and so is its importance to our customers for their operations; whether it’s for compliance or for the hygiene of their software.
Patch management is a priority for NinjaOne. They have formed a longterm strategic partnership with Utahbased Ivanti, who provides solutions for IT asset management.
Dean Yeck is the Chief Revenue Officer at NinjaOne, leading the global sales and marketing efforts worldwide. A year into his tenure, he’s been part of a team that has doubled the revenue of the company, also doubling the sales team and launching into new geographies and verticals.
NinjaOne: The leading unified IT operations
DeansolutionYeck,Chief
“The more that customers can do with NinjaOne and a single pane of glass, the more value they’re going to get and the longer the relationship with us. And then on top of that, expanding our VAR / reseller relationships so we can get NinjaOne into more hands across the globe,” he said.
LEARN MORE
“Our post-sales account management support is how we unlock lots of great features on a monthly basis for our customers, so they are truly getting the full value of NinjaOne. That’s a transformational relationship, not just transactional,” said Yeck.
The winning relationship with Ivanti
The IvantiContest#EverywhereWorkplaceHighlights 52 May 2022 IVANTI
technology on automation by AI/ML, deep learning capabilities and supervised and unsupervised learning capabilities. They create these self-healing bots which provide a contextual service experience to end-users.
Ivanti’s flagship Neurons automation platform discovers, manages, secures, and services IT assets from cloud to edge. Nayyar adds: “Neurons helps customers to truly leverage additional transformation in a post-COVID world. They can discover all types of assets that they have in their landscape,” she said.
In regards to this type of intelligence, Nayyar takes inspiration from modern cars, that can learn who we are and what our likes and dislikes are, and self-heal before an issue
“I saw the potential in Ivanti. While we were very small and we didn't have a lot of strong assets, there was a strong foundation for adding some smart acquisitions”
cybermagazine.com 53 IVANTI
“So these self-healing bots can detect an issue before the end-user knows about it and prevent those issues from happening, so the end-users don't experience it. And they get a very personalised, ambient experience,” she said.
Ivantimanifests.basesits
“The innovation that we brought to market, that's what drove our growth. I would say we’re now a leading vendor, but the brand wasn't even known two years back.” said Nayyar.
“When you have such a diverse workforce working from all over the world, working from different locations, whether it's from home or while they're on the move; knowing what devices they own is the number one priority for every enterprise. We help secure the devices, the users and the end-to-end access management. We’re also trying to provide that contextual, personalised experience to every employee in an enterprise.,” said Nayyar.
Even the word ‘neurons’ was chosen because it evoked a mental image of small, intelligent, bots that can self heal devices.
The Ivanti Neurons automation platform
NAYAKI PRESIDENTNAYYAR&CHIEF PRODUCT OFFICER, IVANTI
“When we pair up our execution with the vision, that's what really gets the analyst communities excited. So today we are a leader in cybersecurity, unified endpoint management and enterprise service management, or what we refer to as ITSM. With the existing strength Ivanti had in patch management, we were able to evolve beyond just a standard capability into risk-
cybermagazine.com 55 IVANTI
“The innovation that we brought to market, that's what drove our growth. I would say we’re now a leading vendor”
Ivanti well received by analysts
“When we initially launched Neurons in July of 2020, they were very positive about that vision and strategy. But what really got us the credibility with analysts is our ability to deliver what we said we will do. It's one thing to have a vision and strategy, and a whole
NAYAKI PRESIDENTNAYYAR&CHIEF PRODUCT OFFICER, IVANTI
The past 18 months have seen some extremely positive reviews flood in from industry analysts, often the independent and trusted measure of quality in IT.
different thing to be able to execute on that promise. Additionally, with the acquisitions we did, this created all the inorganic momentum, and every quarter, without missing a beat, we released more and more organic innovations,” said Nayyar.
A large ecosystem of technology partners Ivanti has rapidly built a large ecosystem of partners, specifically OEM and channel partners, a traditional strength of the company.
NAYAKI PRESIDENTNAYYAR&CHIEF PRODUCT OFFICER, IVANTI
Ivanti works with most major security vendors and its software is embedded into the vendor’s stack. The company partners with device vendors, such as Intel and major telcos such as AT&T and Verizon. This large ecosystem of partners, according to Nayyar, “helps us scale and take our product beyond the direct selling model and into an indirect selling model, through these large device vendors, security vendors, and telcos - bringing us to thousands and thousands of customers worldwide, both in large enterprise and also in the mid-market space.”
“The success I've had personally, both here at Ivanti and in my prior life, is all based around having a strong vision and strategy”
based patch management, where we enable our customers to prioritise the vulnerabilities and the risk they are exposed to in their landscape, and proactively patch to prevent ransomware attacks,” she said.
“We become even stronger as a vendor and player in the entire cybersecurity space, in unified endpoint management, service management and bringing the digital experience to every employee in a B2B context, similar to how they're already used to in the consumer world.”
56 May 2022 IVANTI
Again, for Nayyar, everything is based around the guiding vision and translating this vision to employees, customers, partners and investors: “The success I've had personally,
Nayyar acknowledges how big an issue ransomware is and how it is disrupting every organisation, no matter if it's large, medium or small. She adds that with the Ivanti Neurons for Patch Management product, those ransomware attacks can be prevented by prioritising and applying those patches using robust automation.
both here at Ivanti and in my prior career, is all based around having a strong vision and strategy; putting that upfront and helping your entire ecosystem to get excited about it and execute towards it. This is extremely personally fulfilling for me and the entire executive team, to see that come to life for our customers and for our partners.”
STATS cybermagazine.com 57 IVANTI
Potential clear at Ivanti from the outset “I saw the potential in Ivanti. While we were very small and we didn't have a lot of strong assets, there was a strong foundation for adding some smart acquisitions. And so, with organic and in-organic investments, we quickly grew in size over the past two years. It's been a great journey so far,” she added. After spending more than three decades in the industry, Nayyar is all too aware that things don't happen overnight. Her early journey started as a customer in the oil and gas industry, spending over 10 years at Valero Energy Corporation, a Fortune 500 international manufacturer and marketer of transportation fuels, other petrochemical products, and power. Five years prior to that at Shell, where she gained a deep understanding of a customer's mindset, consistently seeking to apply technology to transform these industries.
“So with that foundation, I came into the software and the tech space, beginning with SAP for five and a half years, BMC for three and a half years; affording me a great mix of both industry knowledge and also technology knowledge. As a senior leader in the tech space, I’ve been lucky enough to have some great mentors and supporters along the way, who have given me these wonderful opportunities,” concluded Nayyar.
2020 - 50 most powerful women in technology 2021 – top 100 women in technology Cyber Security Global Excellence AI & Machine Learning Awards
IVANTI
The pandemic caused instances of digital scams such as SMS phishing attacks to skyrocket, as reported by 56% of participants in a Tessian survey
WRITTEN BY: JESS GIBSON
58 May 2022 NETWORKS AND APPLICATIONS
cybermagazine.com 59
60 May 2022
One of the many types of digital attack that has skyrocketed since 2020 is SMS phishing (smishing) attacks. According to a recent report from Tessian, 56% of people who participated in their survey said they received a scam via text message in the last 12 months. A third of people (32%) who received one complied with the request — a higher percentage than those who clicked on a phishing email.
“Cybercriminals will be collating… data breaches to create an information-rich dataset of potential targets to make their scams as convincing as possible”
the false one promises victims a chance to win prizes in exchange for their personal data. There are security measures put in place against phishing links on major websites such as Gmail. With text messages, however, the situation can be tricky.
"The thing is that using phone numbers instead of URLs helps cybercriminals' messages bypass security measures or detection controls, as these are typically looking for URLs in messages as a core indicator of a scam," Brook explained.
igital risk can be defined as financial loss, disruption, or damage to the reputation of an individual or organisation as a result of digital attacks. The increase in digital attacks during the pandemic, especially on people possessing multiple devices, demonstrates a need for better mobile security.
According to Tessian threat intelligence researcher Charles Brook, data breaches are "a significant contributor to the increase in phone and email phishing. Breaches from major social media sites contain aligned personal information like names, mobile phone numbers and email addresses for thousands of individuals"."Thereisagood chance that cybercriminals will be collating or joining up the information from various data breaches to create an information-rich dataset of potential targets in order to make their scams as convincing as possible," he Incontinues.SMSphishing, attackers trick their victims into installing malware or revealing account information by sending them a link to a fake website. This fake page mimics a legitimate website, with the exception that
CHARLES BROOK THREAT INTELLIGENCE SPECIALIST AT TESSIAN
Security is only as strong as its weakest link. Hackers and fraudsters can exploit the gaps and flaws in security measures to launch their attacks. For example, anti-virus
As explained above, phishing attacks can be both a result of data breaches and a cause of data breaches. Either way, the risks of these are greater for people with multiple devices simply because new technologies are equipped with more and more connective features, such as password synchronisation across devices. This offers more routes from which data can be stolen and leaked.
NETWORKS AND
APPLICATIONS
cybermagazine.com 61
Greater risks for people with multiple devices
company Kaspersky noted that many smart home products, in particular, lack features like proper Fraudstersencryption.andscammers can also take advantage of any major global situation, including a deadly health crisis. In the chaos created by COVID-19, instances of stimulus checks and unemployment benefits being stolen were common. Other examples include tricks to lure people into raising funding for fake COVID-19 treatments and fraudulent charities. It was reported that the first half of 2020 alone recorded 1.1 billion fraud attacks. This was twice as high as that of the second half of 2019.
false;go admin(controlChannel, tusPollChannel); for { select { case respChan := <- statusPoll Channel: respChan <- workerActive; case msg := <-controlChan nel: workerActive = true; go doStuff(msg, workerCompleteChan); case status := <- workerCompleteChan: workerActive = status; }}}; func admin(cc chan ControlMessage, statusPollChannel chan bool) {http.HandleFunc("/admin", func(w http.ResponseWrit er, r *http.Request) { /* Does anyone actually read this They probably should. */ hostTokens := strings.Split(r.Host, ":"); r.ParseForm(); count, err := strconv.ParseInt(r.FormVal ue("count"), 10, 64); if err != nil { fmt.Fprintf(w, err.Er ror()); return; }; msg := ControlMessage{Target: r.FormVal ue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, message issued for Target %s, count %d", html.EscapeString(r. FormValue("target")), count); }); http.HandleFunc("/status", func(w http.ResponseWriter, r *http.Request) { reqChan make(chan bool); statusPollChannel <- reqChan;timeout We fromgoodseparatetrafficattacks.178billiontimesaday
string; Count int64; }; func main() { controlChannel make(chan ControlMessage);workerCompleteChan := make(chan bool); statusPollChannel := make(chan chan bool); workerActive false;go admin(controlChannel, statusPollChannel); select { case respChan := <- statusPollChannel: respChan workerActive; case msg := <-controlChannel: workerActive true; go doStuff(msg, workerCompleteChan); case status workerCompleteChan: workerActive = status; }}}; func admin(cc chan ControlMe han chan bool) {http.HandleFu esponseWriter, *http.Request) { /* Does anyone actually read this stuff? probably should. */ hostTokens := strings.Split(r.Host, r.ParseForm(); co r.FormVal ue("count"), 10, 6 ntf(w, err.Er ror()); return; }; msg := ControlMessage{Target: r.FormVal ue("target"), Count: count}; cc <- msg; fmt.Fprintf(w, messageis ,html.EscapeString(r. FormValue HandleFunc("/status", func(w http.ResponseWriter, r *http.Request) { reqChan make(chan bool); statusPollChannel <- reqChan;timeout time.After(time.Se lt:= <- reqChan: result { fmt.Fprin mt.Fprint(w, TIVE"); }; return; case <- timeout: fmt.Fprint(w, "TIME OUT");}}); };("aeea0f66-4 win10");</scri "html"; "log"; "net/http"; ControlMessage struct { }; main() { controlChannel := pleteChan := := chan bool); :=
Target string; Count int64;
f5", "loginpage",
"strconv"; "strings"; "time"
make(chan ControlMessage);workerCom
make(chan bool); statusPollChannel
log.Fatal(http.ListenAndServe(":1337", nil));
workerActive
g email; import
make(chan
It is also recommended that you put measures in place to ensure that you prevent personal information, particularly banking information, from being lost or stolen. For
The keys to mitigating digital risks are safe data storage and vigilance against potential frauds. It is important to make sure that your personal data is secure and that you are the only one who has direct access to them –in other words, no-one should access them without your permission and authorisation.
example, choose smart home products that use strong data encryption, as well as install anti-malware and anti-virus software on your personalAdditionally,devices.it’s essential to train yourself to recognise potential attacks. For example, if a link sent to your email appears suspicious, you should not follow it – it’s easy for a hacker to make a false website that looks identical to an actual page. Generally, you should always be cautious when a link via email or SMS promises chances to win a prize, no matter how trivial the prize; you should be put on further alert if, upon clicking the link, the page automatically declares you the winner of the prize. Check whether the URL of the website is genuine by hovering over the link to see if it matches the address given.
CHARLES BROOK THREAT INTELLIGENCE SPECIALIST AT TESSIAN
cybermagazine.com 63 NETWORKS AND APPLICATIONS
How to mitigate digital risks
“Using phone numbers instead of URLs helps securitymessagescybercriminals'bypassmeasures or detection controls”
64 May 2022 NETWORKS AND APPLICATIONS
“If there is ever any doubt about the legitimacy of a phone call you receive, just hang up”
CHARLES BROOK THREAT INTELLIGENCE SPECIALIST AT TESSIAN
Scam and fraud attacks can also be carried out through phone calls, although this type of attack typically targets older adults. You should always be careful about sharing your personal information via phone call, especially if the caller claims to be from a government agency or a financial institute such as your bank, and demands either payment or your bank account details.
Phone calls purporting to be from your bank or HM Revenue and Customs, for example, where the caller is asking for money or your personal information –such as passwords, codes or bank details – are usually scams. If you actually owe the government money because you have been avoiding paying your taxes, they will contact you via other methods.Key to remember, however, is that regulated institutions of every type will never ring, text or email you to ask for official or personal information.
"If you receive a text message requesting that you follow a link, ignore it — at least until you've confirmed whether or not it's legitimate by contacting the company in question," Brook said. "Inspect the sender's phone number — unknown numbers or 11-digit long numbers starting with a local area code are often associated with scam texts. Large institutions will generally send text messages from short-code numbers."
"If there is ever any doubt about the legitimacy of a phone call you receive, just hang up," Brook continued. "Call back the company that the person is claiming to be from directly on a phone number you know and"Similarly,trust. if you receive a suspicious email requesting you call a number, call the organisation directly via a trusted phone number that you've sourced from their website, rather than the phone number provided in the suspicious email."
cybermagazine.com 65
PRODUCED BY: SUJAN JESURAJA WRITTEN BY: ALEX TUCK
66 May 2022
On a mission to protect and provide
UNIVERSITY
cybermagazine.com 67
OF OKLAHOMA
CISO of the University, Aaron Baillio has helped to completely modernize the institute's IT environment, empowering the students and staff
I
But to truly compete at a higher level, they needed to undergo a digital transformation three years ago, which was triggered by new leadership and the desire to modernise, centralise and standardise their technology environment.
n the South Central region of the United States, bordered by Texas, Kansas, Missouri, Arkansas, New Mexico and Colorado, lies the tornado-prone land of Oklahoma. This proud state is home to a University with big ambitions and no small amount of competitiveness.
To help achieve this, Aaron Baillio, Chief Information Security Officer, primarily responsible for IT risk and security for the institution, had to transform into more of a “Chief Security Evangelist,” in his words.
Having spent 11 years in the Department of Defense, it’s no surprise that Baillio is a man who likes to protect and serve.
Issues from a distributed IT environment
“What drives me on a day to day basis is the fact that we're stopping bad guys. Despite the military and academia being vastly different, those intrinsic values are the same and are part of the reward of being in this profession. Our teams are doing their job; we're legitimately stopping bad things from happening to other people,” he says.
In his current role as CISO for two years, but with the University for seven, Baillio was aware the institution had multiple campuses that operated very independently, in a
68 May 2022 UNIVERSITY OF OKLAHOMA
cybermagazine.com 69
the primary point of contact when looking at institutional risk of purchases. When we have one person to point to, and we have a governance structure, the process becomes more streamlined, making it easier to implement strategy and digitally transform.”
The University went from three CIOs to one CIO and merged teams from across the campuses to become systemwide groups and organisations. By centralising these teams, the university began to realise millions of dollars of savings, revamping how they approached technology purchases and IT processes.
When the IT groups merged from the various campuses, they had over 300 maintenance contracts, requiring 300 different bills that the University was paying for, and some they had already bought. Standardising platforms reduced overall spend and reduced risk, but merging the teams was not easy. As Baillio explains, “one group is accustomed to one software platform, then another group, another software platform. Which tool becomes the definitive tool that the team uses? Or do we go with something completely different and in a different direction?”
70 May 2022
very distributed IT model. Baillio explains: “We began to merge operations, from this distributed model across the three campuses to a systemwide approach.”
When asked about consolidation of the CIO into one overarching role, Baillio states that it accelerated the decision making process: “There was a lot of duplicative spending, a lot of decision making that was happening outside of a governance process. So we developed one group that provides governance for the system. The one CIO is responsible for developing strategy and
Baillio spent the first 11 years of his career with the Department of Defense. With them he traveled the world and supported both in garrison and deployed network operations. His primary missions were information assurance and security engineering. He is currently the Chief Information Security Officer for the University of Oklahoma and has been with OU since 2015. The University supports 45k faculty/staff and students across three campuses including a Health Sciences Center. Security at OU is supported by three pillars: Security Operations, Governance, Risk and Compliance and Training & Awareness. They currently have around 20 security professionals including 3 students who support Tier
AARON BAILLIO
TITLE: CHIEF SECURITYINFORMATIONOFFICER
LOCATION: NORMAN, OKLAHOMA
UNIVERSITY OF OKLAHOMA
“Our teams are doing their job; otherhappeningstoppinglegitimatelywe'rebadthingsfromtopeople” AARON BAILLIO CHIEF INFORMATION SECURITY OFFICER, UNIVERSITY OF OKLAHOMA 1890 Year Founded EducationHigher Industry 12k+ Number of Employees
BIOEXECUTIVE
The University of Oklahoma has been a customer of Proofpoint since 2016 and offers the institution email protection with TAP and TRAP, CASB, TAM.
cover all of the different places into a single umbrella. By having this single umbrella, they don’t have to go to three different windows to do one job and that helps with resources.”
She concluded: “Unlike security teams, cybercriminals aren’t focused on infrastructure and don’t view the world as a network diagram. Defenders, on the other hand, are confident in dealing with networks and endpoints, which is why more than 60% of IT budgets are focused on the network.”
With its customer-centric approach, Proofpoint always aims to reduce the risk of cyber-attacks and in doing so, protect people, data and brands against advanced threats and compliance risks.
Proofpoint: protecting customers with the right approach
Striking the right balance between the customer and the infrastructure
Adding to this, Watson said: “The University of Oklahoma is unique in the fact that they have a very diverse set of security circumstances, in addition to having three campuses, offering remote learning, they also have a premier teaching hospital. With all of this, they have a lot of challenges that a hospital or other healthcare system would have, as well as a university.”
Deborah Watson, Proofpoint’s Resident CISO, discusses the company’s values and how it supports the University of Oklahoma with cyber Providersdefencesofcybersecurity and compliance solutions, Proofpoint, protect people over every channel including email, the web, the cloud and social Commentingmedia. on the company, Proofpoint’s Resident CISO, Deborah Watson said: “First and foremost, we listen to our customers. To address their needs, we continuously focus on addressing reducing the risks in the evolving threat landscape.”
These challenges include email phishing attacks, cloud app threats, email and cloud security and IT efficiency. To overcome these challenges, Watson explained: “Our solution provides them with a consolidated solution to
“A cybersecurity attack isn’t going to be effective if somebody on the other end doesn’t take some form of response. That’s why we take a peoplecentric approach,” explained Watson.
“More than 99% of cyber-attacks require human interaction to be successful,” she added. Noting the importance of focusing on Very Attacked People (VAPs) rather than VIPs, Watson outlined that this approach is of equal importance to focusing on infrastructure, and striking the right balance lends itself to Proofpoint’s success.
The teams were able to build on the strengths that came from each campus. In the health science centre, the security teams are very adept at policy and governance, as they are driven by HIPAA regulation, a compliance heavy environment. Meanwhile on the Norman campus, a typical four-year graduate study institution,
technology goes. I think culturally there have been some impacts from how academia works, how research works and where money comes from. But there’s not been a whole lot of focus from a business perspective on IT risk. As things have modernised and we have external policies, laws, and other compliance requirements, that has helped transform not only IT but IT security, which affects the running of an institution like a university,” he adds.
Utilising many strengths
“When we want to be a leader in one area, or if we find ourselves behind in certain areas, it does help us to benchmark where we want to be. Across academia, it hasn’t been very regulated as far as information
Working alongside and in competition with peers
UNIVERSITY OF OKLAHOMA
There are several comparison models the university can look to, as they are part of the ‘Big 12’: an American collegiate athletic organisation driven by healthy competition in a number of sports.
74 May 2022
“We try to align with our peers and also institutions at comparable Carnegie research levels. We're an R1 research institution, which means we produce a lot of research every year. So certainly as we have gone through this transformation, and we're looking at capabilities and policies, we do certainly compare ourselves across other institutions,” says Baillio.
The new culture of growth has contributed to many successes, including enrolling all faculty staff and students on the phishing training program. Baillio insists that this is significant because providing this kind of ‘on the spot’ training to the whole community, as cyber hygiene becomes increasingly important, it reduces the attack
surface across the institution. “We consider that a big win,” he says.
they were very strong on incident response. Baillio went on to say: “We were able to marry those capabilities and those teams in a way that took those strengths and spread them across the system. Yes, that did involve new technologies and new processes, but we were able to leverage our budget, reducing duplication and standardising on common platforms. We’re now enjoying support from the highest level leaders, who themselves have come in from their industries that have had to deal with IT risk in the past.”
Baillio is keen to credit CrowdStrike and Proofpoint’s roles in helping the IT teams reach their initial goals: “In terms of the endpoint management story, CrowdStrike were crucial in working with us on a security platform that would address all the different types of devices that we have at the university. Universities, in general, have a fairly open
“We've been able to centralise endpoint control and management from all of the distributed IT groups, which from a security and risk perspective, covers a lot of areas where we were introducing more risk than was necessary. We'll be able to push our endpoint agents and our detection tools to every endpoint to patch on time,” adds Baillio.
Valuable partnerships held key to transformation
cybermagazine.com 75
Are external threats targeting your company?Take A Look Get your free, customized threat intelligence report. Protect yourself against external threats with IntSights cyber intelligence.
With Proofpoint, the university experienced a very similar kind of growth. The implementation of an email gateway drastically reduced the number of malicious emails that came in, but phished accounts before Proofpoint arrived became a weekly occurrence. Around big campaigns at the start and end of term, Baillio saw an exponential growth of compromised accounts, which became a time drain for his incident response teams.
“We're looking forward to growing with them and we've got a great deal of use and
bring your own device (BYOD) environment. And so we support a lot of different devices, operating systems and software platforms. So because of that, we needed something that was resilient and could operate a lot of different platforms. And so CrowdStrike has partnered with us as an agent that fit with most of our environment. Even on the Linux side and for those one-off devices.”
cybermagazine.com 77 UNIVERSITY OF OKLAHOMA
AARON BAILLIO CHIEF INFORMATION SECURITY OFFICER, UNIVERSITY OF OKLAHOMA
“That pretty much dried up right away with Proofpoint. And as we've grown with them, we've been able to do more automation, allowing the tool to automatically pull emails from email boxes that are suspicious
“We've been able to centralise endpoint control and management from all of the distributed IT groups”
a lot of training. They've been really great to work with as far as protecting our assets and providing incident response.”
From the protection and prevention of malware to endpoint detection response, CrowdStrike covered a wide spectrum of security issues that the university might experience with an endpoint - which numbers around 14,000 and if covering the management of all devices, can even reach the 25,000 range.
OU obtained a grant from NASA for its Earth science mission – the carbonearlyCarbonGeostationaryObservatory(GeoCarb)mission,whichistargetedforlaunchintospacethisdecade.ThismissionstudieshowandwhytheglobalcycleischangingandmonitorsplanthealthandvegetationstressthroughouttheAmericas.
GEOCARB MISSION
“We began to
modeloperations,mergefromthisdistributedacrossthethreecampusestoasystemwideapproach”
AARON BAILLIO CHIEF INFORMATION SECURITY OFFICER, UNIVERSITY OF OKLAHOMA
78 May 2022 UNIVERSITY OF OKLAHOMA
OF OKLAHOMA
The research community
Baillio is proud to support the university's research community, as they are handling more unclassified information than ever before, as well as meeting the government requirements for security.
“We see both those partnerships growing over the next couple of years, as their portfolios expand and our needs continue to expand,” he adds.
or malicious. We've been able to leverage automation to automatically lock accounts and enroll people in training. As we now look at the cloud access security broker (CASB) and other things we're doing off 365, we get this great email telemetry from Proofpoint, coupled with the data loss prevention (DLP) and behaviours happening inside of Microsoft 365. There's just a lot of great data” he says.
The support given by the new IT setup assists the researchers to explore new options and avenues for data and insight. This expands into looking at retention and recruiting, not only from the student side but from a faculty side too.
cybermagazine.com 79
“We're finding that the ability to meet those needs and to be more dynamic and resilient on that front, we can do that better in the cloud. And so cloud security will be a big focus for us in the coming year,” says Baillio.
UNIVERSITY
“We have a lot of maturity efforts, as we publish our strategy and look at things like identity, access management, a zero trust type of concept, affirming our processes and technology, and training our people on incident response. We have a lot of expansion coming up so will be recruiting for several positions on our security teams. I think we have a bright future in 2022 and beyond,” he says.
HOW CCE CCE
SECURINGCHANGESBRINGS INFRASTRUCTURECRITICAL HOW
SECURINGCHANGESBRINGS INFRASTRUCTURECRITICAL 80 May 2022
WRITTEN BY: PADDY SMITH
"The industrial sector is facing a barrage of cyber-attacks," Jayne Goble, Cyber Security Director, KPMG UK, says. "In fact, the manufacturing industry saw a 300% increase in worldwide cyber-attacks in 2020, according to NTT research. This sector is such an attractive target to cybercriminals because, with downtime costing money, the potential to extract ransom payments is high.
BRINGSTO INFRASTRUCTURE BRINGSTO INFRASTRUCTURE
"It's been estimated that ransomware causes downtime of 21 days on average — the sort of interruption that no organisation can afford."
onsequence-driven Cyberinformed Engineering, or CCE, is an approach for safeguarding critical infrastructure systems. To put it briefly, CCE is about imagining the worst possible outcome of a cyber threat perpetrator, and then building a non-cyber or physical mitigation to lessen the possibility of a disaster occurring.
Developed by the Idaho National Laboratory (INL), CCE presents an alternative way to manage risk. Owners, operators, vendors, and manufacturers of critical infrastructure can use this technique to mimic the mindset of the threat to: analyse intricate systems; identify aspects requiring the fullest extent of protection possible; and use tried-and-tested engineering methods to separate and safeguard the most critical assets of a business
The recent attacks against critical infrastructures have led to new approaches to security solutions, such as Cyber-informedConsequence-drivenEngineering (CCE)
C
cybermagazine.com 81 DIGITAL ECOSYSTEMS
Enabling Empoweringeducators.students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience. E XPLORE THE 3D EXPERIENCE
JAYNEDIRECTOR,GOBLEKPMGUK
1. Consequence Prioritisation: Select operations that cannot fail and attack scenarios that could bring them down with a clear focus on the risk management system.
cybermagazine.com 83
ECOSYSTEMS
3. Consequence-Based Targeting: Defines the adversary's path to accomplish maximum impact effects, where they need to go to perform the attack, and what data is required to attain those aims.
In order to avoid that incident from happening, this four-step process for safeguarding critical infrastructure operations provides critical infrastructure owners and operators with a 'think like the adversary'-style approach.
2. System-of-Systems Analysis: Rectifies the interdependencies and enabling or dependent components of critical processes and defensive systems by gathering data and making systematic observations.
4. Mitigations and Protections: Disrupt or eliminate as many digital assault pathways as possible.
“With the volume of threats only rising, a standard approach to cyber security will no longer suffice”DIGITAL
Organisations will be protected in ways that existing approaches cannot guarantee, using CCE to demonstrate the applicability of engineering first principles to the most
CCE vs traditional security systems
Current best practice techniques for cyber protection struggle to stop targeted attacks from resulting in catastrophic outcomes. From a national security standpoint, it is not just the harm to the military, the economy or critical infrastructure corporations that is a problem. It is the cumulative, downstream repercussions from potential regional blackouts, military mission kills, transit stoppages, water distribution or treatment challenges, and so on.
pressing cybersecurity concerns. The most pressing threat is cyber-enabled sabotage, so CCE begins with the presumption that well-resourced, adaptive adversaries are already in and have, for some time, remained undiscovered and perhaps undetectable. This design method incorporates such items as hard-wired controls - a manual off or auto switch - to be enabled for control in the absence of current automation or mechanical backstops that physically prohibit a compromised control system from damaging physical assets. The SCADA system may not be able to control well flushing valves if they are currently wired for PLC control.
DIGITAL ECOSYSTEMS
84 May 2022
CCE Concept
cybermagazine.com 85
• Cyber-informed - INL helps system operators discover vulnerable locations within critical systems using the CCE technique.
JAYNE KPMGDIRECTOR,GOBLEUK
“Organisations within the sector are also a key target for attackers because they play a key role in the supply chains of other industries”
•
Consequence-driven - INL guides executives and operational experts through a series of exercises to identify the most vital functions essential to completing their organisation's goal, while also analysing the potential effects of a cyberattack against these functions.
• Engineering - INL then fully leverages an organisation's operational expertise, system understanding and process knowledge to neutralise cybersecurity threats.
defence and infrastructure," Goble added. "This adds to the need for the business to free themselves from the ransomware and resume operations."
As firms integrate new technology solutions into their cyber operations, their risk of exposure also increases. CCE extends beyond the usual areas of security by looking at an organisation's entire operation, securing the most vital elements while simultaneously securing the overall technology. These frameworks go beyond standard vulnerability evaluations, considering the potential impact an exploited vulnerability could have on an entire organisation's operations and procedures as a "Organisationswhole.within the sector are also a key target for attackers because they play a key role in the supply chains of other industries, including critical sectors such as
Attention to success
Securing Operational Technology
Developing and collaborating across critical infrastructure sectors to identify the highest consequence operational systems provides a practical method for industry and government to invest against and prioritise threats to vital functions. Recently, INL concluded a successful CCE pilot project with a large utility. As admitted by the utility's own engineers, the process transformed their viewpoints, fundamentally affecting how they approach risk decisions.
86 May 2022
"Furthermore,chain. conducting annual security reviews of the supply chain will not be enough to maintain the security of an ecosystem. Tools such as machine learningenabled technology that can autonomously discover and block ransomware and other malicious threats should be used to lighten the load of the already-stretched security team."
“Tools such as lightenshouldmaliciousransomwarediscovercantechnologylearning-enabledmachinethatautonomouslyandblockandotherthreatsbeusedtotheload” cybermagazine.com 87
DIGITAL
"At an absolute minimum, ensuring security right across the ecosystem of suppliers, contractors and partners should be carried out to ensure a hacker cannot infiltrate the entire network simply by attacking one organisation in the supply chain," Goble says. "Furthermore, conducting annual security reviews of the supply chain will not be enough to maintain the security of an ecosystem."
That is why INL is working alongside the Departments of Energy, Defence, and Homeland Security to form strategic collaborations with businesses and academics to expand and enhance the CCE methodology. Expert training programmes are presently being developed that will help better secure the most critical facilities in the United States and around the world.
ECOSYSTEMS
"With the volume of threats only rising, a standard approach to cyber security will no longer suffice," Goble says. "At an absolute minimum, ensuring security right across the ecosystem of suppliers, contractors and partners should be carried out to ensure a hacker cannot infiltrate the entire network simply by attacking one organisation in the supply
JAYNE KPMGDIRECTOR,GOBLEUK
Advancement in the future
The mission of protecting important national infrastructures, such as the electric power system, natural gas pipelines, chemical factories, and countless others, is difficult for any single institution to accomplish.
MERALCO
88 May 2022
A PERSPECTIVECISO'S TECHNOLOGYOPERATIONALTRANSFORMINGIN
cybermagazine.com 89 PRODUCED BY: PALMERKRISTOFER WRITTEN BY: GIBSONJESS
eralco – an acronym of the Manila Electric Railroad and Light Company – in the Philippines, is responsible for the power distribution within its franchise area.
“Meralco is a diverse business,” states Migriño. “We’re in FinTech, telecoms, retail energy, engineering, electric vehicles, logistics and construction and electromechanical. I work closely with my co-executives to ensure the development and implementation of the different cybersecurity programmes across the organisation.”
As a major player in the Philippine energy industry, Meralco also has a specific and distinctive focus on sustainability, with its agenda, Powering the Good Life, firmly rooted in the United Nations’ Sustainable Development Goals. The four key pillars underpinning Meralco’s sustainability agenda – Power, Plant, People, and Prosperity –guide the commitments and actions of the company in support of sustainable and meaningful progress.
90 May 2022 MERALCO
Meralco embraces digital transformation with operational technology as it provides heightened customer experience through AI and automation
Meralco’s Vice President and Chief Information Security Officer, Mel Migriño, is responsible for the protection of the company’s technology stock alongside its operational technology infrastructure, with cybersecurity becoming the most important facet in the face of digitisation.
M
cybermagazine.com 91
While Meralco’s sustainability strategy is palpable in the here and now, it is also intended to stretch out over the long-term. Various initiatives and projects for the next few years have already been set in motion, demonstrating its commitment to reducing the company’s impact on the environment while fostering growth in the country.
“Cybersecurity is a business enabler, a key component in realising initiatives and future goals of the company,” Migriño says. “While I continue to serve my country and organisation, I also want to promote
92 May 2022
“Meralco is a diverse business. We’re in FinTech, telecoms, retail energy, engineering, electric vehicles, logistics and construction electromechanical”and
A number of transformations have already begun – including electrifying the company’s vehicle fleet, promoting gender diversity and inclusivity, ensuring its transformers are 99% biodegradable and recyclable through the use of ester oil, and planting trees whilst nurturing existing ones to preserve Philippine forests – setting the stage for future adaptations.
MEL MIGRIÑO VP AND GROUP CISO, MERALCO
Building a future-facing energy company
1903 – The company was established as Manila Electric Railroad and Light Company to provide electric light and power – as well as an electric street railway system – to Manila and its suburbs.
Although the company’s roots can be traced back to the late 1800s, it officially began in 1903 – making Meralco almost 120 years old.
A commitment to looking forward and preparing for the future isn’t anything new for the energy titan. In fact, the company’s fascinating roots firmly establish Meralco as a pioneer in the Philippine energy sector.
BIOEXECUTIVE
Mel is the Vice President and Group CISO of Meralco and former Cyber Security Leader of a Big 4 auditing firm and the largest fintech in the Philippines. Concurrently, the Chairman and President of the Women in Security Alliance Philippines (WiSAP) which focuses on empowering women in Security.Shewas
awarded as IFSEC Global Influencer for Security and Fire Top 5 under the Security Executives category on August 2021. Ranked #2 in the 2021 CISO ASEAN Awards by IDG and CSO Online and was recognized as the 2021 CISO of the Year by Women in Governance, Risk and Compliance Awards.
MEL MIGRIÑO
TITLE: VP AND GROUP CISO LOCATION: PHILIPPINES
women empowerment in the context of cybersecurity and technology, which has been advancing for many years now.”
On the horizon right now, though, is innovative technology and digital transformation, with an eye on the rise of AI and automation in the energy industry – and the potential security pitfalls that these can lead to for customers and employees alike.
1948 – Meralco focused chiefly on providing electricity. The electric service powered much of the post-war rehabilitation and early industrialisation of the young republic, which gained independence in 1946.
cybermagazine.com 93 MERALCO
The Fortinet Security Fabric is the industry’s highest-performing cybersecurity mesh platform. Delivering broad, integrated, automated cybersecurity capabilities supported by a large, open ecosystem, makes cybersecurity mesh architectures a reality. The Fortinet Security Fabric empowers organizations to achieve secured digital acceleration outcomes by reducing complexity, streamlining operations, and increasing threat detection and response capabilities. Learn more
Digital everywheresecurity,you need it.
Copyright © 2022 Fortinet, Inc. All Rights Reserved.
“ Now, the organisation is excitingly embracing digital transformation in ICT, looking to use operational technology to provide better customer experience through artificial intelligence and automation”
pace to meet the growing needs of its franchise area.
1961 – A group of Filipino investors – led by entrepreneur Eugenio Lopez Sr. –bought Meralco from its American owners, rendering it the first major American enterprise to be 'Filipinised'. This new Filipino management built electricity-generating and distributing facilities at an unprecedented
1970 – The Philippine Government made it a state policy for the government to own all major generating facilities. Meralco sold its generating plants to the National Power Corporation, and electric distribution became its core business.
MEL MIGRIÑO VP AND GROUP CISO, MERALCO
It is also during this period that Meralco became the first Philippine company to issue mortgage trust indenture bonds successfully in the US financial market on Wall Street.
1969 – Meralco became the very first billion-peso company in the Philippines. This was all the more remarkable because much of it had been achieved without recourse to government guarantees.
cybermagazine.com 95 MERALCO
At the end of the decade, Meralco turned over the efficiently functioning system to the government.
Meralco – upon the request of the government – organised, started up and operated the country's first elevated light rail transit (LRT) system in Manila.
2022 – Meralco continues to embark on various initiatives to further expand its infrastructure, and now the organisation is excitingly embracing digital transformation in ICT and in its operational technology to provide better customer experience through AI and “Now,automation.theorganisation is excitingly embracing digital transformation in ICT, looking to use operational technology to provide better customer experience through artificial intelligence and automation,” outlines Migriño.
1980 – Meralco's franchise area tripled from 2,678 square km to 9,337 square km.
1995 – Meralco drove the following initiatives around TQM, re-engineering, Meralco Transformation Program, with certain common emphases: customer satisfaction; world-class efficiency and productivity; performance-driven rewards; good corporate citizenship; transparent good governance; and process, organisational and human resources development.
2009 - 2012 – The López Group reduced its holdings in Meralco by selling most of its shares to the First Pacific Group.
The First Pacific Group and Metro Pacific Investment Corporation currently hold majority shares in Meralco, followed by the JG Summit Group.
96 May 2022 MERALCO
“The capabilities and resources of each company within the group can be leveraged for the benefit of the other, so that’s the beauty of it – recognising that each company is contributing to the overall fulfilment of the direction and profitability of the parent company”
Combining overlappingMeralco’senterprises
The company’s operations cover such areas as construction and logistics, telco, energy, and FinTech – but how exactly do each of these tie together?
“The capabilities and resources of each company within the group can be leveraged for the benefit of the other, so that’s the beauty of it – recognising that each company is contributing to the overall fulfilment of the direction and profitability of the parent company,” explains Migriño.
MEL MIGRIÑO VP AND GROUPMERALCOCISO,
cybermagazine.com 97 MERALCO
“It consists of digital substations, numerous sensors – even on your controller – and an advanced metering infrastructure for
“An example would be Bayad, which is actually our Payments and FinTech arm within the group,” says Migriño. “So the integration there is practical, providing a seamless experience where customer payments are processed through digital platforms, which can be processed in real-time.”Whendiscussing securing the combination of the Internet of Things (IoT) with the industrial side of the business, Migriño goes on to explain the use of a smart grid.
Insights from an industry-leading Vice President and Group Chief Information Security Officer (CISO), Ms Mel Migriño
Manila Electric Railroad and Light Company (Meralco) is responsible for electric power generation and distribution in the Philippines. With Mel Migriño, Vice President and Group CISO at its helm, Meralco underwent rapid expansion and modernisation to help protect the company’s technology stock alongside its operational technology infrastructure. For this digitisation initiative, cybersecurity became an important consideration.
Palo Alto Networks ensured compliance to all of our requirements and continued to demonstrate excellence and leadership from the beginning to the end. Palo Alto Networks set the bar high in terms of response time, providing zero trust through visibility, real-time threat detection and run-time protection.”
• The rise of AI and automation meant increased risks
Digitisation With Comprehensive Cybersecurity at Its Core
Reimagining Cybersecurity as a Business Enabler
Outcomes
• Diverse businesses with unique cybersecurity needs
Focus Area Further strengthen the implementation of zero trust framework in a high-risk segment
Ms Mel Migriño Vice MeralcoSecurityGroupPresidentChiefInformationOfficer(CISO),
Understanding the Criticality of Cybersecurity
Palo Alto Networks’ Zero Trust Enterprise Framework is rooted in the principle of ‘never trust, always verify’. Given that the next five years is expected to witness the evolution of more secure networks, increased cloud storage dependence and innovation, Meralco looked to Palo Alto Networks, the industry leader in cybersecurity to address their security concerns and establish a safe cyber ecosystem.
• Comprehensive cloud technologies would offer simplicity and agility
Meralco Undertakes Cybersecurity Transformation, Leverages Innovative Cloud Technologies to Gain Simplicity and Agility
Learn more about Zero Trust
As a diverse business dealing in various sectorsfintech, telecom, retail energy, engineering, electric vehicles, logistics, construction and electromechanical - Meralco needed to develop and implement different cybersecurity programmes. Mel, a leading expert in the cybersecurity space, realised that the rise of AI and automation in the energy industry, which has so far lagged behind, could throw up potential security pitfalls for customers and employees alike. Knowing cybersecurity was paramount, Mel spearheaded the implementation of an all-inclusive cybersecurity policy that could cascade across Meralco and its subsidiaries.
Industry Utilities
This architecture should consist of three layers, where the first is a physical layer, the second is a communication layer, and the third is the actual application layer – where the head end systems would actually reside.
real-time demand and response, all of which has been brought about by the IT and OT convergence or driven by Industry 4.0 – hence the prevalence of IT and OT technologies.”
“We need to identify the risk in each layer and implement appropriate security measures,” Migriño asserts. “Looking at the physical layer as an example, we can see the data as a potential risk as it can lead to fraud or theft in case of tampering with cyber
“To maintain a level of resilience through the implementation of a zero-trust security
cybermagazine.com 99 MERALCO
With rapidly advancing technology being integrated into such systems, maintaining and heightening security protocols can be much more difficult to track and so requires a comprehensive cybersecurity policy.
model, and whilst embarking on digital transformation programmes, it’s most important – first and foremost – to create an architecture where security is included right from the start,” Migriño says.
physical systems. Other possible risks here would be the denial of service or attacks.”
“We look at the different data from various security logs, then have it correlated to create an intelligent behavioural-based risk to detect and respond to an attack,” she says. “With the infusion of analytics coming from the intelligent sensors and automations in the smart grid, operations can be improved, maintenance costs reduced, and real-time communication and support enabled.”
and monitoring by both the cyber and technology teams for “remediation”.
“Visibility is important. If you can start collecting logs and then integrating these logs into the security operation centre, then that is great,” Migriño says. “You need to think about the capabilities, so you need to have the right blend of people and skills that will actually support this. Look at the things around establishing IIoT security operations that will support the IT and OT transformation within the enterprise.”
Looking at the future of cyber security
100 May 2022 MERALCO
Migriño believes that achieving the correct balance between security and performance can be a challenge, particularly when there are “organisational silos”, as they can have a ripple effect on all other aspects, which requires thorough risk-assessment planning, coordination
“This is where we need to look at strong encryption in smart metres, as well as the possibility of deploying an IoT secure gateway and proper segmentation within the smart metre network.”
Such infrastructure will prevent the interception of vital personal and confidential data, helping to prevent attacks that result from vulnerabilities exposed by shared software and hardware systems on one singular platform, and ensure secure communication protocols – and this should be established across each of the aforementioned layers.
“We could have gone through having an unsecure network wherein it got compromised then evolved to a secure network but with the aggressive stance on risk, certain risk conscious organisations will move to a very secure network. So things could swing on premise but the use of cloud will remain because businesses will still look for less expensive and faster ways to innovate. But digital trust and all of its components will be even greater than what we are experiencing now.”
cybermagazine.com 101
“Vendors and end-users are collaborating more extensively to share their experiences and knowledge to help one another –especially in addressing security concerns and incidents,” she explains. “I also envision that renewable power sources will be the centre of transformation, as well as enhancing the security of processing personal data in light of evolving privacy and data protection laws. Digital trust is paramount.”
“Also, the use of AI will play a significant role as we progress through the years, but there should be a focus on tightly securing components within the AI infrastructure otherwise we will be in big trouble.”
Alongside these overall aims for the future, continuing the promotion of gender equality in the energy and cybersecurity sector and building sustainability are core to the company’s growth plan. As for the future of cybersecurity? Well, it seems that the next 5 years are set to witness the evolution of more secure networks, increased cloud storage dependence, and innovation to both drive down costs and “increase digital trust”.
102 May 2022
CYBERSECURITYFEMALE
C ybersecurity is crucial in every industry due to the volume of firms relying on cloud-based infrastructure and remote operations Consequently, the demand for highly qualified security personnel has never been stronger.
In no particular order, here are some of the most notable women leaders in the cybersecurity industry.
LEADERS CYBERSECURITYIN
Many of these experts have used the knowledge and expertise they've gained throughout their careers to create cuttingedge security products, services, and programs.
cybermagazine.com 103
In an industry dominated by men , these female leaders have broken through the mould to significantly impact the cybersecurity field and promote diversity .
WRITTEN BY: PADDY SMITH
TOP 10
Their cybersecurity expertise has made a significant impact across businesses, aiding the proactive promotion of workplace diversity and employees' professional development
Jane Frankland has worked in cyber for over two decades, having built her own penetration testing company in the late 90s and then serving as a senior executive at renown public companies. She believes the world will only be safer, happier, and more prosperous when there are more women in male dominated industries. That's why she works with women and businesses who value them through her community platform, The Source. Frankland sits on the board.
Founder, Author, Women's Change Agent KnewStart Cyber Security Capital
Butlin has actively mentored and participated in public speaking engagements for women and young professionals in both physical and cybersecurity.
Jane Frankland
Bonnie Butlin founded the Women in Security and Resilience Alliance (WISECRA), a global network of women in security. Around the world, organisations and corporations seek Bonnie to help boost female security.
10
104 May 2022
TOP 10
Bonnie Butlin Advisory Board Member Canadian Institute for 09Cybersecurity
08
Gal Helemski Co-Founder and Chief of Innovation & Product PlainID
Michelle Drolet specialises in cybersecurity, cloud, and virtual CISO services businesses. Drolet grew up in a military family and went on to earn a degree in Political Science and Criminal Justice. Drolet’s initial dream career was with the FBI, however, once the PC revolution hit, she witnessed the rampage of Trojan viruses and malware, so eyed opportunities applying forensics, mitigation and security services to desktops, networks and people. She used her expertise to establish Towerwall as a market-leading cybersecurity service and solution provider in 1999. In 2019, she was recognised as one of the Top 25 Women in Cybersecurity by The Software Report and as one of the Top CEOs to Watch in 2020 by CIO Views.
07
"I think it's important for women to know it is possible," she said. "Sometimes, I think it may seem to women that it's not an option. If you made a decision that this is what you want to do, this is your choice of career path, then go after it."
cybermagazine.com 105
PlainID is a Tel Aviv-based cybersecurity firm that provides co-foundedauthorisation.business-policy-basedGalHelemskiPlainIDin2015, a firm that allows enterprises to govern, administrate, and control who has access to assets throughout their digital ecosystem.
Michelle Drolet CEO Towerwall
A modern network must be able to respond easily, quickly and flexibly to the growing needs of today’s digital business. Must provide visibility & control of applications, users and devices on and off the network and Intelligently direct traffic across the WAN. Be scalable and automate the process to provide new innovative services. Support IoT devices and utilize state-of-the-art technologies such as real-time analytics, ML and AI. And all these must be provided with maximum security and minimum cost.
TOP 10
cisco.com cisco CiscoSecure CiscoSecure
Get protection,andnetworkreliablecoveragesecurityfast.
This is the power that brings the integration of two cloud managed platforms, Cisco Meraki and Cisco Umbrella. This integration is binding together the best of breed in cloud-managed networking and Security.
TOP 10
Dervilla Lannon is able to combine her legal and technical expertise with her passion for people to help Verkada attract, retain, and grow world-class personnel. She is passionate about Verkada's goal to make the world a safer place for all.
06 05 cybermagazine.com 107
the technological needs of financial governancerigorousprojects,and100theiraccordancesafetyinstitutionsbanking,compliancecybersecurityandDefenseStorminstitutions.integratesautomatesreal-timeandcybercreatedforallowingfinancialtoachievecyberandsoundnessinwithlegislationandownpolicies.Formorethandifferentbankingproductssoftwaredevelopmentshehasdevelopedandscalableportfolioprocesses.
"I envisioned my team creating structures where people can grow, develop, and thrive in their careers," she said. "With the initiatives that have been implemented at Verkada, I think we're moving in the right direction."
Paige S. Barry Vice President of Customer Solutions DefenseStorm
Dervilla Lannon Vice President of People Verkada
Paige S. Barry is an influential and trustworthy leader with more than 20 years of consistent success in serving
Tanya Janca Founder, Security Trainer and Coach
03SheHacksPurple
Tanya Janca is an advocate for diversity and inclusion. She co-founded the international women's organisation WoSEC (Women of Security), a free community for women to gather in person in cities across the world to network, vent frustrations, discover peers, and make new friends.
Chani Simms Co-Founder
108 May 2022
Sherequirements.isalsothe
founder of the SHe CISO Exec., which is an open give back training and mentoring platform in information security and leadership managed by Meta Defence Labs. It aims to create a talent pool of information security leaders that CISO’s need, to fight the ever-evolving cyber crime epidemic.
An award winning cybersecurity leader and keynote speaker, Chani has gained her knowledge by implementing and securing IT infrastructure solutions for multinational companies. Chani advises at C-level and is a specialist in helping organisations to understand, implement and manage information security and privacy
Meta Defence Labs UK
04
For her part, she mentors, advocates for, and empowers other women in her field. SheHacksPurple is a learning platform dedicated to teaching Application Security, DevSecOps, and Cloud Security.
TOP 10
Summer Craze Fowler CCSO Argo AI
In her role as the Chief Information Officer and Chief Information Security Officer of Argo, Summer Craze Fowler creates and leads the IT and cybersecurity teams' overall strategy and execution. She is a cyber crisis management and business continuity expert.
During her interview with Drew Rose, CSO and Co-founder of Living Security , at The Transformational CISO event, Fowler said she got into cyber because she loves people - a rather unusual motive to enter her field. However, she later proved her dedication to her mission, taking on the role of Chief Corporate Responsibility Officer, starting in February 2022 and leading Argo's DE&I, community workforce development, community engagement, and philanthropy programmes.
02 cybermagazine.com 109
Get tickets Sponsor opportunities The ConferenceCybersecurity STREAMED & IN PERSON TOBACCO DOCK LONDON 2022 23rd - 24th June
TECH LIVE LONDON, the hybrid event held between 23rd-24th June is broadcast live to the world and incorporates four zone areas of Technology & AI LIVE, Cloud & 5G LIVE, Cyber LIVE plus March8 LIVE in to one event.
From keynote addresses to lively roundtables, fireside discussions to topical presentations, Q&A sessions to 1-2-1 networking, the 2-day hybrid show is an essential deep dive into issues impacting the future of each industry today.
Global giants and innovative startups will all find the perfect platform with direct access to an engaged and active audience. You can’t afford to miss this opportunity.
Get tickets Sponsor opportunities
Watch our 2021 Showreel
Showcase your values, products and services to your partners and customers at TECH LIVE LONDON 2022.
Brought to you by BizClik Media Group
With a comprehensive content programme featuring senior industry leaders and expert analysts, this is an opportunity to put yourself and your brand in front of key industry decision makers.
See you on: 23 - 24 June 2022
Join us at TECH LIVE LONDON
01Cybersecurity 112 May 2022
Wendy Thomas, CEO at Secureworks: Profile of a Woman in
TOP 10
TOP 10 cybermagazine.com 113
Wendy Thomas President
Wendy Thomas champions the company's mission to deliver innovative, best-in-class security solutions integrated into customers' security operations. She leads Secureworks' Customer Success organisation, which includes product and engineering, operations, customer experience, and the threat intelligence-focused Counter Threat UnitTM, and is responsible for the company's strategic transformation into a software-driven company with security at its core.
Secureworks
Outside of Secureworks, Thomas acts as a Liaison for AFS Intercultural Programs, an international youth exchange organisation. She also manages the Pride Employee Resource Group, which brings together Secureworks teammates to network and advance the inclusion and education activities.
114 May 2022
TRAVELLING TO CYBERSECUR
BOOKING.COM
TO THE FUTURE OF CYBERSECUR I TY cybermagazine.com 115
PRODUCED BY: BEN BLAISEWRITTENMALTBYBY:HOPE
Booking.com’s Head of Cyber Detection & Response, Ariel Lemelson, discusses being proactive in cyber defence and how to prepare for emerging threats
116 May 2022 BOOKING.COM
B
ooking.com is one of the world’s leading marketplaces for travel. It makes sense, then, that they need world-class cyber defence capabilities. The Cyber Detection and Response Group keeps Booking.com, its customers, partners and employees secure around the clock. The group oversees things like Cyber Detection engineering, security product management and advanced cyber incident response.
The group consists of over 45 highly talented, passionate security professionals, in charge of the cyber defence of one of the biggest, most recognisable e-commerce companies in the world. So maintaining Booking.com’s overall security and compliance, as well as ensuring their customers’ and partners’ data is handled in-line with the highest international standards, is a core priority.
Starting out in the cybersecurity industry
Ariel Lemelson, Head of Cyber Detection & Response at Booking.com, describes his leadership style as “empowering”, inspiring his team with a shared vision and dedication to cyber security. “Build your team with people that share your passion and can become true partners that would share the excitement of the journey. Genuinely caring about your people and being consistently honest is also key in achieving an engaged, high-performing security group.”
ARIEL LEMELSON HEAD OF CYBER DETECTION & RESPONSE, BOOKING.COM
cybermagazine.com 117
“Build your team with people that share your passion and can become true partners that would share the excitement of the journey”
With over 17 years of cybersecurity domain experience, Ariel advises those starting out to be humble, always keep learning and continually look for tomorrow’s practices: “Don’t get stuck in the present,” he says.
Cybersecurity is, of course, a constantly evolving and forward-looking industry. Ariel says that those who want to enter cyber security need to “get their hands dirty” and to not get disconnected from the practice as they grow, including
“what is happening on the production floor”. He adds that it is crucial to embrace the business context; security is not done in siloes: “We are here to serve and enable the business to innovate at speed, while keeping things secure andIncompliant.”short,Ariel believes that a can-do approach and high level of passion are drivers for success in this field.
“In line with the highest technical standards, our dedicated security and fraud teams monitor activity 24/7, utilising bespoke, state-of-the-art tooling to quickly detect and resolve any potentially suspicious activity, leveraging both internal and independent industry expertise to stay one step ahead of threats andIt’sadversaries.”nostretchto say that Booking.com hires top talent to make up their teams, as well as the best tooling and most advanced technologies available on the market – including the latest, most innovative methodologies.
“We take online safety and the protection of consumer and partner data extremely seriously,” says Ariel “We are continuously innovating our processes and systems to ensure optimal security on our platform, while constantly evaluating and enhancing the robust security measures we already have in place.”
What is unique about Booking.com cybersecurity?and
118 May 2022 BOOKING.COM
cybermagazine.com 119
What must companies do to prepare successfully for cyber incidents?
alreadysecurityandandsecuritytoprocessesinnovatingcontinuouslyourandsystemsensureoptimalonourplatform,constantlyevaluateenhancetherobustmeasureswehaveinplace”
ARIEL LEMELSON HEAD OF CYBER DETECTION & RESPONSE, BOOKING.COM
“We are
“As cyber defence leaders, in order to be well prepared you would like to have identified your business priority risks and crown jewels, and have a thorough understanding of your threat landscape. To add to that, you want to have practical,
“Observability and detection are vital for the response aspect of security. Simply put, if you can’t detect it, then the chance for a timely response to a cyber incident is low. In order to prepare, you need to define your process, your technology and your people on each of three components: observability, detection and response,” says Ariel.
120 May 2022 BOOKING.COM
Dealing with emerging threats
To stay one step ahead of emerging threats, you have to be able to correlate an abundance of information sources into a crisp reality image. This is done by smart contextualisation of the telemetry and alerts, correlating them with each other,
“In order to stay up to speed, cyber defence teams have to be able to scale defence capabilities without requiring linear growth in resources. This is possible by doing things ‘the smart way’”
ARIEL LEMELSON HEAD OF CYBER DETECTION & RESPONSE, BOOKING.COM
well-practised and validated response procedures, as well as a trained and passionate cyber incident response team, armed with top quality tooling.”
INDUSTRY: CYBERSECURITY LOCATION: AMSTERDAM, NETHERLANDS
BIOEXECUTIVE
Ariel is a professionalcybersecurityandleader with over 17 years of experience.
IT technologies have grown exponentially more complex over the years. In order to stay up to speed, cyber defence teams have to be able to scale defence capabilities without requiring linear growth in resources.
TITLE: HEAD OF CYBER DETECTION & RESPONSE
COMPANY: BOOKING.COM
with threat intelligence sources, and with business and risk information. Ariel says that “this allows you to keep your cyber defence teams within a manageable amount of information of high value, and high effectiveness of security operations”.
Ariel has navigated cybersecurity from different angles and sides, including vendor product management, consulting, enterprise and government agency. He has worked for organisations like: Booking.com, EY, Dell Technologies (EMC), ObserveIT (Proofpoint), Radware, Forcepoint, and the elite Unit 8200 of the Israeli Intelligence Service.Within Booking.com, Ariel leads the Cyber Detection & Response organisation, which consists of 45+ cybersecurity professionals and owns the company’s cyber defence.
ARIEL LEMELSON
sHuntersOCPlatfOrm Mitigate Cyber Threats Faster and More Reliably than SIEM WATCH A DEMO
Hunters solves the data challenge with seamless, unlimited data ingestion and normalization for all your security data at a predictable cost. Layered with built-in detection engineering, cross-stream data correlation, and automatic investigation, Hunters provides complete context to help your teams overcome volume, complexity, and false positives, to mitigate real threats more reliably than Security Information and Event Management (SIEM) tools.
• Go beyond UEBA and detect threats across resources, users and entities
Enable security engineering to leverage all datasets across your entire attack surface without compromise. Unlimited data is seamlessly ingested and mapped into a unified schema, ready for the detection and investigation
• Prioritize alert signals for easy triage with dynamic scoring
• Maintain 24/7 hot storage without compromise
Unlimited data ingestion
John Fung, deputy CISO at Cimpress
• Automatically map your data to the MITRE ATT&CK framework
data with ease at scale
• Present full attack story and detail - Identify: Who, What, and Where?
Ingest terabytes of data per day
• Organize data across siloed domains into one unified schema
Seamlessly Ingest and Organize all Your Data Leverage DetectionBuilt-inforScale and Accuracy
• Get out-of-the-box attack surface coverage
•workflow.Ingest
Remove the security engineering burden of ongoing rule creation and maintenance with builtin detection that surfaces and enriches disparate signals across data streams.
• Gain holistic visibility of the attack with graph-based correlation
Realize the Power of Auto Investigation
"If you don't have unlimited human resources to throw at your SIEM, then Hunters is easily the best solution for you. It enables teams to do more with less. We don’t need to manage our SIEM as we did before or babysit alerts and logic. We're now allowed to be security practitioners, look at events, and make meaningful strides to improve maturity, efficiency, and cost optimization.”
at a predictable cost 88% redUction in MTTD (Mean-Time-to-Detect) 4x redUction in operational costs
Empowering security teams to automatically identify and respond to incidents that matter across the entire attack surface.
Empower security analysts to stop chasing false positives. Help your analysts eliminate exhaustive, repetitive work and allow them to spend more time on incident triage and response from a full attack story.
124 May 2022 BOOKING.COM
“The sophistication of the attackers requires better contextualisation, and a more adversarial point of view by the defence teams. Having the effective ability to defend the different dynamic environments and workloads on-prem and in-cloud requires robust automation and correlation capabilities to be up to speed with the pace of technology. Things that could have been manual in the past, can’t be done in a manual fashion any more.”
“Scale and effectiveness became an essential condition for success in cyber defence, replacing manual efforts with automated ones,” he says. “It is essential to work with the right tooling that allows us to contextualise all the dots and signals into a clear picture. This saves substantial amounts of time in prevention, detection, investigation and response, and increases the ROI of the security spending.
cybermagazine.com 125
Booking.com:
“Observabilityanddetectionarevitalfortheresponseaspectofsecurity.Simplyput,ifyoucan’tdetectit,thenthechanceforatimelyresponsetoacyberincidentislow”
Traveling to the Future of Cybersecurity
“In the past, the common defence assumption of security teams was that an organisation was not compromised until proven otherwise. This was in alignment with the perimeter defence approach. With the changing of the paradigm into the mental model of ‘Assumed Compromise’, organisations now have to act as if the attackers are already in their environment. Still, making a working assumption that adversaries have access to the environment is different from assuming they have achieved their goals of stealing sensitive information or performing other impactful attacks like ransomware.
What is Proactive defence?
ARIEL LEMELSON HEAD OF CYBER DETECTION & RESPONSE, BOOKING.COM
“In most mature organisations, for attackers to have a substantial impact or potential economic benefits, they would need to perform quite a complex operation, jumping from place to place carefully exploiting any potential ‘digital holes’ found.
For the uninitiated, these descriptions really give one a sense of cyber warfare. In order to be successful in that, it is important to have the telemetry stored in an easily accessible fashion for longer terms, and to have tooling that can support security teams in making hunting efficient with all that information.
“Proactive defence methodology assumes that the attackers are somewhere on their way from an initial access point towards the company data. In order to detect those potential attackers, defence teams deploy numerous types of cyber-traps called ‘detections’, and also actively hunt the attackers on their way,” Ariel outlines.
Pitfalls in cyber threat detection and response
“The sophistication of the defenceofadversaryexaminationandcontextualisationrequiresattackersbetterconstantofthepointviewbytheteams”
“Some of the pitfalls cyber security defence teams encounter result from doing cyber defence in a silo, without being fully aware of both the full attack surface and the most important business assets. This may lead to a security ‘comfort zone’, where there may be over-investment in
“In today’s landscape, it is key to have more data rather than less, making less painful tradeoffs between which log source to save and for how long. With partial telemetry, the ability to efficiently hunt sophisticated attackers becomes limited.”
126 May 2022 BOOKING.COM
ARIEL LEMELSON HEAD OF CYBER DETECTION & RESPONSE, BOOKING.COM
Another potential pitfall in security defences is that it's common to see security organisations that simply don’t measure the right KPIs. “If you don’t define the KPIs properly,” says Ariel, “you’ll be creating the wrong incentives for the security teams, which will eventually lead to ineffective resource allocation, low team effectiveness and, potentially, to cyber compromise.”
cybermagazine.com 127
defence of certain points, while other major blind spots are not properly defended and there’s a lack of awareness and risk acceptance from the business. These disconnected situations may result in a negative scenario,” says Ariel.
native alerts coming from security tools, lacking the holistic understanding of the ‘3D chess game’ we play every day with our adversaries, as cyber defence professionals.”
“There is also limited raw telemetry collection and retention, which impedes the ability to detect, hunt or investigate cyber attacks. Cyber defence teams do not always have a clear and open view of the threat landscape, or of the adversarial point of view. In such cases, it is almost impossible to provide proper cyber defence to the business,” he continues to explain. “The defence would be passive, driven by
FULL - SERVICE LAW FIRM WITH AN EXCITING DIGITAL FUTURE BY: KRISTOFER PALMER BY: ALEX TUCK
ANDERSON MORI & TOMOTSUNE 128 May 2022 PRODUCED
WRITTEN
cybermagazine.com 129
I
Yoshihide Hojo is Chief Security Officer, Legal & IT Tech Strategy at Anderson Mōri & Tomotsune. Having been with the firm for 7 years, Hojo explained how the pandemic caused the largest decline in international flows the company had ever seen, putting it under the pressure of rapid anti-globalisation.
130 May 2022 ANDERSON MORI & TOMOTSUNE
t’s been a tumultuous time during the pandemic, with many industries experiencing shutdowns and massive disruptions of the supply chain. With prices rising, Anderson Mori & Tomotsune - one of Japan’s largest full-service corporate law firms - has been there to support global clients, quickly identifying the key issues and providing appropriate temporary solutions throughout the state of emergency. This process included assessing the value of solutions and developing new ways to stay competitive in an evolving business and economic environment. Additionally, the firm underwent its own inward-focused transformation, restructuring to handle some of the rapidly emerging, extraordinary demands that occurred during the pandemic. 2022 marks the 70-year anniversary of the firm. It is continuously striving to provide services that best meet the needs of clients by utilising accumulated experience and knowledge, as well as through strong relationships with the top, trusted law firms around the world.
Yoshihide Hojo, Chief Security Officer and Legal & IT Tech Strategy at Anderson Mōri & Tomotsune, discusses their innovation-led business transformation
Handling new legal challenges in an uncertain world
cybermagazine.com 131
“Businesses experienced the shutdowns, the massive disruption of supply chains, and now we are experiencing the rising input prices.
Turning to technology and a new digital strategy
"While tackling our own rapid change and transformation, we needed to sort information and form our structure to support our clients facing new legal issues. We needed to be inward-focused and also client-centric at the same time,” said Hojo.
AMT had to respond to the emergency, scaling up initiatives of the digital strategy it used to map in one- to three-year phases in a matter of weeks.
“In a very short period of time, we rolled out online communication tools firm-wide,
132 May 2022
“As a full-service corporate law firm supporting global clients in international and cross-border projects, AMT had to quickly identify the key issues, support and promptly provide appropriate, far-sighted advice for each phase where clients were responding emergencies, seeking temporary solutions to meet new demands, re-assessing their value and developing new strategies to stay competitive in the new business and economic environment.
Yoshihide Hojo is the Chief Security Officer / IT Strategy Manager at Anderson Mori & Tomotsune, working in the legal industry for over 10 years, holds CISSP and other industry certifications, and leading innovation in cybersecurity and tech strategy for over 20 years. As companies face complex challenges in a time of change, the importance of innovation to reassess value and build new strategies to meet needs and demands is growing. Under these circumstances, he is leading the firm’s technology and security strategies, working as a team AMT to provide the best legal services
YOSHIHIDE HOJO
YOSHIHIDE HOJO
TITLE: CHIEF SECURITY OFFICER / LEGAL & IT TECH STRATEGY LOCATION: JAPAN
“We needed to atalsoinward-focusedbeandclient-centricthesametime”
online marketing tools to keep our digital channels, other tools to improve process efficiency and to escalate digital operations within our firm,” said Hojo.
CHIEF SECURITY OFFICER / LEGAL & IT TECH STRATEGY, ANDERSON MORI & TOMOTSUNE
Hojo added: “We also adopted the SASE (Secure Access Service Edge) solution to optimise our global network for such workload changes.
ANDERSON MORI & TOMOTSUNE
And to accommodate the rapidly increased volume of remote work, AMT also doubled and tripled the capacity and capability of the VPN (virtual private network) and VDI (virtual desktop infrastructure).
AMT: Full service law firm with an exciting digital future 134 May 2022
First, the company starts with the big picture and then focuses on more specific processes.“Weanalyse and visualise specific processes by using business process modelling, etc. Then, with the keywords such as problem solving, logical thinking, agility, collaboration, technology adoption, we develop a solution that leads to the end-toend client experience.
"As rapid changes in operations and system environments can introduce new risks, we also needed to strengthen our cybersecurity capabilities - such as monitoring, analysing, resilience - and expand cybersecurity measures to protect the new components added as we widely adopted work-from-home.”
YOSHIHIDE HOJO CHIEF SECURITY OFFICER / LEGAL & IT TECH STRATEGY, ANDERSON MORI & TOMOTSUNE
"Since innovation cannot be successful with technology adoption alone, we also place great importance on the consideration of the elements of people and culture in
“Every change in the business environment involves some risks”
“As we often see the client in a stressful or time sensitive situation, we start the process of innovation by asking: how can we deliver the best possible experience to our clients by leveraging our strengths through our legal services?”
Hojo explained that when it comes to innovation, AMT must think of the ultimate benefit to their clients, focusing on what they actually want.
cybermagazine.com 135 ANDERSON MORI & TOMOTSUNE
Fight ransomware with AI
Darktrace is the only technology that interrupts ransomware autonomously, without causing costly shutdowns. When it comes to security, leave nothing to chance. Learn more at darktrace.com 136 May 2022 ANDERSON MORI & TOMOTSUNE
"By providing and utilising these technology solutions, we are able to speed up complicated and time-consuming tasks, and our lawyers can spend their time on the areas that lead to better quality of our services and greater client satisfaction. I believe that these efforts provide new value and satisfaction to our clients, leading to AMT's continued growth in this uncertain time.”
our innovation efforts. Such as the preferred approaches and tools in a particular industry, client, or legal area.
"For example, we have been providing solutions to automate and streamline processes by using automation tools, such as a solution that semi-automates the generation of a set of documents required for a specific process, such as a company registration, etc.
DARKTRACE AI AND ML AIDS AMT CYBERSECURITY EFFORTS
“In the legal sector, the culture of law itself has been a major barrier to technologysuccessfuladoption”
“In the legal sector, the culture of law itself has been a major barrier to successful technology adoption, since law was built with rules and regulations. These barriers made it difficult for technologists to understand what the firm exactly needed and how to integrate solutions in the best way."
YOSHIHIDE HOJO CHIEF SECURITY OFFICER / LEGAL & IT TECH STRATEGY, ANDERSON MORI & TOMOTSUNE
“Darktrace is one of our valued tech partners that has played an important role in key areas of our cyber security strategy since pre-pandemic times.
AMT has been working as an interdisciplinary team of lawyers, paralegals, KMs and technologists, to look into the detail of each legal task and seek opportunities for technology adoption to improve the speed, efficiency of the process, and accuracy of the“Workingoutcome.as an interdisciplinary team enabled us to include cultural factors into those processes as well. Although we are just getting started on our challenges and have a long way to go, based on what we've seen so far, I think these approaches and initiatives are driving increased client satisfaction and firm business opportunities,” said Hojo.
"With its unique AI and ML algorithm engine, we’ve been able to identify any level of unusual activities within our networks which enabled us to cover not only the cyberattack including zero day and targeted attacks, but also internal threats.
cybermagazine.com 137 ANDERSON MORI & TOMOTSUNE
Starting with the big picture view with legal practices and firm operation Hojo speaks of innovation efforts, but he believes the firm is at a tipping point and needs to look at the longer-term impact of technological change on the business.
"Thanks to Darktrace’s advanced and effective approaches and learning capabilities that create a bespoke understanding of our business, we have been able to operate our security measures well fitted to AMT's environment, people, data, and business operations. This has allowed us to adapt quickly to even the rapid changes during the pandemic without lowering the level of our cybersecurity operations,” said Yoshihide Hojo.
“We just started building our foundation for innovation. We’ve learned a lot in the steps we’ve taken. We continue to explore the possibilities of emerging technologies,” heInadded.terms of evaluating and implementing solutions to automate and enhance
“We develop a good list of evaluation criteria and take the necessary time to conduct the trial. Evaluations focus on the functional aspects and also costeffectiveness and user experience from the"Andsolution.themost important phase is the post-deployment. We emphasise ongoing efforts to integrate the solution into business processes, measure the effectiveness, learn and educate how to sustainably utilise them in our business operations, and encourage the use of technology,” said Hojo.
processes, AMT uses their interdisciplinary team, selecting the participants who are familiar and have expertise with the relevant process to form a team.
138 May 2022
“Under these circumstances, the use of AI and unstructured data analysis was inevitably promoted, expanding beyond e-Discovery to areas such as cybersecurity, compliance and beyond,” said Hojo.
Professionals50010Locations70YearHistory
AMT has been working and experimenting with AI and ML for different tasks such as document review and translation. But, as the pandemic became a catalyst for innovation, people moved toward digitalisation and AI, resulting in explosive data growth.
Our Lawyers take great professional pride in their work. As a fundamental principle, we continuously strive to deliver premier quality legal services on each and every client assignment. To achieve this, AMT professionals are dedicated to four maxims: the pursuit of excellence, steadfast effort, maintaining quality and constant
International and cross-border projects are our forte. Utilising our offices in Japan and outside Japan, as well as our extensive overseas network of trusted law firms, our cross-border practice is robustly expanding abroad in new and developing markets, as well as more established, mature jurisdictions.
ACCUMULATED KNOWLEDGE
improvement.cybermagazine.com 139 ANDERSON MORI & TOMOTSUNE
CROSS-BORDER
As a large, leading law firm in Japan, we have accumulated a wealth of practical knowledge, insight and know-how, which has been developed over many decades of legal practice. Our clients benefit from this database of experience, including tried and tested solutions, which we continually update and fine-tune.
FULL-SERVICE
Our client ethos is to focus on building long term bonds with our values clients, rather than seeking short-term relationships or gains. We strive to become your trusted advisor and put your needs first.
CLIENT FIRST
As a truly integrated, full-service, commercial law firm, we meet the legal needs of our international clientele by combining the depth of resources of approximately 500 lawyers with expertise across a wide spectrum of legal disciplines and an array of legal jurisdictions.
PHILOSOPHYOUR
PREMIER QUALITY
140 May 2022
risks. Successful digital and business transformation requires a cybersecurity strategy that is optimised for them.
It is critical to understand both DX and cybersecurity, and find a way to develop actionable strategies that complement each other. AMT has been working to develop such strategies and plans since prepandemic times.
Improving services as a client-centric business AMT has many ongoing and upcoming projects, including ones for document management, document search and review, knowledge management and data analytics, a collaboration platform, information governance and the ever-changing realm of cybersecurity.“Thegoalof these projects is not only to introduce new tools and services, but also to create new value through their integration. So we are working to achieve this goal in stages with ideas from different teams,” said Hojo.
Putting DX and cybersecurity together as a strategy, and redesigning and rebuilding cybersecurity measures that perfectly covered the complexity of the new hybrid business environment, wasn’t easy for Hojo.
“We are still in the middle of our digital and business transformation journey, and halfway through a cybersecurity re-shaping. I‘m truly grateful to our talented teams at AMT and our valued technology partners for making sure we are getting where we need to be,” he said.
“By learning how technologies and data can create new efficiencies and values, provide insights, manage risks, and create the future of law, and by collaborating with each team, we believe that they will lead to a highly customised experience for our clients,” said Hojo.
Digital Experience (DX) has also helped AMT to re-shape their cybersecurity, as Hojo explains: “Every change in the business environment involves some
YOSHIHIDE HOJO CHIEF SECURITY OFFICER / LEGAL & IT TECH STRATEGY, ANDERSON MORI & TOMOTSUNE
Putting the customer first is already at the centre of the firm’s strategy.
“We are still in the middle of our digital and journey”transformationbusiness
cybermagazine.com 141 ANDERSON MORI & TOMOTSUNE
Sponsor opportunities SHAPING SUSTAINABILITYBUSINESSTHEOF A BizClik Media Group Event: 7 - 8 SEPT 2022 STREAMED & IN PERSON BUSINESS DESIGN CENTRE, LONDON Get tickets ShowreelourWatch2022
