We use cookies on this website to provide a user experience that’s more tailored to you. By continuing to use the website, you are giving your consent to receive cookies on this site. Read more about our Cookie Policy and Privacy Policy.
Our professional teams can customize business solutions and deliver excellent customer service to support our customers’ business needs and continuous growth.
As an intelligent technology-driven digitalization enabler, we are committed to providing our customers with one-stop-shop ICT solutions with superior quality.
Several organizations in Hong Kong have fallen victim of cyberattacks recently, urging local business leaders to recognize the importance of developing contingency plans and implementing robust cybersecurity strategies. However, does the acquisition of security tools without clear goals truly enhance defense capabilities? CITIC Telecom CPC and cybersecurity service provider Fortinet jointly hosted an unconventional “AI Red/Blue Gamification Experience” event, demonstrating the flexible combinations of cybersecurity solutions and adopting a comprehensive attack/defense strategic mindset. This event aimed to empower IT leaders and industry experts to integrate the holistic approach of attack/defense into their own cybersecurity frameworks moving forward.
AI Empowered Cyberattacks: A paradigm shift in reversing defensive disadvantage
Before the gamification experience, Otto Lee, Head of HKCERT, commenced by analyzing the current state of cybersecurity in Hong Kong. He highlighted that recent local security incidents indicate a significant increase in hackers leveraging AI, resulting in faster and more targeted cyberattacks. Take phishing emails as an example, hackers can swiftly generate high-quality fraudulent content with the aid of AI, making it more challenging for employees to discern, especially when coupled with deepfake AI technology. To address these challenges, Otto suggested that companies should also formulate comprehensive security strategies in addition to implementing the security recommendations he outlined during the session. He was confident that this attack/defense simulation exercise would offer participants new insights into developing effective cybersecurity strategies.
During the attack/defense simulation exercise, each team was tasked with addressing three attack scenarios. With limited budgets, they were required to select the optimal combination of security solutions. Should their chosen combination fail to successfully intercept the attacks, the team would face a "penalty". This penalty was determined by spinning a roulette wheel to decide the percentage of potential loss to the company's assets due to the attack, which could be as high as 100%, resulting in significant damage to the company. All teams actively engaged in discussions, fostering a fervent atmosphere while formulating cybersecurity strategies to thwart hackers' intrusion attempts.
Security Incidents Boost the Sense of Crisis. Platform-based Management Enhance Automated Responses
All teams demonstrated distinct strengths in their strategies during the exercise. However, there remains room for improvement towards achieving comprehensive security protection. Daniel Kwong, Chief Information Security Officer for North Asia of Fortinet, remarked that the outcomes reflected reality well, as the majority of enterprises in Hong Kong are still in the early stages of cybersecurity implementation. He pointed out that recent security incidents have not only become topics of discussion but have also significantly heightened awareness among the management of enterprises. Even small and medium-sized enterprises (SMEs), despite their smaller scale, are increasingly seeking advice regarding simple phishing email issues. From another perspective, those unfortunate incidents yield positive impacts.
Daniel believes that with the rapid advancement of technology, managing application services, networks, infrastructure operations, and simultaneously ensuring cybersecurity is an immensely complex task. Particularly challenging is the abundance of security tools available across various fields, with Fortinet alone offering over 50. Therefore, as a CISO, it is crucial to have a comprehensive strategy when deciding which solutions to adopt. He emphasizes the importance of platformization in cybersecurity, highlighting those disparate tools such as endpoints, firewalls, and network management operate independently, without the ability to communicate. Even if one tool detects a malicious attack, it may not relay relevant information to other tools, allowing hackers to continue moving horizontally or deeper into the network. Fortinet's Cybersecurity Fabric, on the other hand, places significant emphasis on comprehensive protection, platformization, and automation. With an integrated management platform, Security Threat Indicators (IoCs) can be automatically disseminated to other security tools, effectively thwarting intrusion attempts in real-time.
Disassembling the Cyber Kill Chain: Addressing Cybersecurity Challenges with Limited Resources
Dr. Sung Liu, Security Specialist at CITIC Telecom CPC, expressed great satisfaction with the level of engagement from each team, considering it to have met the expected goals of the event. He noted that the absence of a comprehensive security strategy is a prevalent issue among Hong Kong enterprises. Decisions regarding which security tools to acquire or which emerging cyberattacks to address are made reactively, resulting in investments that may not align with actual needs. He hoped that this event would enlighten the teams about the necessity of tailoring security measures to unique risks inherent to each industry. By adopting a hacker's perspective and dissecting their kill chain, participants could gain clarity on the necessary steps and evaluate whether they possess adequate security defenses at each juncture, thereby applying the simulation exercises to real-world scenarios.
Sung acknowledges that the budget allocated by each enterprise for cybersecurity is "never enough." Hence, CISOs must utilize budget with precision. One effective approach is to engage third-party service providers to conduct a comprehensive assessment, identifying various potential issues and vulnerabilities. Security experts can then provide improvement recommendations, prioritizing the resolution of urgent issues. Additionally, Managed Security Service Providers (MSSPs) offer enterprises 24x7 analysis and support. Taking CITIC Telecom CPC's TrustCSI™ MSS service as an example, not only it can gather the latest global threat indicators but also leverages AI to forecast the evolution of various attacks, intercepting new viruses. On the other hand, TrustCSI™ 3.0 features AI-powered Red/Blue team capabilities, enabling regular automated AI penetration testing to alleviate workloads, enhancing defense capabilities based on regularly submitted reports to achieve a comprehensive defense.
Assessing Losses Before Taking Action: Responding Calmly to Security Incidents
Dicky Wong, Vice President and Director, Infrastructure Network Security Committee of Hong Kong China Network Security Association, also shared insights on the most feared ransomware attacks during the closing speech. He highlighted that many enterprises often struggle to remain calm and believe they must quickly pay the ransom upon experiencing ransomware attacks with encryption of systems and files. He emphasized that even if it eventually happened, hackers may not necessarily have accessed the company's confidential data as claimed in the ransom note. Therefore, with effective backup solutions and investigations revealing no evidence of data breach, there is no need to pay the ransom, not to mention the possibility of the hackers reneging on their promises even after receiving the ransom. Hence, the most effective approach to resolving such issues is maintaining composure for management.
Partnering with Fortinet, the second “AI Red/Blue Gamification Experience” event will be held on June 6th. Interested parties can click here to register.
