With cybersecurity threats growing, the onus is on organisations to safeguard customer data and for governments to ensure data violations are taken seriously.
This meant that data governance and regulations were critical in building a robust cybersecurity framework, said Ng Hoo Ming, deputy chief executive of operations at Singapore's Cyber Security Agency (CSA), during his keynote Wednesday at the RSA Conference Asia-Pacific Japan.
Ng noted that it would be unsettling for consumers to realise the large amount of data businesses had on them and were keeping on a no-holds barred fashion. He pointed to Uber's data breach, which compromised data of 380,000 customers in Singapore, and noted that the ride-sharing company had tried to conceal it for more than a year, paying off hackers to delete the data and keep quiet about the incident.
He said it caused anxiety amongst customers who were concerned hackers could use the compromised data to illegally access accounts and trust in Uber was eroded. Such mistrust posed serious challenges to digital transformation initiatives including Singapore's own smart nation plans, which aimed to drive the adoption of digital services and technology, he added.
His comments followed last week's security breach that compromised personal data of 1.5 million SingHealth patients, in what was described by authorities as a "deliberate, targeted, and well-planned" attack.
During his address, Ng gave no further details on the breach, other than reiterating statements from the various government agencies that such incidents were serious, but "should not derail" Singapore's smart nation plans.
Stressing the importance of data governance in steering an organisation's data management practices, he urged decision-makers not to dismiss its role during new implementations. Doing so would open up the risk of cybersecurity attacks and the reason why some organisations would take considerable time to realise they had been breached, he said.
Data was the lifeblood of business operations, digital economies, and smart nations, he noted, but amid a current landscape where cyber threats were real and personal data breaches were growing, data governance must be viewed as an enabler--not hindrance--for business to run smoothly.
Leaving the industry to self-regulate, too, would not work, Ng said, underscoring the role of regulations.
To establish public trust, the onus then was on organisations to do what was needed to safeguard customer data and for governments to ensure data violations were taken seriously, he said.
Turning to machine learning, automation for help
Businesses, though, would need to be able to identify the right data signals so they could quickly respond to potential threats, said Diana Kelley, Microsoft's cybersecurity field chief technology officer, during her keynote at the conference.
The first iteration of security information and event management (SIEM) technology, though, was developed almost two decades ago when cloud and Internet of Things (IoT) were not prevalent, Kelley noted.
She said enterprise environments today were multi-faceted and "noisy", with businesses running different cloud platforms and systems. Data logs from various systems would need to be integrated and harmonised, so administrators could identify useful data signals to extract insights on potential security threats.
She pointed to the McCrory's law of data gravity, mooting its application to security where the analysis and monitoring of data could be moved to where the data resided, in order to reduce latency and, hence, enabling quicker response to potential threats.
The law of data gravity states that as data volume grows, more applications and services will be drawn to it. So, an application runs more efficiently the closer it is located to the data it uses. There also is less latency and less bandwidth consumed.
Kelley suggested that moving security analytics and monitoring nearer to the data would offer deeper insights and help transform SIEM technology.
She added that data gravity, coupled with machine learning tools, could further transform SOCs (security operations centres). She noted, for instance, that a former rules-based Microsoft system would flag 28 percent of logins as suspicious. At 1 billion logins per day, that totalled to 280 million "suspicious" logins that an administrator would have to go through to identify legitimate threats from false alarms. After applying machine learning capabilities to the system, the flag rate dropped to less than 0.001 percent.
This was where organisations needed to move towards, Kelley said, adding that the faster businesses were able to identify and contain an attack--by boosting data signals--the less damage the attack would cause.
"SIEM and traditional SOCs can't keep up. The data world is moving very quickly and cloud is becoming more of a security imperative for organisations. If we keep with the old, taking all the data and putting it in the haystack, we won't be able to respond fast enough," she said.