CLOUDSEC 2017 – The Highlights – 3 hours condensed into 3 minutes

Yesterday I was a delegate at Cloudsec 2017. Thank you to the organisers . It was a day of high level strategies, forward looking security measures, security roadmaps and interesting insights.

Simon Piff, VP of Security Practice at IDC APAC

Stop thinking IT Security and start thinking Business Risk. Rather than being an IT problem security thus becomes a business problem and engages the Business Units, the Executives and the Board.

Stop looking at IT Security as a ROI. Business’ should change the conversation from return on investment to asking what funding is needed to prevent cyberattacks.

Educate the C-suite. There is no such thing as being connected and 100% secure. CEO’s need security as a KPI in order for it to get the attention it needs in an organisation.

Dhanya Thakkar, VP APAC & MMEA at Trend Micro

Chief Security Officers are Superhero’s under pressure – (this made the room giggle!!!)

By 2020 – 60% of digital businesses will suffer major service failures due to cyberattacks.

Data Privacy Officer will become a key role in organisations due to data governance regulations.

It takes on average 146 days to detect a cyber breach, of which 53% of those attacks are discovered externally.

Dhanya’s pearls of wisdom;

  • Focus on time to detect
  • Explore application control especially for server
  • Leverage the battle of algorithms
  • Servers are not endpoints
  • Network defence expands to threat prevention
  • Intelligence sharing across security controls
  • Centralised visibility

Bob Flores, Former CTO at the CIA

Everything is connected to everything.

Small to Medium businesses spend $276,323 to recover from a successful attack

27% of Australian businesses have no cybersecurity incident response plan in place. Of which, only 37% regularly review their plan.

Bob’s pearls of wisdom;

  • Passwords should be 8 digits or more
  • Check NIST
  • Restrict administrative access
  • 3rd party vendors should not be treated as employees
  • Consider a software defined perimeter (SDP)
  • Encrypt everything not just what’s considered important
  • Manage privileged users
  • Protect your endpoint

Craig Davies, CEO at Australian Cybersecurity Growth Network Ltd (ACGN)

ACGN was set up to grow the Australian cybersecurity ecosystem, export Australian cybersecurity and make Australia the leading centre for cyber education.

ACGN is known for the following;

  • Demonstrate leadership and alignment
  • Drive industry collaboration and coordination
  • Accelerate Commercialisation
  • Facilitate talent growth
  • Pursue policy and Advocacy reform

Review their website for more information – and don’t forget to download the app that Craig created!!!!

Suzanne Day is the Managing Partner of Morgan Young, Asia Pacific’s leading retained Executive Search & Leadership Advisory firm. Suzanne has consulted to leading corporations on the structure of their security leadership, current trends across the CSO talent landscape and how best to secure leaders with the requisite business and technical expertise.