Interviews | March 23, 2023

AI Has Become a Critical Component of Cybersecurity

KnowBe4 | Microsoft | Nokia | Pentera | Snyk

Henry Ho
Director of Sales


Q1. You have previously mentioned the need for organizations to enable employees to create a "Human Firewall" to manage social engineering threats. What exactly is a human firewall in this context and what should security teams be doing to enable employees to become human firewalls?

A Human Firewall is an individual who follows the best security practices to prevent and report any suspicious activity or data breach. Security teams should use Knowbe4 if they want to enable their employees to become human firewalls.

Q2. What do you perceive as key requirements for developing a security aware culture at organizations? What's your advice for security leaders that might be struggling to foster such a culture at their organization?

Security Culture starts from the Top Leadership. If the Top leadership does not believe that building a strong security culture is essential, then the rest of the organization will not follow.

Q3. What does KnowBe4 have in store for customers at Black Hat Asia 2023? What can they expect from the company at the event?

KnowBe4 APAC team will be sharing about how to build a robust security culture and help address prospects who want to know how to start an effective security awareness training program for their organization.

Andy Elder
CVP, Security Solution Area


Q1. The Biden Administration's new national cybersecurity strategy emphasizes the need for stronger collaboration and partnership among public and private sector organizations. What are some areas where such collaboration can make the biggest difference—not just in the US but elsewhere as well? What do you foresee as some of the biggest implementation challenges?

As shared in this article, at Microsoft we share the strategy’s vision, and believe that focused work across the outlined objectives can fundamentally enhance cyber readiness in US, Asia and around the world. We’re encouraged by the focus on public-private collaboration and are steadfast in our commitment to working with the U.S. government and governments that share the administration’s strategic vision around the world, to rapidly strengthen our collective cyber-risk posture while also helping to ensure our future resiliency. Microsoft will continue to build secure products and services through our innovative engineering practices while also offering customers security services powered by AI and other breakthrough technologies, helping to protect individuals, businesses and governments.

Microsoft’s collaboration with federal partners to disrupt and dismantle threat actors, also demonstrates the value of iterative efforts and partnership. Our Digital Crimes Unit has been fighting cybercrime, protecting individuals and organizations, and increasing cyber criminals’ operational costs since 2008, with active presence in Asia. In recent years, our growing collaboration on disruptions with law enforcement, security firms, researchers and others, has increased our scale and impact. We are continuously working on new actions to disrupt criminals and protect the digital ecosystem, consistent with the goals of the strategy.

Each disruption of cybercrime infrastructure brings forward lessons learned, and we know that faster collaboration among invested defenders with a shared threat context means we can align efforts and have a much broader impact, protecting more people and organizations while criminals are forced to regroup. To facilitate more agile “threat-specific collaboration,” we support the strategy’s goal of leveraging nonprofit hubs and temporary cells that effectively bring together trusted operators in the US and here in Asia.

Read more on Microsoft’s perspective here.

Q2. What do you expect will be the primary drivers for cybersecurity spending for the rest of 2023? On what technologies and services are organizations spending the most, and why?

People are now the primary attack vector and represent the greatest vulnerability to an organization’s security, and as noted in a recent industry study identity-driven attacks account for 61 percent of all breaches. The risk-to-return ratio makes these human-centred attacks irresistible for cybercriminals.

Our internal defender community continues to track the rise of ransomware as a service (RaaS). As examined in the August 2022 issue of Cyber Signals, RaaS enables cybercriminals to rent or sell ransomware tools in return for a portion of the profits.

In the December 2022 issue of Cyber Signals, we shared new insights on the risks that converging IT, Internet of Things (IoT), and operational technology (OT) systems pose to critical infrastructure. As with IT security, a solid defence based on Zero Trust, effective policy enforcement, and continuous monitoring can help limit any potential blast radius.

Recently IDC stated that, in 2023, security spending in Asia Pacific will grow 16.7% over the previous year, despite the economic slowdown and general sentiment of uncertainty. This is due to exponential rise in cyberattacks in this region, evolving regulatory landscape, digital transformation initiatives, and hybrid workforce trends.

At Microsoft, our approach to cybersecurity is that of continuous innovation, simplification and automation. Microsoft has been at the forefront of integrating automation and machine learning into all our products. We want to assist our customers to protect everything, from hybrid to multi-cloud scenarios, and we significantly invest in AI, with the recent announcement of Security Copilot, our newest tool to empower customers’ defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.

Q3. What are Microsoft's plans at Black Hat Asia 2023? What is your messaging at the event?

At Black Hat Asia 2023, we will share our end to end approach to security, with sneak peaks into cutting edge work our engineers are doing on integrating machine learning and AI into our bouquet of security solutions, that now have the ability to extend protection from code to cloud, in hybrid and multi-cloud scenarios, with integration into a multitude of third party technology, extended by our vast network of partners in the region.

Gerald Reddig
Director Product Marketing, Cybersecurity


Q1. What do you perceive as some of the biggest security challenges associated with 5G adoption? How should organizations be preparing for them?

The 5G mobile network operators are facing a steep increase in security threats. In response, telecommunications regulators worldwide demand the upgrade of the existing security models in order to provide adequate protection against the new, more sophisticated, threat landscape. The 5G applications are developed as Virtual Network Functions (VNF) and Container Network Functions (CNF) opening new challenges for critical network systems. One of the biggest challenges facing businesses in critical infrastructures today is the threat of compromised insider attacks, where an employee or third-party contractor with access to sensitive data intentionally or unintentionally exposes the organization to cyber risks.

In 2022, the Cost of Insider Threat report conducted by Ponemon Institute said: “Insider threat incidents have doubled over the past two years, with a total annual average cost $15.38 million for activities to resolve insider threats.” To prevent and detect these types of attacks, organizations need to implement a comprehensive security strategy that includes a combination of non-technical and technical measures. Non-technical measures, such as security awareness training, background checks, and regular audits, help organizations build a culture of security and mitigate the risk of compromise. Technical measures, such as access controls, data encryption, and extended threat detection and response solutions, help organizations prevent and detect malicious activity.

Q2. What is Nokia's approach to addressing 5G security? What are some of the key technology and service components of that strategy?

Nokia Security, built on a 5G zero-trust security model, assumes that a breach is inevitable and that a breach may already be occurring in the network. A solid but adaptive 5G security strategy paired with modern security observability and speed that utilizes applied data analytics techniques, such as machine learning to protect your 5G digital integrity and telco critical assets.

5G Communication Service Providers (CSP) need to adopt a multi-layered security approach that includes XDR or eXtended Detection, and Response solutions. XDR solutions use artificial intelligence (AI) and machine learning algorithms to analyze and identify potential security threats. This enables CSPs to detect and respond to security incidents in real time, providing faster and more effective protection against cyber threats.

One of the key benefits of XDR is its ability to detect and respond to compromised insider attacks. XDR solutions monitor the behavior of insiders, including the systems they access and the data they use, and can identify any unusual or malicious activity. For example, if an insider is accessing sensitive data that they should not be, XDR can alert the security team and block the access, preventing the data from being stolen.

A telco-centric XDR solution for critical industries that are designed to detect external and insider threats will provide a range of analytical capabilities to identify the indicators of compromise that may indicate a potential threat and to properly respond with suitable automated playbooks.

Q3. What is your main messaging for customers at Black Hat Asia 2023? What do you want them to be taking away from Nokia's presence at the event?

Cyber-attackers are becoming more sophisticated in their methods, and critical infrastructure organizations need to be proactive in their approach to security. Automation is one key element of effective cybersecurity. Automated tools can quickly identify and respond to potential threats, minimizing damage and protecting sensitive data. These tools can monitor network traffic, analyze user behavior, and respond to potential attacks in real time. Automation also helps to reduce the workload on security teams, who may be overwhelmed by the sheer volume of alerts generated by traditional security tools.

AI is another critical component of cybersecurity. By using machine learning algorithms, AI can detect and respond to threats more accurately and quickly than humans. AI can analyze vast amounts of data and identify patterns that may be impossible for humans to detect. It can also adapt to new threats and vulnerabilities, making it an essential tool in the fight against cyber-attacks.

Nokia understands the importance of protecting critical infrastructure from cyber threats. Our telco-centric XDR solution suite is designed to provide a comprehensive view of organizations' security posture and to help our customers to respond to cyber threats quickly and effectively.

At Black Hat Asia 2023, we will demonstrate the latest XDR (extended detection and response) capabilities for 5G security to secure the full scope of 5G networks. Join us and experience Nokia’s new XDR-driven AI and automation capabilities including cloud infrastructure security, container security and vulnerability detection, and tailored incident responses.

Michael Tan


Q1. Pentera expanded operations in the APAC region recently and appointed you as vice-president for the region. What do you see as the biggest opportunities for Pentera in the region?

Pentera is pioneering a new paradigm for security validation. Our automated security validation platform enables organizations to proactively improve their cyber resilience as well as their ability to defend against cyber threats. Recent research reveals that in 2022 APAC was the second most targeted region for cyberattacks in the world. The average organization in APAC faces 1,691 weekly attacks, which has grown 22% YoY since 2021. What’s clear is that organizations in APAC are facing a massive challenge with regards to their security. Despite having so many security solutions in place, organizations lack a way to identify their own security gaps to continuously validate that their security setup is effective.

Traditional manual Pentests assessments are both infrequent and don’t cover the complete modern attack surface. The occasional tests and partial coverage leave security teams in the dark and do not provide them with a true understanding of their exploitable security gaps. I believe Pentera's Automated Security Validation platform is in a unique position to address the needs of CISOs. We enable them to continuously test the effectiveness of their security controls, identify their exploitability, and remediate them effectively. Our platform ensures that they are able to efficiently locate and remediate issues before adversaries can exploit them.

Q2. What exactly is automated security validation all about? What specific need is it addressing?

Automated Security Validation is the new way for security teams to validate the effectiveness of their existing cybersecurity controls and reduce their cybersecurity exposure. It is based on three core principles - automation, real risk prioritization, and complete attack surface testing.

Our automated platform enables organizations to increase both the speed and scope of their pentests to provide security validation at scale. Pentera emulates the behavior of hackers, testing the complete security stack, in production, against the latest adversary threats. Our platform conducts fully automated penetration testing, covering the entire attack surface of the organization - external facing assets as well as the core networks of the enterprise. The platform identifies the true exploitable risks within the organization and prioritizes their remediation based on their potential business impact.

One of our biggest advantages is the major focus we put on security research to ensure customers are validated against the latest threats. The Pentera Labs team actively monitors threat intelligence feeds to identify new critical vulnerabilities and the latest attack techniques used by adversaries. Their research feeds the Pentera platform engine, ensuring that the platform is as dynamic and creative as the real hackers.

Q3. As a relatively new player in the region, what do you want customers at Black Hat Asia 2023 to know about Pentera and its technology portfolio?

Being fully committed to the APAC region, we have local offices in Singapore, Australia and Japan to support our customers and partners in the region. Pentera is dedicated to ensuring that our customers are secured against the latest attack techniques and are able to validate their security controls. Whereas other security solutions focus on either the external or internal attack surface, Pentera is the first company to combine both. Pentera challenges your existing security starting from outside your network, emulating the attack on your internet-facing assets, and moving laterally all the way to the “crown jewels” of your core network.

We are the only company in the market that enables security validation in a live production environment. Our safe-by-design solution showcases exactly how hackers can exploit your network without any impact to your business continuity. Pentera also ensures that there are no remnants left in the network after the test is over.n Pentera also recently introduced the first solution to validate your security against the growing threat of leaked credentials. Stolen or leaked credentials are a severe risk to all organizations.

Verizon's 2022 Data Breach Investigations Report (DBIR) found that over 60% of breaches involve compromised credentials. Pentera’s Credential Exposure module leverages credentials found on the dark web, paste sites, and in data dumps shared by cyber-criminals and uses them in millions of attack vectors. It provides actionable credential exposure mitigation steps such as password reset, or hardening users’ MFA policies and limiting privileges at risk in near real-time. To meet the challenges of the ever-evolving threat landscape, Pentera is constantly adding relevant capabilities, attack surfaces, and techniques to its platform. We will continue to innovate to ensure our users are validated against whatever threats come their way.

Lawrence Crowther
Head of Solutions Engineering APJ


Q1. How has the growing use of open-source components in commercial and internally developed software complicated the software supply chain security challenge?

Yes, the growing use of open-source software has contributed to the overall weakening of the software supply chain. There are a number of factors involved here:

  • Increased Attack Surface: Open source has long been an attractive target for bad actors because of the popularity of developers building applications with various open-source projects and because companies do not have proper controls in place to detect malicious code that enters their development process. The authors of the open-source projects often do not spend a lot of time securing the code and hence it is left up to the consumers or recipients of the open-source packages.
  • Complexity: There are many moving parts to building modern software either when deployed onto the cloud or on-premises. Open-source code and 3rd party software is used along the software development process in tools and build systems to eventually produce and deploy a product. It is difficult to track all components and dependencies that the applications have, this is where attackers can break weak links in the supply chain.
  • Delayed Patching: Because open-source components are maintained by a community of contributors, patching vulnerabilities may take longer than it would for proprietary components, as the community may need time to develop and test patches.
  • Integration Issues: Integrating open-source components with proprietary software can create compatibility issues that can lead to vulnerabilities, making it even more challenging to secure the software supply chain.

Overall, the use of open-source components can offer many benefits to software development, but it also introduces new challenges in terms of supply chain security risks. Proper measures must be taken to ensure that open-source components are thoroughly vetted, scanned and patched to reduce the risk of vulnerabilities and attacks.

Q2. What do you perceive as some of the limitations of existing application security testing practices when it comes to detecting and addressing modern software supply chain threats?

One of the big areas of concern is open-source packages containing malicious code. This is bad actors intentionally placing malicious code into popular open-source libraries that are used by potentially thousands of applications all over the internet. Most tools cannot detect malicious code because they don't show up as vulnerabilities per se. Usually the code is functionally ok but will do some destructive behavior or steal information. AppSec vendors need to constantly work with the community and leading academic institutions to identify these packages and keep their intelligence databases up to date. Alerts should be raised if these types of packages enter your software supply chain. Here's a good example of malicious code finding its way into a very popular JavaScript library called event-stream. It was a targeted attack to a specific Cryptocurrency wallet called CoPay in order to steal BitCoins from unsuspecting customers.

Q3. What do you expect will be top of mind issues for Snyk's customers at Black Hat Asia 2023? What are Snyk's plans at the event?

Most certainly organizations attending Black Hat will be looking for strategies to solve software supply chain risks. It's quite a large scope of work, so the strategy might be to start in the obvious places like properly securing open-source components and/or other low hanging fruit like securing containers. There are some more advanced topics like IaC and Cloud Security which can also help organizations stay protected against cybercrime. As more and more companies are looking for solutions to help their developers build secure applications, they will also be looking for advice on how to implement a DevSecOps culture without slowing the development team down.

Snyk will showcase new and upcoming features that will help developers prioritise and fix the most important security issues facing the business right now. Snyk will also offer some thought leadership around Application Security Posture Management (ASPM) and strategies to mitigate the risk of software supply chain attacks.

Sustaining Partners