22nd December 2021

As businesses accelerated their digitalisation efforts in the past 18 months, many have also worried about the growing cyber threats that could swiftly derail the progress they have made. High-profile attacks on IT suppliers such as infrastructure monitoring company Solarwinds and cloud providers such as Microsoft point to attempts that aim to bypass traditional cyber defences.

Meanwhile, malware continues to be a scourge of businesses everywhere. Headlines this past year have included cyberattacks that caused widespread shortage of fuel in the United States, for example. Closer to home, the Cyber Security Agency of Singapore (CSA) has warned that increasingly sophisticated threats such as supply chain attacks, along with perennial ones such as ransomware, are areas that will be of concern in the coming year.

For businesses, these developments mean not just ramping up one’s cyber defences but also taking a holistic approach to get trained and expert talent onboard. A global shortage of cybersecurity experts means they have to quickly train new talent in the latest skills, such as malware forensics and analysis, to better understand and prepare for tomorrow’s threat. These experts also have to continually develop new skills to cope with the changing risks, learning new trends in the way hackers seek out vulnerabilities, for example. In other words, they need to get all the real-world experience and expertise they can.

Imparting cybersecurity skills

Over the years, NEC has been involved in crucial cybersecurity efforts around the region and the world.

In 2018, NEC announced a variety of cybersecurity exercises, including incident response exercises, for approximately 150 government and critical infrastructure company employees belonging to ASEAN-member states. Carried out through the ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC), this human resource development project was a part of a Japan-ASEAN Integration Fund (JAIF) project. It aimed to develop a cybersecurity workforce of more than 700 over four years, to enhance the capacity of cybersecurity experts and specialists through training and other activities. In 2019, NEC started providing INTERPOL’s Cybercrime Programme – which is based in Singapore – with services that contribute to cybercrime investigation, including the detection of cybercrime, the identification of criminals, detection of crime signs, and the provision of training for cybercrime investigators and forensic experts who belong to INTERPOL. The aim is to strengthen the state-of-the-art cyber security measures provided to the member countries of INTERPOL.

Gaining real-world experience

With today’s cyber threats, it is important that there is a new generation of talents who can undergo robust and rigorous training to become cybersecurity experts. This means learning not just the basics of how computer systems and networks work but also being in tune with the latest developments in the cybersecurity arena.

New specialists in this field need to have valuable hands-on experience in their training. For example, when it comes to the ransomware, a regular threat to organisations large and small, they have to be able to use the tools available to find the malicious code, analyse it and discover the root cause to prevent further attacks. In getting up to speed, they should also have seen actual samples of ransomware, or even tried running the malicious code in a safe environment to see at first-hand how a hacker might execute an attack. They have to be able to use the right security devices to detect the malware through dynamic analysis. The deep knowledge that is required extends to the ability to deciphering the source code to understand how to stop it from disrupting and damaging business operations.

Of course, preventing a piece of malware from being transmitted into a network is just as important as finding one that has already infiltrated the system. By decrypting network packets and checking the data that is passing through, for example, cybersecurity experts should learn how to prevent a business’ IT system from being penetrated. Such skills are often learned on the job, through experience with real-world threat scenarios.

This is the reason NEC Asia-Pacific and the Singapore Institute of Technology (SIT) have developed a Network Forensic Specialist course that Singapore and ASEAN participants can enrol online to boost their knowledge and skills. It will draw on the practical field knowledge of NEC experts who run the company’s security operations centre (SOC) and respond to cybersecurity incidents, as well as expertise from training partner LAC. Through a series of theoretical and hands-on sessions delivered in the applied learning approach at SIT, participants will learn network communication analysis technique as well as field analysis using learned techniques.

In a small way, it aims to bolster the expertise required at various levels of businesses and help to alleviate the shortage of manpower in this particular sector.

Masaki Kawamichi
Manager, Managed Security Services
NEC Asia Pacific

In his 7 years of working at NEC, Masaki worked with the INTERPOL Global Complex for Innovation for 4 years, including supporting the establishment of the IT and security monitoring systems at the Cyber Fusion Centre (CFC). Currently, he leads Managed Security Service projects in the APAC region and supports the improvement of cyber threat detection and analysis operation processes in Security Operation Centre (SOC), and provides cybersecurity training in ASEAN region.

Related links

Cybersecurity Training
The need for strong cybersecurity is paramount in today’s rapidly digitised business environment. From confidential data storage to payment processing, businesses need to ensure information is not compromised.

Takashimaya Singapore Enhances Cybersecurity Posture with NEC APAC
NEC Asia Pacific and its partner LAC supported Takashimaya to introduce a basic cybersecurity capacity building training course to the IT team in order to fend off cyber attacks.