Following the interview with IMPACT's COO, Computerworld Malaysia asked forensic software specialist Nuix Software's director of security and investigation services, Stuart Clarke, for his views on how Asia Pacific public and private organisations can better manage the cyber threat landscape, recently detailed by IMPACT [International Multilateral Partnership against Cyber Threats, which is the cybersecurity executing arm of the United Nations' specialised agency ITU].
Nuix also recently announced a collaboration with Malaysia headquartered IMPACT and also assisted Interpol with forensics training in Malaysia..
Photo - Stuart Clarke, Director of Security and Investigation Services, Nuix Software
What should be the priorities for organisations when preparing their strategies to defend and manage cyber security threats?
It's hard to give a strict order of importance because there are big differences between organisations and the value of the information they need to protect. However some core priorities for organisations to consider in their cybersecurity defence model include:
Collaboration: start to form partnerships with the appropriate agencies in government, law enforcement and the private sector. Such agencies often have an established cybersecurity capability and experience. Working with such organisations gives you a huge head-start and ongoing support. Remember that partnerships are a two-way relationship.
Research, development and sharing: information security threats don't rest. We are always on guard and often on the back foot. That means we must all research new technologies and develop new detection and investigation techniques. We should share these across the industry through conferences and global events.
Get the basics right, and the rest will follow: if a castle is built upon sturdy and broad foundations, it can support an increasingly complex and growing structure. The correct approach to cybersecurity is the same: build a secure core and maintain it independently of tailored solutions to deal with specific threats. As we add on solutions to address new threats, they can sit on top of the existing stable core and can continue to stack up.
Be ready: build an investigation team, a forensic readiness and response plan and a strong software toolkit to deal with data pre and post incident.
Build capacity: do not rely on the easiest, cheapest option. Deploy multiple detection and analysis technologies to give a comprehensive view of activity. The same approach should be applied to your people, who must be multi-skilled and highly trained. Remember that people are the weakest link, so consider educating all end users to raise their IT security awareness.
Is there anything APAC organisations can learn from your work with companies overseas when it comes to preparing for cyber threats?
Preparation is the key, but at the moment organisations across the world are playing catch up.
It is essential to update or remove legacy systems, put 24-hour monitoring solutions in place and build a forensic incident response team and a readiness plan.
It is also important to work collaboratively. Cybersecurity threats certainly don't respect geographical or organisational boundaries, so it is imperative that organisations around the world respond with a uniform approach wherever possible.
In the past 12 to 18 months, I have seen a massive shift from isolated forensic labs with an independent investigator model to a more collaborative approach including several analysts and individuals with a mix of different skills. This approach is working well, so now the challenge is applying it at a larger scale - a national and international level. The work IMPACT is doing in partnership with Nuix is a positive step towards this.
Finally, the idea of sharing and applying threat intelligence is starting to gather real traction with our clients. Organisations in APAC could help lead the way with this initiative. Applying threat intelligence allows us to harness big data for good. It means we can be ready when a cybersecurity incident happens, knowing where to look and also highlighting anomalies instantly. Perhaps most importantly, attackers don't know you have this intelligence and you start to gain the upper hand.
Sign up for Computerworld eNewsletters.