Andrew Kay, Director of Systems Engineering APJ at Illumio: “The most worrying development with ransomware is that it has evolved from simply stealing data to impacting IT availability”

For Andrew Kay, Director of Systems Engineering APJ (Asia-Pacific and Japan) at Illumio, certain key principles hold true. To paraphrase our interview: trust no-one, be transparent, and beware of data held in the cloud. Also, think like a submarine commander.

“If the boat springs a leak, a compartment or segment may flood, but the rest of the ship stays dry, secure, and afloat.” The submarine in question is your business, and the water attempting to flood in the ransomware attacker. You get the picture, we’re sure.

So why listen to what Andrew has to say? First, because he has 20 years’ experience working with organisations across APAC to strengthen their cyber resilience. Second, as Director Systems Engineering APJ at Illumio, he designs and implements solutions that prevent attackers’ lateral movement, protect high-value assets and achieve compliance.

Here’s what he has to say about the latest developments in cybersecurity – and his suggestions on how to keep your data safe from attack.

Could you please introduce yourself to our audience and share how you ended up working in cybersecurity?

I am Director of Systems Engineering at Illumio, where I focus on bringing the key tenets of Zero Trust to APJ, and help design segmentation solutions relevant to today’s most pressing issues.

I started out my career with a brief stint as a developer, after which I was fortunate to land a role with a progressive technology vendor that helped give critical safety systems developers confidence that their code was robust. Working with automotive, aerospace and critical infrastructure enterprises made me appreciate the discipline needed and the responsibility that comes with creating and managing a resilient product. It was a natural progression, both timing and personal interest-wise, to delve more deeply into the security implications of code, which afforded me the opportunity to work around Asia Pacific.

With the evolution of DevSecOps and the multi-faceted nature of cybersecurity, I then jumped at the chance to build the technical solution architecture team at Illumio.

What are some of the major trends in ransomware professionals need to be aware of?

The most worrying development with ransomware is that it has evolved from simply stealing data to impacting IT availability. It is no longer just a security problem; it is an operational issue with impacts including extended operational downtime, as well as huge financial and reputational damages. 

Now that preventing reputational damage is almost or equally as valuable as regaining the stolen data itself, attackers have even more ammunition to demand a ransom payment from organisations. Some cyber security agencies have called out a trend called “reputation for ransom” – where fictional breaches will be publicised using repurposed data from prior attacks – as a trend to watch in coming years. 

Worth a read: Dear Lord, let this be the last World Password Day

What are the biggest cybersecurity challenges those in leadership roles are facing?

One of the biggest cybersecurity challenges leaders are facing currently is securing their data in the cloud.

Virtually all businesses are now storing their most sensitive data in the cloud, yet a large number are still struggling to navigate such dynamic and interconnected cloud environments with legacy solutions.

Last year we conducted independent research which showed that in the last year, nearly half of all data breaches in Australia (47%) originated in the cloud, and more than six in ten local leaders believe cloud security is lacking and poses a severe risk to their business operations. If they are to optimise those sought-after opportunities afforded by the cloud, business leaders need modern security approaches that offer real-time visibility and containment to mitigate risk. 

Which cybersecurity best practices are being adopted with the most success by companies?

Best practice in cybersecurity is to work towards achieving cyber resilience – or the ability to maintain the function of IT systems even in the event of an ongoing cyberattack.

Assuming a breach is a fundamental starting point. Businesses must take measures to stop attacks quickly before they can reach high-value data and halt operations. This requires a move away from the traditional “find and fix” approach to security and focusing instead on limiting the spread of breaches.

One way to achieve this is through Zero Trust Segmentation (ZTS) – which proactively stops the spread of breaches by isolating workloads and devices across clouds, data centres, and endpoints, once a hacker has gotten inside. Think of it like a submarine. If the boat springs a leak, a compartment or segment may flood, but the rest of the ship stays dry, secure, and afloat.

Recent research has shown that 98% of Australian IT and security decision-makers believe that segmentation of critical assets is a necessary step to secure cloud-based projects.  

Worth a read: Riken to integrate IBM’s quantum system with supercomputer Fugaku

What role do you think governments play when it comes to cybersecurity?

Governments undoubtedly have an important role to play in helping to curb cyberattacks in Australia. Policy and enforcement around breach reporting, not just for private enterprises but government agencies too, helps to increase transparency in the industry. Disclosure, particularly with respect to the privacy of customer data, should be necessary and transparency is important for the public and oversight commissions as adversary attempts against agencies are ever-increasing. Everyone can also learn from attacks when they’re disclosed and shared. 

I do, however, also believe that each business has to be accountable for its own cybersecurity practices and how it protects customer data. Reporting an incident is only one part of the puzzle, businesses also need to ensure they are mitigating the damage of each breach as much as possible.

What’s something that has drastically changed about cybersecurity since you first got started in the field?

The biggest change we’ve seen, particularly in recent years, is the impact of AI on technology and cybersecurity. This is having an enormous impact on how attackers target and infiltrate organisations, essentially bolstering their efforts because AI makes it easier to automate the creation and execution of attacks.

In the short term, they will have an unfair advantage as they can use the technology with no guardrails, whereas organisations will need to adhere to regulations that are still being developed and agreed upon.

I believe that the principles of Zero Trust Segmentation apply in this context. We need to put in place controls that limit the amount of information hackers can harvest about an organisation, as this will hinder their ability to create strong AI models. In other words – their AI weapons won’t be as strong.

At the same time, organisations can protect their most valuable assets and maintain IT function in the mindset of an AI-based attack.