The Art of Enhancing Enterprise Security

Frankie Shuai, Director, Cyber & Technology Risk at A leading global bank

Frankie Shuai, Director, Cyber & Technology Risk at A leading global bank

What are some of the major challenges and trends that have been impacting the Enterprise Security space lately?

The cyber security landscape has evolved significantly in the past few years. When digital transformation becomes the mainstream across industries, cyber security has also become a critical agenda topic, even in the boardroom discussion. Let me name a few challenges we have seen so far across the industries: 

Firstly, attack surface exposure has been increased when we are moving the system and data to the cloud, when our employees are connecting to the corporate network at any place by using any device, and when there are more connections and dependency on the third-party partners and suppliers in the whole product or service ecosystem.

Secondly, cyber-attacks have also been more sophisticated in the form of phishing, malware, ransomware, etc. Do not forget when we are on the digital transformation journey, those cyber attackers are also on their digital transformation journey. Many years ago, they might have had people manually draft and send you phishing emails to conduct the social engineering attack. Nowadays, they might even use Artificial Intelligence to generate sophisticated and tailed phishing emails to you; that is spear phishing.

Last but not least, for the industries heavily regulated, like the financial industry, regulators are also paying more attention to cyber security, data privacy, operational resilience, etc. A good cyber security leader should also be an expert to understand clearly what the expectations from regulators are, what is the cyber security risk appetite in the organization, and what the cyber security advice could bring to the business to enable business growth in a compliant manner.

What keeps you up at night when it comes to some of the major predicaments in the Enterprise Security space?

Cyber-attack is no longer the matter of ‘whether,’ but the matter of ‘when.’ So, when a cyber-attack happens - What is next? Do we have plan B? What are the critical processes and critical assets impacted we have to prioritize and recover from the attack first? What are the key stakeholders we have to engage and notify? The list of these questions is growing and keeping us up at night. But as cyber security leaders, we have to prepare them, not randomly but based on the protocol we have well-defined, trained, and exercised.

Can you tell us about the latest project that you have been working on and what are some of the technological and process elements that you leveraged to make the project successful?

There might be many project success factors, but in many organizations across industries, there might be 2 common baseline factors to make a project successful, they are ‘people and culture.’ People are the most valuable asset, and culture is the best oil of the organization. When the two of them come together, the united power will be amplified to enable business growth in a safe and sound manner. I am fortunate to be able to work with a lot of smart and great leaders and experts in the cybersecurity domain so far. One great characteristic about them is promoting a strong and positive people connection and inclusive culture. They are able to understand the organization’s business thoroughly, from strategy to execution. Understand where and how critical business assets and processes are running. Thinking and talking like a business partner is key to getting support from the business side for cyber security professionals. It is about connecting people in an inclusive way so that the cyber security risk can be well articulated in the business world. We could use the cyber threat landscape,  data analytics, and risk appetite as the elements to tell a story that could be understood and adopted. Remember, talking in the jargon could only be understood within our limited cyber security teams, but not the wider business partner teams. People need to be connected and included, and after that, the project run by people could be successful. 

What are some of the technological trends which excite you for the future of the Enterprise Security space?

There’re enough talks in the industry about technological trends like cloud computing, Artificial  Intelligence, Machine Learning, etc. I will not repeat these buzzwords here, but would like to share that Quantum computing is one of emerging technologies I would encourage to take a look. Quantum computing might disrupt the foundation of today’s data encryption / protection algorithm we have rely on heavily for many years in the cyber security world.

“As cybersecurity practitioners, we should keep an eye closely on these disruptive technologies, see how they will impact us, and, if any emerging solutions are coming up, how we could leverage them”

In 2019, Google announced that its Sycamore quantum computer had completed a task in 200 seconds that would take a conventional computer 10,000 years. If the commercialization and mass production of quantum computing arrives in the long run, today’s encrypt key might be not able to claim secure any more.  As the cybersecurity practitioners, we should keep the eye closely on these disruptive technologies, see how they will impact us and if any emerging solution coming up, how we could leverage.

How can bud and evolving companies reach you for suggestions to streamline their business?

I am the advocate of collaboration and best practice sharing in the cyber security community. In many conferences and collaborative initiatives, there is one thing it is too common that people might overlook, but it is very important for all the stakeholders -- this is the same language. Sometimes, people might assume something for granted, and it will cause confusion if not everyone is on the same page, even on the same topic. Let me share one real-life example of the same language, which is the stock exchange’s stock price color code. In the US, Europe, and Singapore,  we know the green color means the stock price is up, and the red color means the stock price is down. But if you go to exchanges in China, Taiwan, and Japan, you will find they are following the other way; that red color means the stock price is up and the green color means going down. And if you go to Korea’s exchange, you will find, for them, red color means going up, but blue color means going down. So, the same color might have completely opposite meanings in different countries. So, let us use the same language with the same meaning to avoid confusion.

BIO

As a seasoned cyber security and technology risk leader, Frankie brings about two decades of experience in the banking and IT industries. He regularly speaks at industry events and is a practical advocate for bridging the gap between cybersecurity and the business agenda. He is also a digital transformation and innovation catalyst with a wireless networking patent filed at the USA patent office as the sole inventor. He received the IDG (International Data Group) CSO30 ASEAN award in 2021 by being recognized as one of the top cybersecurity leaders in the ASEAN region.

Weekly Brief

Read Also

Strengthening Enterprise Security via a Multi-Faceted Approach

Strengthening Enterprise Security via a Multi-Faceted Approach

David Jenkins, Chief Information Security Officer,The Lottery Corporation
Effective Communications between CISOs and Key Stakeholders

Effective Communications between CISOs and Key Stakeholders

Kevin P. Gowen, Chief Information Security Officer, Synovus
Giving Cybersecurity a Business Lens

Giving Cybersecurity a Business Lens

Grant McKechnie, Chief Information Security Officer at Endeavour Group
Setting the Right Security Culture

Setting the Right Security Culture

Mackenzie Muir, Chief Information Security Officer at Allianz Australia
Ways to Thrive in the Ever-Evolving Cybersecurity Landscape

Ways to Thrive in the Ever-Evolving Cybersecurity Landscape

Yonesy Núñez, the Chief Information Security Officer at Jack Henry™
Future Of Cyber Security: Responding To Threats With Confidence

Future Of Cyber Security: Responding To Threats With Confidence

Bernard Gavgani, Group CIO, BNP Paribas