Wilson Wong from Condition Zebra talks online security and IT security
Condition Zebra?s MD Wilson Wong on BYOD, keeping businesses secure and its ZebraCON conference arriving next week
Social Media Portal (SMP) What is your name and what do you do there for Condition Zebra?Wilson Wong (WW): Wilson Wong, managing director. I oversee the strategic plan and performance of the company.
SMP: Briefly, tell us about Condition Zebra (for those that don?t know), what is it and what does the company do?WW: Condition Zebra is a global IT security risk management solutions provider. We help clients to address risks pertaining to the area of policy development, internal control and external exposure. Our main offerings include consultancy services, education services and web application security services.
SMP: Who are your target audience and why?WW: Condition Zebra?s target audience includes organizations that are concerned about their risk of exposure, system integrity, GRC-related compliance mandate issues, or wish to build up competence to achieve international standard.
SMP: Why is there a need for businesses to address security and what is the best way that they can do this?WW: Information is the lifeblood of organizations and IT security plays a vital role in protecting the assets. Most data breaches happen within the firewall, and with the growing adoption of mobile computing and rising cyber-crimes, organizations must view IT security risk management as a priority and central strategic business objective. The best way is to review the policies and associated standard to ensure an adequate level of security is attained, evaluate the internal controls of the organization and what are the countermeasures can be taken to mitigate risks considering the high cost of compromise.
SMP: What has changed over the last 30 years, in more recent times - what are the main challenges that business face now and why?WW: Technology has been less complicated 30 years ago. Necessity was the mother of invention, from wired to wireless, various technology platforms has been developed and advances exponentially. Many businesses are facing difficulties in embracing the latest technology to keep up with the competitive pace, and lack of skilled workers to manage the organization critical infrastructures is another issue. Hence, organizations require knowledge of handling Information security and an effective risk management strategy to overcome the struggle.
SMP: Tell us more about ZebraCON, is it the first conference for Condition Zebra and why are you hosting the event?WW: ZebraCON is an annual International IT security risk management conference. Risks lurk at every turn in today?s business world, technology is one of the big variables and hold a significant impact in the business operation. This event will bring together the industry experts and influencers to educate business leaders and professionals on the role of IT security in risk management. It focuses on the ?How? part (strategy and implementation guidelines) rather than what businesses need to do.
SMP: What will be the highlights and what do you envisage attendees will take away?WW: The limelight should be on the speakers as we?re proud to have international policy drafter, captains of industry and renowned experts that have participated in RSA, Gartner, SANS, Black Hat here at ZebraCON in Malaysia this year. Besides conference, we also provide two-day training to put theory into practice; by equipping delegates with the critical skill sets to better manage their organization information risks. A one-to-one consultancy meeting are available from the second day onwards for participants to seek industry advice from the top-notch speakers.
SMP: What will be your role at the event and what are you most looking forward to?WW: I?ll be there to monitor and support the event. We?ve invited industry experts to share their latest insights on IT security risk management to create a safer cyberspace together through this platform. So I?m excited to meet up all the delegates who will be attending the event.
SMP: What are the low moments of what you have been doing so far (and in relation to ZebraCON)?WW: It?s pretty upsetting how the local businesses perceive the value of IT security risk management. Large organisaions couldn?t see the ?big picture? and find it irrelevant to their business operations. Many organizations should be well aware of the cost and consequences by not taking any prevention or countermeasures. Eighty-six perecent of all websites have at least one security flaw, but the sad thing is, businesses tend to react only when there?s an issue emerge. And that?s why awareness must be built and events like ZebraCON are needed to educate these organizations.
SMP: What are the high moments of what you have been doing so far (and in relation to ZebraCON)?WW: We have received positive response from the industry, media, and associations to support ZebraCON, some renowned organizations also nominated their top-notch leader to speak at the event. This is a good sign showing the local industries are keen to understand how IT security risk management affect businesses and hopefully the message delivered by our partners can encourage more participation.
SMP: What do you see as your biggest challenges and opportunities as a company operating in this arena?WW: The biggest challenges would be cultivating the culture and educating the businesses on information risk management as many of the businesses still failed to see the threats and its cost. Companies are not paying close attention to the risk and compliance landscape, so that?s how Condition Zebra comes in as an IT security risk management solutions provider to fill in the gap.
SMP: What?s the next big step for social media / networks and what impact may this have upon brands and their security?
WW: Social media brings important business benefits to organizations. But sharing unnecessary or inappropriate information will put the organization at risks. Most often than not, organizations either have no social media policy or prohibit the use of social media. By establishing and enforcing a set of good social media usage policies or guidelines for employees can help mitigate security risks while enjoying the advantages of social media.
SMP: What are your top five predictions for digital and social media for the next 12 to 18-months?WW replies with:
1. Mobile devices sales are 30% higher then PC, more and more employees are bringing their own mobile devices to work. Assessing social media using their own mobile device and integrating into digital (e.g. email, web, search) will become a major security issue to the organizations in the next 12-months.
2.The growing trends of BYOD adoption will lead to a demand of policy-making and operational guidelines, and the guidelines will continue to change as the digital trends evolve.
3. Social media will become critical activities in businesses. I believe more and more organizations will start seeing the opportunities and values it bring to their businesses and willingness of spending more marketing budget in social media channels.
4. With the rise of social media usage, HR personnel will require better filtering software to manage the users control and to avoid employees from procrastinating and compromising productivity at work. According to a survey, employees are spending as high as 40-50% of their working time on unnecessary social media activities.
5. We will expect a lot of fake reviews for certain brands on social media. It could be paid by companies to do it.
SMP: What are your top five tips in managing effective security (please use one to two sentences for each tip, or write more if you wish)?
WW: First and foremost is to identify the organization most valuable assets. Then establish a clear and transparent governance, risk and compliance (GRC) policy to map out the relation between the role and responsibilities of each department. If an organization already have one, review and see if the GRC objectives meet the business needs. Thirdly, it?s to educate the employees on the threats and impacts, do?s and don?ts and their role to ensure data security.
Next, businesses need to understand its internal controls such as how its critical information infrastructure function and who has access over the system and data. Finally, developing an effective strategy to minimize external exposures that could jeopardize the whole organization.
SMP: Is there anything else we should know, or is there anything that you?d like to share?WW: Many organizations are still downplaying the role of IT security in risk management. This can be seen especially with local industry, where corporates today tend to possess the ?wait-and-see? attitude and overlook what might strike them. One attack is enough to kill a business. So organizations should take security seriously and understand what are the cost and consequences it may bring for being ignorant.
SMP: Best way to contact you and Condition Zebra?WW replies with:
FacebookTwitter
@conzebraYouTubeLinkedinNow some questions for fun
Social Media Portal (SMP): What did you have for breakfast / lunch?WW: I usually start my day with a nice warm cup of coffee. As for lunch it really depends on where I am, but I normally eat with customers.
SMP: What?s the last good thing that you did for someone?WW: A good deed can be as simple as spreading the word, such as building awareness and showing affirmation revolving the importance of information risk management. Me and my team constantly share information on the current state of affairs and we believe any issues can be addressed. It will make a better cyber space.
SMP: If you weren?t running Condition Zebra what would you be doing?WW: I love sports and still actively doing it. I would love to become a professional sportsman.
SMP: What is the worst security breach you have witnessed and what could have been done better to manage it?WW: The Malaysian Domain Registry was hacked earlier this month, affecting more than 100 high-profiled website. Security breaches can be prevented if the organization is equipped with the knowledge on security risk management. This incident had caused their reputation tarnished and it?d be hard to regain the customer trust.
SMP: What?s the first thing you do when you get into the office of a morning?WW: Having a cup of coffee (my breakfast) gets me going.
SMP: If you had a superpower what would it be and why?WW: If I could have any superpower, it'd definitely be invisibility so I can help anyone anonymously.
See the Social Media Portal (SMP) interview with Drew Williams from Condition Zebra in the SMP profiled section.
If you're interested in doing a Social Media Portal (SMP) interview, get in touch.