Humans are your Asset: Maximize Cyber Security Awareness and Education 

18 July 2023 l 9.00AM (SGT) 
Free Cyber Security Online Event

Day 1: 18th July 2023

9:00 - 9:30 SGT FIRESIDE CHAT: Analysing the importance of human centric design in control and process design of cyber security

Saleshni Sharma - Director, Regional Information Security Officer Asia Pacific, Berkley Insurance

When it comes to cyber security, human-centric design can be used to create controls and processes that are more effective and easier to use for employees which in turn, increases education and awareness. Human-centric design involves understanding the behavior of the users who will be interacting with the controls and processes. By studying how employees interact with technology and identifying pain points and challenges, organizations can design more effective controls and processes that are easier to use and more likely to be followed.

For this session we are joined by Saleshni Sharma, Director, Regional Information Security Officer at Berkley Insurance. According to Saleshni, information security is closely related to risk appetite. The main role of any information security professional is to communicate risks effectively, whether it be business related, technology or personnel. โ€œIf we do this successfully 80% of the difficult part of our job is doneโ€. Saleshni enjoys working in a high-performance and highly collaborative environment and with that in mind, our session will discuss: 

  • Fostering a culture of cyber security that extends beyond the internal IT department. This includes training employees on cyber security best practices, establishing clear policies and procedures, and promoting cyber security awareness throughout the organization.
  • Training and awareness: Human-centric design can also be used to design more effective training and awareness programs. By understanding how employees learn and retain information, organizations can design training programs that are more engaging and effective. This can help to increase employee knowledge and awareness of cyber security risks and best practices.
  • Understanding user behaviour by providing context and feedback to help employees better understand the importance of cyber security controls and processes
  • Simplifying processes to make them more intuitive and user-friendly which can help to reduce errors and increase compliance.
img

Saleshni Sharma

Director, Regional Information Security Officer Asia Pacific
Berkley Insurance

9:30 - 10:00 SGT Applying a comprehensive, mature, and measurable zero-trust program

Adrian Foo - CIO, Hynds Group
Emir Trhulj - Regional Manager, APJC, Cisco

Many organizations have invested in security tools such as MFA, EDRs, MDMs, VPNs and more to mitigate phishing attacks. But security tools are used by real people, so they need to be supported with simple processes and great usability for maximum security efficacy.

Duoโ€™s APAC cybersecurity leader, Emir Trhulj, will interview Adrian Foo, CIO at Hynds. The two will discuss Hyndโ€™s journey towards zero trust, including challenges, considerations and solutions discovered along the way. In order to make progress towards zero trust security, itโ€™s critical to get everyone on board. In this session, we will share best practices implemented to enable secure access for a remote workforce, providing the best experience for productivity without compromising on security.

This session will discuss:

  • Zero Trust capabilities for the hybrid workforce, such as security policies
  • Securing against phishing attacks with strong multi-factor authentication and device trust
  • Creating a more secure approach to network security in remote workforces and cloud computing environments

 



img

Adrian Foo

CIO
Hynds Group

img

Emir Trhulj

Regional Manager, APJC
Cisco

10:00 - 10:30 SGT EDUCATIONAL INSIGHT: Raising cyber awareness and assessing the behavioural impact

Dr Tehmina Khan - Senior Lecturer, RMIT

In an increasingly interconnected world, where digital technologies permeate every aspect of our lives, cyber threats have become pervasive. By raising awareness about these threats, individuals can better understand the risks and adopt proactive measures to protect themselves and their sensitive information. Cyber awareness helps combat the social engineering tactics used by cybercriminals, as it enables people to recognize and avoid common scams and phishing attempts. Assessing the behavioural impact of cyber awareness initiatives allows organizations and policymakers to measure the effectiveness of their efforts and identify areas for improvement. Understanding how people's behaviours and attitudes towards cybersecurity change over time enables the development of targeted interventions and educational programs. Ultimately, by raising cyber awareness and assessing behavioural impact, we can empower individuals, strengthen cybersecurity defences, and create a safer digital environment for everyone.

For this session we will be joined by Dr Khan, Senior Lecturer, RMIT, who is an educator, researcher and consultant who undertakes research in the area of information systems and internet technologies. Dr Khan undertakes research projects that involve advanced data analytics and is currently working on AI and machine learning to address sustainability related problems, at micro, meso and macro scales. Our session will have a holistic approach to addressing:

  • Signs and signals for managers: Paying attention when assessing potential risks
  • Social factors that play a role in accountability, responsibility, and policy
  • The behavioural implications of cyber security and the role we play in responsibility and accountability 
img

Dr Tehmina Khan

Senior Lecturer
RMIT

10:30 - 11:00 SGT DISCUSSION: Address security gaps to better manage third-party risk

Aman Kumar - Senior Director- Governance, EC-Council Global Services

In today's interconnected digital landscape, organizations are increasingly reliant on third-party vendors and technology solutions. While this brings many benefits, it also introduces significant security challenges. During our panel discussion, we aim to explore strategies and best practices for addressing security gaps and effectively managing the associated risks. The discussion will revolve around three key talking points:


  1. Ensuring proper integration of external technology:

As organizations increasingly adopt cloud-based and mobile technologies, it is becoming more difficult for IT departments to keep track of all of the technology that is in use within the organization. This can create security gaps, as unauthorized or insecure technologies may be used to access sensitive data.

To mitigate this risk, organizations should implement a process for vetting all new technologies before they are put into use. This process should include an assessment of the technology's security features and a review of the vendor's security practices. Additional talking points include:

  • Highlight the importance of integrating technology solutions created outside of IT's purview into the organization's cybersecurity framework.
  • Discuss the risks associated with "shadow IT" and the need for proactive measures to identify and address such technology gaps.
  • Share insights from EGS on how organizations can establish clear guidelines and processes to ensure seamless integration while maintaining robust security protocols.


2. Identifying potential risks with third-party vendors:

Third-party vendors can pose a significant risk to an organization's security. Vendors may have access to sensitive data, such as customer PII, and they may not have the same level of security expertise as the organization itself.

To mitigate this risk, organizations should carefully vet all third-party vendors before engaging them. This process should include an assessment of the vendor's security posture, including their minimum security standards, incident response plans, and security auditing requirements. Additional talking points include:

  • Discuss the significance of conducting thorough risk assessments and due diligence when engaging with third-party vendors.
  • Highlight the importance of establishing minimum security standards, incident response plans, and security auditing requirements for vendors.
  • Share experiences and best practices for effectively identifying and mitigating potential risks posed by third-party vendors.

 

3. Implementing controls to manage data exposure and risk:

Once an organization has identified and mitigated the risks associated with third-party vendors, it is important to implement controls to limit the exposure of sensitive data. These controls may include data encryption, access controls, and monitoring systems. By implementing these controls, organizations can help to protect their sensitive data from unauthorized access, use, or disclosure. Additional talking points include:

  • Discuss the need for implementing stringent controls to limit the exposure of sensitive data to third-party vendors.
  • Share insights on how organizations can effectively manage and monitor data access, permissions, and data flow within the vendor ecosystem.
  • Discuss the role of ongoing risk assessments and regular security audits to ensure compliance and proactive risk management.
img

Aman Kumar

Senior Director- Governance
EC-Council Global Services