Skip to main content

Knowledge Hub

New page title image

Resilience through Innovation: Lessons from GovWare 2024

5 min read
Resilience through Innovation: Lessons from GovWare 2024
Image Source: GovWare 2024.

Can organisations stay resilient in a rapidly changing world? The digital landscape is experiencing seismic shifts due to rapid technological advancements. How can enterprises and governments tackle modern security challenges, rebuild trust, and navigate towards a secure, inclusive digital future?

At GovWare 2024, various thought leaders and cybersecurity experts shared their insights on how organisations can move forward by leveraging AI and traditional cybersecurity engineering to build highly resilient systems for an unpredictable and ever-evolving threat landscape.
 

AI Is Upending Cybersecurity

Like it or not, AI is disrupting everything, including cybersecurity. Unlike a year ago when AI was still emerging, CISOs today can no longer afford to ignore it. This was the message from Prof Yu Chien Siang, the Chief Innovation and Trust Officer (CITO) of Amaris AI, who spoke in a standing-room-only presentation at GovWare 2024. AI is evolving so quickly that CISOs are struggling to keep pace, he noted.

“AI legislation is [being released] faster than standards; this has never happened before. Normally, you get guidelines, which evolve into standards. Standards, after many years, become legislation. I've never seen anything like this: Today we have legislation, but the standards are not yet ready,” said Prof Yu, underscoring the seriousness with which governments worldwide are addressing AI.

What are some immediate threats that CISOs should address? Prof Yu showed a visual patch attack where a specially crafted image caused an AI-based people tracking service to fail in identifying a person in a video feed. Prof Yu observed that the attack vector demonstrated from this years-old method could be used to evade an AI-based malware scanner or a business-centric AI model designed to evaluate and approve loans.

In his view, the way to resolve weaknesses in AI systems starts not with the product but from the onset by incorporating security-by-design principles. He stated: “There's no conflict between AI security and innovation. AI can help you save money and help promote innovation. Organisations need to conduct a risk analysis assessment and prioritise focus areas – there are very specific ways to secure AI systems.”

“There's no conflict between AI security and innovation. AI can help you save money and help promote innovation. Organisations need to do a risk analysis assessment and prioritise focus areas – there are very specific ways to secure AI systems.”Prof Yu Chien Siang, Chief Innovation and Trust Officer, Amaris AI

Ultimately, CISOs must urgently address AI threat vectors. “We need to do all these very urgently. Secure AI development. [Deploy] AI-powered threat intelligence platforms, combat misinformation and push training,” said Prof Yu.
 

AI as a Force Multiplier

Can we enhance cyber operations with AI? In her keynote, Dr Dorit Dor, Chief Technology Officer of Check Point, offered some suggestions for cyber defenders to simplify their jobs. “The operations team could use AI to test configurations, take actions, or share knowledge among team members. We could conduct continuous monitoring, enrich the data, or triage from different sources, combining it into a cohesive picture,” she said.

An increasingly common method is using specialised models for different tasks, chaining multiple AI models for greater effectiveness.

“Don't view AI as it is today. AI will continue to learn and evolve. You will add to it and over time it will [gain expertise] … You could combine various AI models with a ‘skill router’. When you have a problem, you direct it to the relevant knowledgeable entity,” said Dr Dor.

“AI is a force multiplier. Everything we did before; we can do better with AI. It can double our capabilities – do it faster, increase automation and enhance effectiveness.” Importantly, adversaries are already exploiting it, she noted. “AI is set to revolutionise the cybersecurity space. And the bad guys are aware of its potential as a force multiplier.”

Dr Dor likened AI to the invention of the mobile phone, highlighting how today’s smartphones offer services like wireless payment and location services that were unimaginable at their inception.

“The [smartphone] revolution happened by combining all those capabilities and building new business models, new applications, and new types of opportunities. This is what will happen in cybersecurity. And industries will similarly transform due to the existence of AI,” she elaborated.
 

Building a Cyber-Resilient Foundation

However, AI isn’t a cure-all for every problem. Organisations still need a robust technological foundation and strategic infrastructure to effectively counter new threats and vulnerabilities. To share its experience with other cybersecurity practitioners, OCBC hosted a booth at the GovWare 2024 exhibition floor, where employees from its Technology Information Security Office (TISO) explained how the bank fosters trust and resilience.

OCBC has a multi-year programme to tackle evolving threats, featuring a three-tier Cyber Defence Roadmap, which is signed off at the board level. New capabilities are added or replaced as operational needs or regulatory requirements shift.

David Ng, Head of Technology Information Security Office at OCBC said: “[The] Cyber Defence Roadmap is a multi-year strategy [designed] to address evolving cyber threats or risks. It begins with input from several stakeholders, such as risk management, technology architecture, and IT. This ensures that comprehensive viewpoints are incorporated, avoiding biases or blind spots.”

To manage threats around the clock, OCBC established a Unified Technology Command Centre to coordinate IT assets across the bank. For maximum effectiveness, the command centre is staffed by three core teams: Security operations, data centre operations, and members from the application and infrastructure monitoring and control team. This setup eliminates finger-pointing and ensures all necessary resources are on hand for any situation.

Unsurprisingly, people pose the biggest challenges, according to Ng, who identified attrition, complacency, and human errors as top concerns. Thus, training and tackling retention are his main priorities.

“OCBC's command centre conducts daily, weekly, monthly and yearly drills. Such drills improve ‘muscle memory’ and deepen the knowledge of the upstream and downstream impacts should an incident occur. Our action, or inaction, decides the outcome and speed of recovery,” he said.

In an era of rapid change, resilience requires innovation and collaboration. By integrating AI and traditional strategies, organisations can strengthen cybersecurity, adapt to emerging threats, and build a secure, inclusive digital future.

 

View All Articles
Loading