Cyber Resilience with a Robust Security Incident Response

Wilson Wong, Vice President of Cyber Security at the Venetian Macao

Wilson Wong, Vice President of Cyber Security at the Venetian Macao

As technology evolves, we are now connected to the world more than ever before and we can do things more effectively and efficiently. Unfortunately, all this comes with a cost, a surge in cyber-attacks as they have become more sophisticated and launching an attack has become easier than ever. There is no doubt that every company is trying to do as much as they can to protect their information. The question is, is there any perfect solution in the market?

It is not surprising that some companies still believe that buying the best and latest technology is the answer. To me, this is only partially right, as I believe in order to protect our information, we have to do these 3 things right: which are people, process, technology (PPT). The PPT framework is introduced in 1960s by Harold Leavitt, which focuses on help managing change in the organization. The key objective of PPT is about the balance of 3 elements, which in a mature Cyber Security Program; refer to trained professional, standardized and sustainable process, and interoperable technology to optimize cyber operations.

People: First of all, in addition to having skilled professionals to run the day-to-day cyber operations, it’s equally important to train company staff on cyber hygiene and stay vigilant. We need to deliver the message that they are critical to fighting against cyber risk.

With double extortion ransom ware being our top cyber risk, phishing email remains one of the most commonly used attack vectors. Since it’s impossible for any email gateway to block all malicious emails, there is no better way than educating end users to distinguish phishing email and report to cyber security whenever they find the mails suspicious.

Process: I’d like to reiterate the favorite line “It is not a question of 'if' but 'when' a cyber-attack will happen”. We need to build cyber resilience by having a robust cyber security incident response plan in place. The plan needs to be regularly reviewed, updated, and tested to ensure proper actions can be taken to contain any damage, minimize the impact and prompt recovery to sustain business continuity. Therefore, regular table-top exercise with key stakeholders such as IT, HR, Legal, Public communication, etc. are paramount to the success of cyber resilience.

The key objective of PPT is about the balance of 3 elements, which in a mature Cyber Security Program; refer to trained professional, standardized and sustainable process, and interoperable technology to optimize cyber operations

Technology: With new threats and attack vectors emerging every day, we have to automate routine tasks as much as possible to enable faster detection, prevention, and containment. One way would be leveraging Security Orchestration Automate Respond (SOAR). However, the tool itself will not suffice if it’s not properly configured, and this requires expertise and experience of our professionals who know the environment well. Also, make sure we do not buy the best technology, but the technology most suitable to your company and integrate well with your existing technology.

Lastly, it will be great if we have buy-in from senior management so that we can engage an independent party to conduct a threat risk assessment every few years to benchmark against industry best practice. This can help to identify control and technology gaps when operations have reached some stagnant state.