Anita Joseph caught up with Aloysius Cheang, Chief Security Officer at Huawei Middle East and Central Asia, to find out how the company aims to leverage the growing demand for AI to automate defence and attack capabilities.
The threat-security landscape has been continuously evolving and growing. What is your take on this?
The pandemic has accelerated the demand for digital transformation, to support remote work arrangements. Many resources that were previously located in offices have now become standard at home. As we transition out of the pandemic era, organizations are looking to improve their operations and expand into new territories, especially those with regional focus. They want to explore how they can better support their businesses and adopt technologies like AI.
In recent months, there has been a lot of discussion about generative AI, such as GPT-based chat systems, and the potential benefits they offer. However, before venturing into any new technology, it is crucial to consider different perspectives, conduct risk assessments, and ensure a thorough approach. The demand for new technologies like AI is skyrocketing, surpassing even the pace set by the pandemic-driven digital transformation. With these emerging technologies, such as generative AI and interactive systems, it becomes essential to reassess strategies and implementation models. Wholesale adoption without careful consideration can lead to risks and challenges, much like navigating a pandemic.
When it comes to AI, one aspect to consider is how to build trust and resiliency in AI systems. This topic has gained attention from AI thought leaders who emphasize the need for careful consideration. It is essential to address ethical issues and have a well-thought-out plan. Although there might not be comprehensive AI laws and regulations in place yet, it is important to be aware of the potential risks. Misuse of AI can lead to reputational damage, financial losses, privacy breaches, and even threats to life. For instance, generative AI could be exploited for cyberbullying or impersonation in financial transactions where voice prints are used for authentication.
Therefore, trust and resiliency should be at the core of any strategy or adoption plan for new technologies, including AI, as part of digital transformation efforts. Cybersecurity needs to be prioritized right from the beginning, rather than as an afterthought or a reactive measure. It is crucial to ensure that cybersecurity is integrated into the design and implementation process, and not treated as a separate add-on.
How does Huawei incorporate security into its operations and product fabric?
Cybersecurity has undergone significant evolution over the past 10 to 15 years. In 2012, we released our first white paper, focusing primarily on cybersecurity and addressing governance, risk, and compliance (GRC) concerns. As we expanded into new markets, we encountered numerous laws and regulations that varied from region to region. Consequently, our cybersecurity position paper emphasized the localization of laws and compliance requirements specific to each market.
Fast forward to 2018, when we issued our second cybersecurity position paper. In this master plan, we transitioned from a GRC-centric approach to an end-to-end cybersecurity assurance system. We integrated cybersecurity into every aspect of our organization, considering people, processes, and technology as vital components. Our strategy, which was established in 2011, identified cybersecurity as our top priority. By 2018, we had further reinforced this priority, ensuring that a cybersecurity mindset was ingrained in every individual and process within the company. We implemented training and equitation processes for cybersecurity personnel, emphasizing the importance of security in all our activities.
Our product development lifecycle incorporated the ABC theory—assume nothing, believe no one, and check everything—we implemented a supply chain aggregation process requiring security accreditation for every vendor, local or international. Our focus shifted beyond mere defence to viewing cybersecurity as a weapon of mass destruction, considering the potential impact on critical infrastructure and national security. We developed an end-to-end secure supply chain using our comprehensive security assurance systems, encompassing people, processes, and technology.
With the advent of AI, we are currently working on our cybersecurity 3.0 master plan. We aim to leverage AI for automated defence and attack capabilities. Proactive defence is our primary goal, aligning cybersecurity closely with our company’s business strategy. Our objective is to establish cybersecurity as a competitive advantage and a critical business enabler.
This ongoing evolution in cybersecurity demonstrates our commitment to staying ahead of emerging threats and harnessing new technologies to safeguard our organization and provide a competitive edge.
What are the most significant threats currently faced by corporations or businesses in the region? In other words, what is the primary challenge they are confronting?
The primary challenge lies in the people factor. In this region, there is a shortage of skilled cybersecurity professionals, which poses a significant hurdle for businesses. Furthermore, the end users of technology often lack proper security awareness programs, leading to basic mistakes like clicking on malicious links or falling for phishing scams. Even individuals in the cybersecurity field can be susceptible to such threats due to their realistic nature.
To address this challenge, it is crucial to prioritize people awareness training. By educating users about cybersecurity best practices, we can minimize the risks associated with human error. Additionally, closing the cybersecurity manpower gap is a key objective. We aim to provide individuals with a foundational understanding of cybersecurity, enabling them to not only recognize the potential risks posed by emerging technologies like cloud computing, AI, and IoT but also leverage them to gain competitive advantage in their business operations.
It is essential to shift the perception of cybersecurity from being perceived as a mere disruption to a valued asset. By helping people see the inherent value of cybersecurity, we can overcome the cowboy mentality that views it as an obstacle hindering daily tasks and instead recognize it as an essential safeguard for achieving objectives and ensuring business continuity.
