A talk on cybersecurity was held yesterday at The Core, Universiti Brunei Darussalam, to instill public awareness on the prevalent threats.
The public presentation, entitled “One Click Is All It Takes To Bring Down An Organisation”, addressed why large investments in security sometimes fail to defend organisations from cyberattacks.
The talk was presented by Bryce Bryce Galbraith, Principal Instructor at The SANS Institute, US. During the talk, Galbraith provided examples of spear-phishing techniques and explored ways to fight Advanced Persistent Threats (APTs).
Hosted by IT security firm IT Protective Security Services Sdn Bhd (ITPSS), the public presentation was aimed at information security officers and IT professionals in Brunei with the objective to inculcate a cyber-aware culture in the sultanate.
The company’s collaboration with The SANS Institute, a reputable technology-neutral organisation, addresses the human element, which is often referred to as the weakest link in the field of information security.
ITPSS CEO Shamsul Bahri Hj Kamis said that despite prevalent cyberattacks in recent years, there has not been noticeable investments on information and cybersecurity awareness programmes amongst organisations in Brunei.
He also emphasised the need for organisations to shift in thinking and approach, as there tends to be a heavy reliance on so-called ‘technology box’ solutions.
“Technology, while important and even critical in efforts to mitigate threats from cyberspace, cannot be the end objective,” said the CEO.
“As the recent WannaCry and Petya ransomware attacks had demonstrated, the human element in terms of awareness and capabilities must be significantly improved in order to thwart off attacks involving not just technology but those human elements as well,” he added.
Established in 2003, ITPSS is a local company comprised of information security specialists, offering IT security services to help organisations in Brunei fortify their defences.
Among their services include Managed Security Services, information security audit, incident response, penetration testing, vulnerability management, data recovery, secure deletion and IT security awareness training.