More than 300 participants took part in Cyber N’US 2019, a whole-day NUS flagship event on 23rd September. Cyber N’US 2019 aims to unite thought leaders towards cyber resilience. This year’s theme was “Act and Protect towards a Trusted Cyber Environment”. It was a successful collaborative milestone between ICE71 and NUS Information Technology (NUS IT). The event featured keynote speaker Paula Januszkiewicz, a top speaker,  renowned hacker, Microsoft Trusted Advisor and entrepreneur herself – she is CEO of CQURE Inc and CQURE Academy.

Unity is key to a common enemy

Tommy Hor, Chief Information Technology Officer of NUS in his opening address said that in the face of threat actors which are getting increasingly sophisticated, the collaboration between the different parties present at the forum are an essential key to fighting a common enemy.

John Wilton, Deputy President (Administration and Finance) of NUS echoed. “Cyber security risk is an ever present threat. No one is exempt. And it’s not a question of whether you will be attacked. It’s a question of how successful the attackers will be,” and added on, “which is why Cyber N’US 2019 is very important. It brings together institutes of higher learning, renowned experts, industry partners and the local cybersecurity authority to work together on collective vision.”

The world is short of cyber pros

In her keynote address, Paula said the world is in need of cyber professionals. This shouldn’t be surprising. In 2014, Michael Brown, CEO of Symantec, one of the world’s largest security software providers, said global demand for cyber professionals will rise to 6 million by 2019, with a projected shortfall of 1.5 million.

A recent study by (ISC)2, the world’s largest nonprofit association of certified cybersecurity pros, they found that the shortage gap has widened to nearly 3 million cybersecurity jobs globally – more than what experts initially projected.

Think and act like a hacker

Paula believes that in terms of securing IT infrastructure, it helps to think and act like a hacker. She said, “We kind of don’t need to be ethical in projects like this, as hackers won’t be.”

Recollecting a social experiment while on a client project, she ever started conversing with a total stranger in a building elevator, and eventually gained unauthorised access to the building. She also managed to occupy an office desk for a few minutes and copied some information, undetected by any legit employee the whole time. Danger in plain sight is clearly not the case with cyber threats. “So the more we are able to recognize a threat, the better we are able to act,” said Paula.

There was a prize presentation ceremony for winners of the NUS Bug Bounty Challenge, after which Lim Thian Chin, Director at Cyber Security Agency of Singapore (CSA), gave a talk about challenges faced by critical information infrastructure in Singapore. Thian Chin said cybersecurity is existential in Singapore due to three reasons, 1) the country’s small geographical footprint which puts it in higher vulnerability, 2) digital connectivity as part of its economic growth and smart nation initiatives, and 2) high level of public trust with the government.

“Trust is like a precious bus. Once open, it’s almost impossible to bring it back again.” – Lim Thian Chin

Ang Leong Boon, Chief Information Security Office of NUS, shared interesting insights and lessons learnt from phishing drills in NUS. Some users felt anxiety and frustration – that their intelligence was undermined, causing a backlash to these drills. He added that any party whose reputation will be implicated in the process should be informed. For example, if a drill goes out in the name of the Finance department, Finance should have been notified to expect this. Phishing drills also cause an overwhelming helpdesk. And there remains a dilemma – does clicking a phishing link equate to one’s ignorance, or otherwise?

There was a panel discussion on “Unity in Diversity in Cyber Security” – comprising distinguished panellists across different backgrounds which offered different perspectives – panellists were Paula Januszkiewicz – Founder and CEO, CQURE, & Regional Director, Microsoft, Lim Thian Chin – Director, Critical Information Infrastructure, Cyber Security Agency of Singapore, Freddy Tan – Vice President, Cyber Security Solutions & Services, Ensign Infosecurity, and Vivek Chudgar – Senior Director, FireEye –Mandiant Consulting. Tommy Hor from NUS IT moderated the panel which spoke about emerging cybersecurity topics, including challenges on penalising cyber crime. Later on, Vivek Chudgar shared his insights on the SingHealth data breach, followed by an inspiring sharing session by Dr Omaru Maruatona, CEO of AiCULUS on his journey into cybersecurity.

The event was also an excellent opportunity for attendees to connect up close with ICE71 startups – oneKIY, The Cyber Assembly, BluePhish, Flexible IR, and AiCULUS at their startup showcase booths – and get to learn about the latest cyber innovations by these innovative startups.

The event ended with Paula’s workshop in vulnerabilities in credentials, another highlight of the day. Attendees got to learn the unexpected places passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions.