Q&A | Sean Duca VP, Asia pacific, Palo Alto Networks: ‘Cyber risk is a real challenge’

Sean Duca

A Palo Alto Networks survey has shown that Asia Pacific organizations are having difficulty keeping up with cybersecurity technologies, products and solutions.

For such organizations, ensuring a secure cyber environment remains a challenge.

According to the survey, there is a need to change the popular mindset regarding cybersecurity, as there is still a lack of awareness among organizations.

Some 46 percent of respondents admitted to being unable to keep up with evolving cybersecurity solutions, while 65 percent of surveyed organizations agree or strongly agree that they are well prepared to handle hacker attacks.

Among the five key markets, China is the most confident, while Hong Kong is the only market in which respondents are more neutral than confident.

Speaking to the Times, Sean Duca, vice president and regional chief security officer of Palo Alto Networks, Asia Pacific, said the severity of cyber-attacks cannot be downplayed and that everyone is vulnerable.

Macau Daily Times – How has cybersecurity evolved in recent years, along with the opportunities and challenges?

Sean Duca – Every country is definitely doing their part around how they build their cyber capabilities, [including] ensuring that there is [a] skilled workforce around. From the government’s standpoint, they have their own sort of capabilities and skill sets […] but if you look at the private sector […] definitely you could see a number of different angles. One is that cybersecurity is getting [talked about] at the tables of important rooms.  Cyber risk is a real challenge and it should be treated the same way as any business risks inside an organization are treated; that’s where security culture [starts]. I think we had some good strides that took place over the course of the past few years [but] I think there’s probably more work to be done as well.

MDT – Now that almost everything is conducted online, how can we be assured that we are participating in a secure cyber environment?

SD – It goes back to […] how we’re protecting your crowd. I think every organizations should ask themselves the questions of what is truly valuable to us, what is the value to you, the competitors, and to a cyber adversary. You can make strong decisions on how much risk we’re willing to take. But then also how much we’re willing to pay for potential risks out there. Those are probably some of the bigger challenges. […] We’ve got a part to play in constantly educating and re-
educating employees from organizations.

MDT – Some organizations in Macau are still using old and outdated software and hardware. Are these more prone to attacks by cyber criminals?

SD – In general, no. Sometimes it’s a little bit hard to say on whether it’s based on old or soft hardware. Things change and I think if I sort of [recall] 10 years ago, many organizations really had kind of a handle on preventing a lot of the challenges out there. But the reality was that we would see a cyber adversary attack an organization […] with automated attack.

With that, we need to not just look at hardware but how to automate our response and prevent cyberattacks in the first place. […] I think we need to get back to the drawing board and do something different. Because they [cyber culprits] are doing something different; they automate it. We need to orchestrate the way we prevent them from getting inside our organizations.

MDT – A cyber criminal attacked some 4,000 organizations over the past four months. Is Hong Kong, China or Macau prone to these attacks?

SD – Yes, absolutely. Going back to the survey results we have released – in China, in particular, more than 86 percent of cyberattacks have been more sophisticated, which is the highest in the surveyed five countries.  I think there definitely is a lot of sophistication out there, and I think what we’ve seen in the number of years [is that no] country is really new to it. […] Everyone is potentially a target for them [cyber culprits] because for them the more reach they have, the more choices they get […] and the more accounts and information collected. It’s time that organizations stop the notion of “well, it doesn’t happen to us, it only happens in large organizations.” […] I think everyone needs to step up and realize that inevitably, in this day and age, the trust we’re putting in systems out there – we’re such a connected world now that some will try and penetrate the organization. I think it’s really upon all of us to understand what the threat looks like and what challenges could potentially impact the business.

MDT – So lack of awareness is also a problem?

SD – Yes, definitely. I think that’s the constant challenge that we see out there.

About 40 percent of all users would actually click through on a phishing email. So if you think about it, close to half of your employee population would do that […] Some sort of educational awareness [is needed]. I think that also starts at the top. We need to look at our leaders in our respective organizations and the need to give [training in] cybersecurity ethics.

MDT – The company’s research shows that cybersecurity resources are on the rise. Can you tell us the factors affecting this matter?

SD – We kind of have that inflection point where we can’t simply rely on people to try and solve security challenges that we’ve got. We need to start leveraging automation as much as we possibly can – to try and automate some of those mundane tasks [rather] than simply relying on humans to look at 100 percent of the problems. […] I think we really need to look at accommodating people in technological processes and make sure we can leverage what we should. We should still invest in people to make sure they understand what their role is, because there’s always going to be a human element involved.

MDT – Macau aims to become a smart city. How much of a role does cybersecurity play in this kind of development?

SD – It has a pretty huge part to play. Smart nations are leveraging technology a lot more to become a lot more agile in really servicing the community as whole. There are many new used cases for smart nations – to improve wellbeing, transport, and a number of different things […] I think cybersecurity at this age touches every single element of our life. For solutions, do they actually contain security by design principles, built with different capabilities? If you don’t even have security capabilities […] it’s going be a big problem for smart nations.

Categories Headlines Macau