3rd Party Risk Management , Artificial Intelligence & Machine Learning , Governance & Risk Management

SEA Summit: AI, Third-Party Risks, Privacy Take Center Stage

Key Takeaways From Day 1 of SEA Cybersecurity Summit
SEA Summit: AI, Third-Party Risks, Privacy Take Center Stage
Image: Shutterstock

The Southeast Asia Cybersecurity Summit, organized by Information Security Media Group, kicked off with industry leaders gathering to discuss the latest security trends and challenges in the region. The emergence of artificial intelligence dominated many of the discussions.

See Also: The CISO Playbook for Cloud Security

On the first day of the summit, security leaders examined third-party supplier risks and IoT risks through the lens of generative AI. Practitioners from across industries shared insights on strategies for AI adoption and plans to enhance their AI strategies, setting the stage for a comprehensive exploration of cybersecurity in today's digital landscape.

The role of Southeast Asia as a global and regional hub for finance, commerce and other business services is fueled by technology innovations across domains that influence the other regions of Asia-Pacific. This has made the region vulnerable to cyberattacks.

In his session, Abid Adam, group chief risk and compliance officer at Axiata, discussed the transformative role of AI in cybersecurity. He said privacy remains a significant concern for CISOs and CIOs when adopting gen AI. "Every technology has its own set of use cases. As a CISO, it is essential to pick the right technology for the right job," Adam said. "If you are trying to do decision-making or prediction modeling of the kinds of threats that enter your environment, then gen AI is not the right tool. For prediction modeling, one has to go to machine learning."

Esti Peshin, vice president and general manager of the cyber division at Israel Aerospace Industries, delivered the keynote address, exploring the rapidly changing digital economy and the strategies security leaders must adopt to thrive. She stressed the importance of adaptive defenses and strategic innovation.

In a fireside chat, Carolyn Bigg, partner and global co-chair of the data, privacy and cyber group DLA Piper, Singapore, and Sunari Dandeniya, CISO, Commercial Bank of Ceylon PLC, explored the issue of privacy in cybersecurity, debating whether privacy should be the CISO's responsibility and how to operationalize it effectively. While larger organizations have a data protection officer, or DPO, midlevel enterprises often assign CISOs to this role.

"Today, it is all about data governance - a much broader topic than privacy, information security or cybersecurity. Within that, it is a question of managing risk holistically," Bigg said. "It is a multi-faceted issue; no one person can manage it individually. Data governance is an operational resilience risk. It is about ensuring an organization's ability to use and safeguard data. Yes, a CISO plays a role, but you need a combination of legal professionals and strategic professionals to manage data."

The panel concluded that there is no single answer to whether CISOs need to act independently of DPOs. "We do not have one harmonized data protection law across Asia," Bigg said. "Every country has its own law. Some of them do not even mention the role of a DPO." The panelists advocated for a collaborative approach, integrating privacy measures within broader cybersecurity frameworks.

Third-Party and IoT Risks

Several sessions and panels on third-party and IoT risks explored associated vulnerabilities and approaches to mitigate them. "Most organizations do not know their third-party risks, often confusing them with supply chain risks," said Raina Verma, ACFE Advisory Council member. "Third-party risks stem from organizations you engage with. Supply chain risks are with your suppliers, under the larger umbrella of third-party risks." To mitigate supply chain risks, enterprises need to establish a robust strategy to pre-qualify suppliers, she said.

In the session, "IoT Risks: Tactics, Techniques and Procedures to Remediate," panelists Jenny Tan, president, ISACA-Singapore Chapter; John Lee, managing director-Asia Pacific, Global Resilience Federation; and Steven Sim Kok Leong, chair, executive committee, OT-ISAC, discussed the importance of taking a zero trust approach to limit the attack surface, enable fast containment and implement layered defense in depth.

Practitioners discussed the importance of regular security assessments, robust encryption protocols and stringent access controls and stressed the need for continuous monitoring and adaptation to stay ahead of emerging threats. Overall, the opening-day sessions underscored the importance of integrating AI, maintaining robust security frameworks and fostering a culture of shared responsibility.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.