Asia Pacific drives growth for many Irish businesses and is home to some of the world’s most digitally connected population. In the Southeast Asia region alone, there is a population of over 330 million connected individuals with the region’s digital economy having been projected to hit US$300 billion by 2025.
When quarantines and stay-home orders became the reality for many people at the height of the Covid-19 pandemic last year, the adoption of digital services rose like never before, particularly in Southeast Asia. According to a joint report by Google, Temasek Holdings and Bain & Company, as many as 40 million people across the region — Singapore, Malaysia, Indonesia, the Philippines, Vietnam and Thailand — came online for the first time in 2020.
Now with nearly 70% of the region’s population online, the digital sphere is a necessity for both consumers and businesses. Cyber threats are equally becoming responsive to an increasingly vibrant digital environment as threats become more pervasive and complex.
Irish innovators are coming to the forefront to lend their expertise in this dynamic and challenging environment. During Enterprise Ireland’s Asia Pacific Cybersecurity Innovation Showcase, we heard from six Irish companies on their contributions towards a safe cyber environment as well as their latest solutions that address emerging cybersecurity challenges today.
Creating a safe and seamless digital experience for businesses and consumers
With so many new online users in the region, cybersecurity threats are becoming two-fold. First, there is a need to ensure a safe and secure online experience for users through good cyber hygiene habits. And second, there is a need to facilitate an education around cyber-attacks and protection for new users who may be more vulnerable to these threats.
Cyber criminals are moving from targeting systems and processes to targeting users, creating a gap in a company’s security protection. Cyber Risk Aware, a human cyber risk management and behaviour change platform, was set up to protect people, institutions and cities through education and cyber awareness that effects positive change in online behaviour. Cyber Risk Aware primarily helps companies from becoming victims of cybercrime by raising staff awareness and creating a network of human sensors in real-time.
“Today’s highly sophisticated cyber criminals are gaining access to vital company data through complex scams like phishing, smishing, malware or ransomware that target people instead of systems. Traditional tick-the-box, annual or even monthly training is no longer effective against these criminals and leaves staff defenseless against an attack. A shift towards helping create positive behaviour change in staff by implementing context-based, real-time intervention training in their exact moment of need is essential to mitigate impending risks. Organisations who have committed to changing the risky behaviours of their staff are seeing up to 800% ROI against a single security breach,” says Stephen Burke, CEO & Founder of Cyber Risk Aware.
Highlighting that traditional staff training is inadequate to change risky staff behaviour that typically compromises a company’s network defense, Cyber Risk Aware advocates companies to set up contextual training and an awareness content library that will shore up staff behaviour as defense to a cyber-attack. The ground-up approach should leverage a company’s cyber defenses, in tandem with human cyber-risk assessments that evaluates a user’s cyber awareness and knowledge through regular email and SMS phishing tests as well as data analytics stemming from behaviour database that tracks human cyber risk scoring and behaviour change.
Email remains to be a cornerstone of consumers’ digital identity. And TitanHQ, one of the leading providers of email protection, DNS filtering and email archiving solutions for over 20 years, is a frontrunner in safeguarding consumers from cyber-attacks on this front. Through its comprehensive suite of solutions that include WebTitan, SpamTitan and ArcTitan, TitanHQ’s has been identifying and blocking malware and ransomware attacks before they infiltrate organisations’ network. The movement to work from home and an increase in remote workforces have increased the risk vector and placed a further onus on a layered security approach.
On the financial services front, Daon, a global leader in digital onboarding and biometric authentication technology, is no stranger to Asian shores. Trust is a key priority to Daon’s innovations in this region. Trilochan Sehgal, Regional Vice-President of Southeast Asia, highlighted the digital identity problem, where there is a critical need to solve the issue of trust across multiple online channels.
Introducing IdentityX – the world’s first cross-channel multi-factor biometric authentication and onboarding platform, consumers can now use the same identity credential to authenticate quickly and easily, at any time and through any channel. Not only does the platform help create a seamless digital experience across multiple channels, it guarantees consumers’ digital identity based on secure biometric credentials, enabled by face recognition technology. This can be made even more secure through other biometric authentication processes that may include voice and finger authentication.
Despite a challenging 2020, the company made strides in the region with an impressive portfolio of clients including Japan’s SMFG/SMBC, Standard Chartered Bank and a host of Hong Kong based banks. The company’s presence in Asia also expanded with a new Singapore office as well as significant new partnerships including a contract to deliver digital onboarding and mobile biometric authentication with Singapore-based TONIK, which provides the first digital-only bank in the Philippines.
Commenting on this, Trilochan Sehgal, Vice-President of Daon Southeast Asia said, “Daon is in a unique position where we solve challenges across the full customer identity lifecycle from onboarding, authentication and account recovery. Our customers appreciate this holistic approach and we are seeing a big surge in our technology adoption specially among customers in payments verification, digital banking, insurance, and telcos in the region.”
Securing data and networks against cyber threats
The data landscape is changing dramatically. And it is important to understand the shifts in this landscape to better develop solutions that can bolster cyber defense for any company, institution or country against new threats that can emerge from this landscape.
Mark Brosnan, Co-Founder & Managing Director of GetVisibility, shared how major shifts in the data landscape are primarily influenced by five key factors: i) regulation, ii) explosion in data, iii) cloud adoption, iv) an increase in cyber-attacks and v) ineffective data loss prevention programmes. Not only do data governance need to keep up with these shifts, but these systems also need to account for the end-user as well as anticipate potential new threats too.
Data governance is therefore a responsibility that spans across end-users and multiple organizational processes. As a software solution that discovers, categorizes and classifies unstructured data across an organization, GetVisibility undertakes this responsibility by harnessing Artificial Intelligence (AI) to provide risk and compliance assessments in the data governance process as well as to enforce protection of sensitive data. This is increasingly pertinent at a time where remote work is becoming the norm during the pandemic as companies seek to secure their data against cyber breaches or leaks.
With data governance being a huge undertaking that involves various organizational processes, efficiency will be key for organisations. Security Automation Orchestration and Response platform provider, Tines, allows security teams to automate any workflow regardless of complexity without relying on pre-built integrations.
Having observed that an excess of IT and security operations work is manual, repetitive and prone to error, Tines have designed a software that allows security operations teams to automate their manual workloads without requiring scripting or software development knowledge. This frees up security operations teams to refocus on more impactful risk-reduction strategies specific to an organisation. Upon notification of a potential threat, security operations teams can also conduct deeper incident investigations and responses and enlist an analyst as soon as any real threat has been identified.
But what if the worst happens – what should companies do when there has been a breach?
It is all in the response, and how quick it is matters. GuardYoo, a specialist in remote compromised assessment or a technical audit of a network, treats cyber incidents as physical crime sites that can be investigated. GuardYoo departs from the traditional thinking of cybersecurity as a model that protects networks from breaches. Instead, the company brazenly believes that this brand of cybersecurity is impossible as cyber threats are inevitable, and that breaches can even occur without the awareness of most organisations.
Darren Sexton, Chief Executive Officer of GuardYoo shared, “The way hackers penetrate a network is always changing and this is a perpetual game of hide and seek. But what does not change is that hackers need to do something once they get into a system. That is where GuardYoo steps in. To use a Covid-19 analogy, traditional cybersecurity companies will check if you are wearing a mask and that the mask is covering the right areas but GuardYoo will check if the virus has gotten through the mask and will identify what parts of the body it is attacking.”
As such, GuardYoo recommends its automated ‘Digital Forensics Investigation’ model to conduct regular compromise assessments that identifies how a network lapsed in its defenses, how these vulnerabilities were exploited and who was responsible behind the attack. The company also has an active threat research lab that is constantly developing threat models. This contributes to the swift one week turn-around time for GuardYoo’s compromise assessment, including a forensic analysis, as opposed to the typical 10 to 12-weeks timeline across the industry.
