Raen is responsible for driving revenue growth across key markets in the region. With more than 20 years of experience spanning sales, market and business development, she is passionate about using tech- nology to help organizations move forward in their digitization journey and realize outstanding business outcomes.
In a conversation with Prisila, (Correspondent, Asia Business Outlook magazine), Raen discussed cyber- security prioritization and the evolving role of AI/ML in cybersecurity and observability within businesses.
As digital applications become more pervasive across an organisation's operations, using a unified solution not only fosters a collaborative environment, but also enhances observability capabilities
1) How do you prioritise cybersecurity initiatives within a business context, considering both technical requirements and overall business goals?
It’s a fine balancing act when you have to prioritise between security and business. According to our recent ESG whitepaper, the lack of a comprehensive and shared visibility resulted in organisations’ misalignment in prioritisation and response.
For example, organisations that rely on different tools may struggle to understand how a cloud outage could be connected to a network threat. Additionally, teams may not realise how a proposed resolution in one area could impact systems and services in other areas. This siloed approach wastes resources and can result in prolonged service disruptions that negatively affect customer experiences and impact business resilience.
To effectively prioritise cybersecurity initiatives while also addressing business concerns, organisations should focus on unifying the workflows and processes of their security, ITOps, and engineering teams. This can be achieved by leveraging the right tools that enable collaboration and efficiency.
As digital applications become more pervasive across an organisation's operations, using a unified solution not only fosters a collaborative environment, but also enhances observability capabilities. This allows organisations to have complete visibility into their complex IT environments and infrastructure, enabling them to make informed data-driven decisions, minimise downtime and improve system reliability. From a business perspective, not only does it improve total cost of ownership, overall team efficiency also translates to higher return-of-investments (ROI).
Thus, by taking a holistic approach and analysing security incidents in the context of system performance and user experience, organisations can better prioritise actions based on business impact and maximise the value of their cybersecurity investments.
2) How do you see the role of artificial intelligence and machine learning evolving in the field of cybersecurity and observability?
Emerging technologies such as AI and ML have the potential to massively disrupt our industry, and we see it as a catalyst for driving greater digital resilience. Capabilities such as AI/ML-powered automation and AIOps (Artificial Intelligence for IT Operations) tools will significantly enhance organisations’ security and observability operations, enabling organisations to detect and respond to threats more rapidly across functions.
Additionally, the increased end-to-end visibility across systems and networks will provide security experts with a more comprehensive understanding of potential vulnerabilities and enable the implementation of more proactive countermeasures. It will then serve to accelerate human decision-making and be a crucial enabler in the race against the growing variety of threat actors.
According to Splunk’s Predictions 2024 Report, we anticipate that 20 years from now, there will be a massive transformation in the human-to-technology interface, where AI will enable systems to self-engineer self-heal and self-automate tasks.
At the same time, while we know without a doubt that AI is set to revolutionise the way we live, work and interact — with such a widespread impact, business leaders need to be thoughtful about the responsible use of AI so as to keep their customers and employees data safe while leaning on the technology to enhance digital resilience. Principles such as transparency, fairness and privacy should be considered when it comes to AI development and usage.
3) How do you ensure a culture of cybersecurity awareness and best practices among employees at all levels of the organisation, and what metrics would we need to use to evaluate its effectiveness?
The saying ‘it takes a village’ comes to mind, and it starts at the top.
Chief information security officers (CISOs) need to be integrated into an organisation's boardroom strategy in order to ensure alignment between security priorities and board directives. Simply put, CISOs need to be part of the C-suite and boardroom discussions. They are no longer solely responsible for IT or security; they have become business leaders who champion the cultural shift towards security and digital resilience within their organisation.
Simultaneously, it is essential to incorporate security right from the beginning. This can be achieved by adopting practices like DevSecOps (Development, Security and Operations), which converges application development, security, infrastructure as code, and operations into a continuous, end-to-end, highly automated delivery cycle. This approach integrates security into the DevOps continuous development process, essentially making it possible for the organisation to embrace “continuous security.”
To assess the effectiveness of an organisation's cybersecurity, business leaders can analyse metrics such as Mean Time to Resolve (MTTR) and the number of security incidents, which includes cyber breaches and attack attempts. These metrics could provide valuable insights, identify areas that require improvement, and serve as indicators for assessing the organisation's overall security posture.
Additionally, organisations should also stress-test their security measures, whether through training, dummy attacks and phishing, or internal exercises, to evaluate employee readiness and keep the organisations on its toes at all times.
4) How do you approach building a scalable and resilient cybersecurity and observability infrastructure that can adapt to the evolving threat landscape and business requirements?
Here’s the deal: the right investment pays off.
Today, digital has gone from simply supporting organisations’ operations to being a core growth driver. This means that as enterprises experience disruptions, the potential stress and strain on their digital systems will have a far greater impact across their organisations. As organisations become increasingly digital, they are only as resilient as their digital systems.
Disruptions in recent years like outages, security breaches, the changing threat landscapes and business regulation updates, have revealed how a traditionally siloed approach across different functions create risks.
We found in our 2023 Digital Resilience report that organisations that thrived amidst the chaos of a global pandemic and political instability focused on five critical capabilities: visibility, detection, investigation, response, and collaboration. These capabilities not only drove better business outcomes but also resulted in substantial cost savings. Our report shows that organisations who invest in these capabilities were able to minimise the impact of outages, saving about US$48 million per year.
For instance, one of our customers — Taiwan’s first legal crypto currency exchange — was able to improve their resource management and cut costs by more than 10% through identifying and conserving idle cloud resources. By using Splunk to manage its complex multi-cloud environment, ACE Exchange gained greater insights into spending across its cloud services, identifying unnecessary services and reallocating resources in real time to boost overall ROI.
Given the never-ending potential for disruption, technology and security leaders should invest in strengthening each of these capabilities to advance their organisations’ maturity.
Organisations can kick start their efforts by improving cross-functional crisis management, leveraging machine-learning and auto remediation, and empowering security and IT to accelerate release velocity. By building a strong foundation of resilience, leaders can ensure their business is prepared to adapt to anything.
5) What advice or best practices business leaders should consider when it comes to advancing AI technology in their own organisations?
Whether you are for or against it, AI is here to stay.
In a world where anyone can easily access and leverage on generative AI capabilities, organisations need to keep up with the evolving technology and adapt accordingly to harness its benefits. However, blindly jumping on the AI bandwagon without devising a strategy will likely lead to confusion and misalignment. Instead, leaders need to be clear about goals and measurable outcomes that they’re hoping to achieve with AI.
When implementing or advancing AI technology in their organisation, business leaders should consider the following best practices:
The future of AI holds immense potential and we firmly believe that it is a prerequisite for establishing digital resilience. However, it is crucial to also acknowledge that AI is an evolving area, and being at the forefront of this evolution requires agility and flexibility for organisations to remain competitive and resilient.
.jpg "Technology in Cancer Care: A story of evolving paradigms")
.jpg "Bringing Shop Floor to Manufacturer's palm: Smart Factory Solutions for tomorrow")
