搶佔先機應對不斷演進的網絡安全威脅

An opening ceremony kicked off CITIC Telecom CPC’s CyberSecurity ReDEFINED conference.

CITIC Telecom CPC’s CyberSecurity ReDEFINED conference serves as a who’s who for security professionals looking to gain an edge over tomorrow’s threats and fortify their defenses through practical strategies tailored to the latest challenges.

In today's increasingly digital world, cyberattacks pose a serious threat to businesses across every industry. As new risks like deepfakes and artificial intelligence (AI)-enabled attacks emerge, the need for robust cybersecurity strategies has never been greater.

Featuring a host of keynote addresses and panel discussions, CITIC Telecom CPC’s CyberSecurity ReDEFINED conference aims to equip attendees with the knowledge and skills needed to defend their organizations in the face of evolving cyber threats. At this premier security event, technology leaders and industry experts provide insights into best practices for compliance, risk management, data protection, incident response and digital innovation security.

Maximizing AI opportunity

In his keynote ‘Why AI Matters: Opportunities, Risks and Regulation’, Edward Chui, Director (Hong Kong) of Economist Intelligence Corporate Network, discusses the surge in AI startups receiving over $67 billion last year. “New technologies like AI can improve communication, efficiency, and sustainability but companies must understand why they want to use AI,” Chui advises.

Chui stresses that “customizing AI for the company and understanding its unique business needs is key to achieving success”, while urging attendees to “identify AI concerns and risks to ensure technology’s responsible development and implementation.”

As organizations increasingly rely on new technologies like AI, mastering the skills to navigate the maze of both opportunities and risks presented by digital transformation is paramount. At the ‘CyberSecurity ReDEFINED’ keynote address, CITIC Telecom CPC’s Chief Strategy Officer Taylor Lam takes the stage to highlight how their latest TrustCSI™ 3.0 managed security solutions help enterprises achieve this balance.

“TrustCSI™ 3.0 is a comprehensive cybersecurity framework comprising four pivotal service pillars and delivering holistic protection, enabling enterprises to identify & predict, protect, detect, respond & recover from today’s complex threat landscape, including phishing attempts and denial-of-service (DoS) attacks,” he explains.

Lam outlines CITIC Telecom CPC’s innovative ‘Al-Red/Blue Cybersecurity Practices’ approach involving the Red Team’s penetration testing that utilizes AI capabilities to probe systems and find vulnerabilities, while the Blue Team provides training and deployments and helps remediate issues swiftly.

“By combining the power of offensive and defensive tactics, we revolutionize cybersecurity, transforming it from passive defense to proactive guardianship. Our approach enables clients to proactively and continually strengthen their security posture against evolving threats,” he notes.

Leveling up security

Kicking off the fireside chat, ‘AI Matters: Red/Blue CyberSecurity Practices ReDEFINED’, Master Trainer of KORNERSTONE Institute Steven Kwok has attendees fill out a live survey. The poll asks how often the companies conduct red team penetration tests or breach and attack simulations.

“The results are eye-opening,” says Kwok. “Many organizations report having never carried out either of these crucial security evaluation methods before. As experts know, regular testing is vital for identifying vulnerabilities early and pre-empting sophisticated cyber threats.”

“There are 240 techniques hackers use according to our data,” says Daniel Kwong, Field Chief Information Security Officer (South East Asia and Hong Kong) at Fortinet. “Phishing was most common, but now over half of the initial breaches involve removable media, especially prevalent in today’s environment of IoT and remote work adoption,” notes Kwong, who underscores detection, protection and automatic response as key to mitigating cyberattacks.

Brenda Lin, Assistant Director, IT Services, Information Technology Services & Data Science, of CITIC Telecom CPC, emphasizes that effective security “involves every staff member, as human beings can be the biggest loophole due to social engineering threats.” To tackle this issue, Lin advises companies to conduct regular penetration tests, enabling them to obtain a comprehensive understanding of their security levels and elevate enterprise employee defense capabilities.

Meanwhile, KT Thomas Wong, Director of Security Services Delivery & Operation at CITIC Telecom CPC, points to the importance of business continuity planning.  “Security is a form of risk management, and a risk-free environment doesn’t exist. Customers must tailor security controls to their needs, similar to subscribing to insurance. It is essential to determine downtime and data recovery, and develop a comprehensive business continuity plan. Backup technology also plays a critical role, considering the diverse needs of businesses,” he says.

Both Lin and Wong agree AI shows promise for bolstering protections. Wong highlights AI can use “logical analysis trained on large datasets to identify abnormal IP addresses, and then apply the information to firewalls, helping organizations stay abreast of evolving threats.” Lin emphasizes the importance of regular review as the digital realm continues to change rapidly.

In response to this need, CITIC Telecom CPC has utilized AI capabilities to develop an innovative solution called Penetration Test with AI. This advanced self-testing solution with self-developed AI modelling is lightweight and routine, simplifying the assessment of enterprises’ security posture and enabling them to conduct penetration tests on a regular basis. With this solution, organizations can incorporate regular testing into their cybersecurity practices, enhancing their overall information security and enabling swift enterprise-wide responses to cyber threats.

An evolving security landscape

For the second fireside chat, ‘Knowing the Unknowns: Mitigate Risk through Intelligence’, Sheila Lam, Editorial Consultant of Ignite Content Marketing, begins by posing a question to panelists: “When hackers breach defenses, how can intelligence help companies stay one step ahead and gain the upper hand?”

A case in point: HK Express has undergone rapid digital acceleration over the past 30 months to keep up with changing travel demands, explains Dr. Andy Luk, Head of Digital Transformation. However, Luk notes that speeding up systems also brings risks.
As the airline embraces new technologies like workplace automation and generative chatbots, and sees customers return following pandemic restrictions, vulnerabilities emerge. To address these challenges, HK Express has developed its own machine learning models that effectively intercept threats in real time.

Nick Ng, Systems Engineering Head at Fortinet, concurs that digital shifts bring forth rising risks, “As corporations adapt technologies, hackers discover new avenues to infiltrate systems. Experienced security partners and intelligence can help navigate this challenging landscape.”

Dave Chen, Vice President of Hong Kong Computer Society, notes that during digital shifts, IT leaders sometimes overlook the need to modernize architectures, infrastructure, and security in lockstep. “If defenses do not keep pace with new systems and connectivity, vulnerabilities can emerge,” he warns. “Businesses must take a holistic approach to transformation.”

Ng says emerging analytics bolster protections. “Machine learning harnesses vast datasets to rapidly identify system anomalies,” he says. “By monitoring traffic patterns, machine learning flags potential intrusions. It works alongside generative AI to personalize security insights to help businesses efficiently navigate risk in line with their unique operations and needs.”

CITIC Telecom CPC, with its years of expertise, technology and world-class infrastructure, serves as a trusted TechOps Security Enabler, empowering enterprises to navigate the digital landscape confidently.

By equipping IT and technology professionals with the practical know-how, tools and partnerships required to implement proactive defenses, CITIC Telecom CPC’s CyberSecurity ReDEFINED conference provides a useful platform for empowering organizations across industries to continuously leveling up organizational security to combat ever-evolving threats in the digital age.