NUS Enterprise at BLOCK71 hosts its first-ever ICE71 Kopi Chat on Cybersecurity

Introduction

The global market for cybersecurity is estimated to grow by nearly 15% annually to over US$1 trillion by 2021. This in part is due to businesses having increased awareness of the growth in cyber threats that come from hackers. In light of the recent spate of cyber attacks, including the infamous WannaCry attacks in May 2017, there has been more demand for cybersecurity services and hence venture investments have also been on the rise. In Singapore, the cybersecurity market is projected to grow to over US$678 million by 2020.

Mahendra Ramsinghani, Founder of Secure Octane, and Advisor to Singtel Innov8 gives his introduction presentation on the cybersecurity landscape and opportunities for building a successful cybersecurity company.

Opening Presentation by Mahendra Ramsinghani: Building a Successful Cybersecurity Company

Here is the summary below:

Evolution of Cybersecurity Threats

• It is estimated that ~60% of US citizens lost their most sensitive data with Equifax hack.
• Email malware frequency is constantly on the rise
• Ransomware is on the rise
• Emergence of the trend of crypto-jacking (where hackers hack your computer to do bitcoin mining for them, without your awareness)
• DDoS is the cheapest from of attack, that is why hackers use it the most often
• Healthcare is top breached followed by Public Sector and Accommodation, according to Verizon’s Data Breach Investigations Report, 2017

Tips for cybersecurity companies

• Primary reasons of failure to defend from cyber attacks is: shortage of skilled people (31%), lack of support from top management (19%) and too many vulnerabilities (11%)
• “Whenever you got a chance to educate your management upwards, please try as hard as you can” – Mahendra
• You need, first and foremost, the support, in order to get money to get people and to get the security tools
• Promote C-level awareness (e.g. due to lack of CISO visibility)

 Building a successful cybersecurity company

• Build security products based on the security triad framework: confidentiality integrity, availability
• Framework for designing security products: strategy, architecture, management, performance
• Cybersecurity is increasingly focused on cloud and endpoint security

Worldwide trends

• Increase in spending in cybersecurity products across IAM, consumer security and infrastructure
• Increase in annual investment deals and exits in cybersecurity companies

Panel Discussion

Joining Mahendra in the panel discussion are Kara Sadybakasova, co-founder and CEO of IOTsploit which recently graduated from the CyLon accelerator in London, and Michael Francoise, Programme Director of CyLon for UK and Singapore and Claire Li, Programme Manager of ICE71. The panel discussed the current cybersecurity landscape, emerging technologies and challenges such as applications in Artificial Intelligence, Machine Learning and Blockchain.

Here are the highlights of the interactive Q&A segment of the Kopi Chat:

During the lively Q&A segment of the Kopi Chat, attendees were given the chance to direct their questions to the esteemed panel. Michael Francoise (pictured here) takes a question from an audience member.

Claire: Why is Israel so successful in producing cybersecurity companies?

Mahendra: Many of these founders have served in the Israeli Defense Forces (IDF) and the Unit 8200. The country is doing a great service by training these specialists, thus providing a great advantage for Israel in producing cybersecurity companies.

Kara: Israel is known as the Startup Nation, which supports entrepreneurs at the highest level. Their existential threat has also driven them to survive. Furthermore, Israel is a melting pot of migrants with STEM training. Singapore and Israel are very similar, in the sense that the government drives growth of the technology talent pool and Singapore has an opportunity to repeat that path.

Michael: We have had many many Israeli applicants to CyLon and one key area is that the Israeli corporate environment is very open to innovation. Government support is also important to develop the cybersecurity talent.

Claire: Is Blockchain the way to go for cybersecurity and why?

Mahendra: Blockchain may have some applications in Identity Access Management (IAM). However I feel it is still too early for widespread application of this technology.

Kara: It is one of a whole menu of different technologies being commercialised to solve cybersecurity problems. For the cybersecurity industry, blockchain is not a silver bullet but part of puzzle to address specific needs.

Michael: There is a strong look into the sector early stage. There are some examples in blockchain. One area of interest is decentralised internet and access, based on blockchain technologies. I do not think we’re there yet, but it still undergoing very interesting development.

Claire: For Artificial Intelligence (AI) and Machine Learning (ML) to enhance automation and resilience, what is the key in such cybersecurity systems?

Mahendra: Security analysts have to look at a lot of alert, running into several millions each day. How best to decide whether to act on them, whether they are false positives or imminent threats? ML is starting to show its potential in these areas.

Michael:Take the example of a CISO who is handling 400+ solutions, he/she no idea what bells are ringing or what they are doing. The key is for the CISOs and Security Operation Centres (SOCs)  to understand what is going on and if AI and ML can help them with this, then it is good.

Claire: Which markets are the most ripe for cybersecurity startups?

Mahendra: The US market is the most mature, but Asia Pacific is growing rapidly as well.

Michael: For London, there was a strong background in skills since 3 years ago, amid strong agencies from GCHQ. However, we did not see it put to strong use, and the number of missed opportunities for new technologies to emerge presented a large gap in the market. That was how CyLon was born – to create a cybersecurity ecosystem, and springboard for innovative cybersecurity solutions.

Kara: The oil and gas and similar critical infrastructure industries are facing a dramatically growing need for cyber security solutions because much of currently deployed technology was not built with security in mind. Attacks on infrastructure are becoming bolder in execution, more creative in approach and crippling for society.

Claire: The travel and hospitality industry is known to be very vulnerable, so what is the recommendation for a cybersecurity startup?

Mahendra: To make the industry more secure, start at basic transaction layer to protect credit card / financial information, and build more secure relationships for their customers.

Michael: Applications for cybersecurity startups in the hospitality industry are limited but in the travel industry, V-Chain for example, provides a blockchain for Identity Access Management (IAM), where it enables the possibility to share siloed and private data between airlines. This allows the transfer of information without any personal data being compromised. It enables safe travelling and the information can be exchanged between hotels and airlines and the government. Note that it is a very regulated process, they have to comply with lots of rules and protocols.

Kara: Key is knowing your customer and the specific pain points they experience. In hospitality and travel, you are mostly developing customer-facing solutions and at the same time offering increasingly more sophisticated technology, so I would trace back the user experience for both the user and the operator and focus on, for example, ensuring smart IoT door locks in hotels are not easily hacked or credentials are not easily guessed.

Claire: Are free soft and plugins like LastPass reliable?

Michael: Yes, I would advocate for them.

Kara: They are reliable but not waterproof, and better than nothing. One thing you want to understand is that free software does not mean lower quality.

Mahendra:I am conservative so unlike my fellow panelists here, I will not use them. It’s akin to passing your house keys, car keys and passwords to a third party to manage them. I am not sure if I trust these vendors as yet.

Claire: Do you invest in solutions that prevent the fire or fight the fire?

Michael:Both. Finding solutions to deceive the fire so that they do not happen in the first place.

Mahendra: I agree with Mike. We need to look at every solution to build a better digital infrastructure. We need to continue to invest and innovate in these areas.

Claire: Is there a talent crunch or do most professionals choose not to work for government as a whitehat or greyhat?

Mahendra:The war of talent between companies is pretty aggressive, who pay a lot of money to acquire them. These talented professionals might just choose to work with whoever can pay more for their skills. If they can get paid a lot for being a blackhat, then they might just go that path.

Michael:Blackhats may be politically motivated. The question is whether to join a startup or a large corporation. We need the government to be there to develop programmes to make sure that people who have ideas can set them up. These programmes could develop talent as well.

Kara: There is definitely a skills crunch because the talent pool is small. We can also distinguish between the public and private sectors, so a deficit of white hats in the government may suggest that more are choosing to be in the private sector, not necessarily going black hat. But there are huge opportunities for the public and private sectors to cooperate against cyber threat.

(From left to right) Dawn Ng, Director (Incubation) of NUS Enterprise; Mahendra Ramsinghani, Managing Director of Secure Octane; Kara Sadybakasova, CEO & Co-founder of IoTsploit; Mike Francoise, Programme Director of CyLon; Claire Li, Programme Manager of ICE71.