(Fremont, California) When it comes to cyber threats, one can’t always predict when one will occur. But one can prepare! The American Society of Engineers of Indian Origin (ASEI) hosted a virtual conference with 20 speakers on May 21st at the Cybersecurity Summit. The topic of cybersecurity with growing incidents of ransomware, malware, cyberwarfare and hacking raises a lot of eyebrows in our lives at personal as well as organizational levels and hence the underlying theme of the summit was “Because everyone needs to be secure.”
The summit was co-chaired and kicked off by ASEI National President Piyush Malik who is serving as Chief Digital & Transformation Officer at Veridic solutions and Bhawna Singh, a Senior Vice President of Engineering at Cybersecurity vendor Okta and a recent ASEI Engineer of the Year awardee. Leading voices representing the cybersecurity industry – from software vendors to risk management consultants to cyber industry innovators to emerging technology startups to government and company board representatives were present and joined by a wide range of experts from all walks of the cybersecurity and technology industry.
ASEI Co-Chairs started the discussion by setting the context, sharing the what and why of cybersecurity and the threat landscape. While gathering precise and reliable statistics about cybercrime is difficult, and assessing the true number of cybercrime victims is next to impossible, here are some eye-opening numbers we have seen reported by government agencies or cybersecurity firms:
- 59% of Americans report they have experienced cybercrime or in some way fallen into the hands of a computer hacker
- 70% of small businesses are completely unprepared for a cyber attack
- 88% of professional hackers can infiltrate an organization within 12 hours.
- With nearly $7 Trillion lost to Cybercrime globally per Center for Cybercrime and Security, it is important that we make cybersecurity a priority in our organizations.
As part of the digital agenda and with increasing adoption of cloud, DevOps and Agile becoming mainstream as a result of embracing microservices and containerization, over 55% of organizations release software products weekly. This naturally causes strain if security principles are not adopted upfront by developers.
In his keynote, titled “Enabling Engineers to Build a Secure Future”, Ankur Shah from Palo Alto Networks talked about Security supply chains being the new targets by malicious actors and gave tips to the engineers in the community to “move fast, build great things and make sure everything is secure”. One small vulnerability in infrastructure-as-code at the repository level can lead to 1000’s of problems and hence the cost to remedy rises exponentially downstream. Citing AWS CTO Werner Vogels, he stressed on security being a shared responsibility and presented a solution of breaking silos by prescribing a DevSecOps approach and leveraging automation.
Moderated by Invigrid CEO Yogita Parulekar , the first panel discussion focussed on the daunting Talent gap in the growing cyber security space with panelists Chirag Shah from Model N, Nataraj. Nagaratnam CTO IBM Security & Laxmish Bhat– President iZen. With 80% of recent security breaches attributed to skills gap with 38% losing over a $1Million each, this panel assumed a pivotal role in the summit. Each of the speakers brought forward unique personal perspectives on the topic while sharing how their respective companies is helping. eg IBM has introduced Cybersecurity as part of the award winning public-private P-Tech program for high schoolers and iZen has come up with an intelligent edtech solution accelerating cybersecurity knowledge for universities and organizations alike with or without internet access
Aastha Verma, former President at ASEI Washington DC chapter, spoke next about CISA and its initiatives in ethical hacking to protect the homeland. As Department of homeland security’s (DHS) CISA Branch Chief for Vulnerabilities, she was able to share a lot of resources to help the audience understand how the government and public can work hand in hand to curb the cyber risks. To cite a couple, she shared “Shields up” and “Presidents Cup” initiatives which are all available to the population via CISA website
The Women in Cybersecurity Panel was led by Chitra Dharmarajan with panelists Rupa Mittapalli from IBM, Upasna Saluja from AT&T and Anusha Vaidhyanathan from Zscalar. The amazing life /career transformation stories of these women leaders and how they got into the industry and what keeps them going in applying scientific method to cyber risk management and protection from cyberthreats inspired us all. A number of tips for pivoting into cybersecurity were shared. We also learned about building a career in this industry – from a student to developer to security engineer to a cyber product manager and ultimately a cybersecurity leader.
Jyothsna Lekkala from Zoom then talked about Software Supply Chain Security and how it has evolved from physical to software more so since the 9/11 attacks. Was shocked to learn that within 3 years from now, over 50% organizations’ software supply chains are likely to be targeted.
With an explosion of sensor infused devices around us from wearables to cameras to even microwaves and refrigerators etc all estimated to touch 55.7 Billion IOT devices by 2025, it was only apt for Agas Somasundaram to talk about why IOT security is important and how can we protect ourselves from breaches occuring in these seemingly harmless devices.
The power packed Geopolitical panel moderated by Cybersecurity for PM Author Niharika Srivastav -addressed the role of cybersecurity in the current geopolitical instability caused by threats from Russia-Ukraine war as well as increasing use of rouge-nation backed deliberate sabotage and highly sophisticated cyberwar attacks.
The panelists Rita Archrekar – Board director at ICICI bank, Anshu Gupta – CISO at Silicon Valley based SVCI and Vishal Chawla, a senior partner at PWC brought in their rich and specialized point of view from their observations and experiences. The theme of building resiliency into our systems came up repeatedly. Companies need an ability of their systems to detect, contain and eradicate these external as well as insider threats & cyberattacks. To get away from FUD and misinformation being propagated by cyber vendors, a number of things need to happen: viz Security hygiene is a must have practice in organizations. Scanning backups for indications of compromise. Holistic strategy against ransomware and other threats etc.
The Cybersecurity summit closing keynote on Insider threats, Information Sharing with Entity Resolution and Privacy by Design came from former IBM Fellow Jeff Jonas, who was beaming in from France talking about how technologies he invented like Non Obvious Relationships Awareness (NORA) have led him to detect and protect the Las Vegas Casinos from millions of dollars of fraud. He is using Privacy by design (PBD)principles in designing API based solutions now with Sensing, so that organizations can leverage it before information sharing begins and to be aware of malicious actor credentials and intentions before hiring and thereby protecting from insider-led cyber damage.
There was the eagerness and enthusiasm around the speakers and the 165+ attendees that attended parts of the conference while 50+ folks who sat glued to their seats for over four hours including the open networking session that followed after formal closing and vote of thanks by ASEI National director Sam Ladwa.
ASEI President Piyush Malik said, “We are so often – and rightly so – focused on so many different aspects of our own universe that we fail to realize the potential of the different viewpoints and the power of ecosystem that thrives around us, and one has to build own cybersecurity posture in your organizations.”
Malik summarized the Key Takeaways if the Summit as follows:
- Security is everyone’s job
- Cyber Skills-gap exists and plenty of opportunities are available in Cybersecurity
- Resilience mindset is necessary from strategy to execution
- Think about getting Cybersecurity Insurance
- New kind of talent needed besides technical skills in cyber security- Negotiation skills
- Collaboration is key to execute and enable security strategy
- Security hygiene is a must have posture
- Organizations need to build resilience in software supply chains and take steps to protecting rapidly multiplying IOT devices
- Security by Design (SBD) and Privacy by Design (PBD) are not just slogans. They need to be shared values going forward
- When it comes to cyber threats, you can’t always predict when one will occur. But your organization can prepare and help is available – Just ask!
Overall, the ASEI Cybersecurity summit was an educational and eye-opening event for many as the summit6 speakers spoke about the threat landscape, the challenges and talking about how technical and business leaders, investors, advocates, and engaged members of our communities at large can work together to build a more secure future.
About ASEI
The American Society of Engineers of Indian Origin (ASEI) is a not-for-profit organization that provides a platform for networking, career advancement, community service, mentoring and technology exchange for professionals, students and businesses in the United States and abroad. Members are guided by several objectives, including the creation of an open, inclusive, and transparent organization, providing positive role models, awarding scholarships, and remaining socially responsible. ASEI was founded in 1983 in Detroit, Michigan. Today, the organization also has chapters in Southern California, Silicon Valley, Seattle, Dallas and Washington, DC. For more information, visit: https://aseiusa.org/