On the sporting field, when you block and tackle someone to the ground they will typically get up, dust themselves off and come back with a different manoeuvre the next time they need to force themselves through the human blockade. The same analogy can be applied to the cybersecurity world. The hackers and other ‘bad guys’ are not going to give up if they can’t get through one barrier, such as legacy security technology — they’re going to keep trying until they eventually force their way through.
“Most people tend to think that they are safe and secure if they use antivirus and have a firewall sitting at the front door of their organisation,” Sean Duca, the Vice President and Regional Chief Security Officer of Palo Alto Networks explains. “That may have worked once upon a time but unfortunately the hackers of the world have become a lot smarter than that.
Taking a different approach to online security
“In my role with Palo Alto Networks I spend roughly 90 per cent of my time out talking to organisations across Asia–Pacific, to share and impart all of the best-practice experience I have learned from what I have seen other organisations do; what has and has not worked. We look at the situation and think about how we can learn from what others have done and then potentially start implementing that inside other business environments. We are constantly advising organisations to take a slightly different approach when it comes to their online security.”
Palo Alto Networks is the next-generation security company, based in Santa Clara in California. Its mandate is to be a trusted advisor to organisations, helping them with all of their cybersecurity needs. While the business might be headquartered in the US, its global subsidiaries each have a local feel, and it’s never a one-size-fits-all approach. This rings just as true for Asia–Pacific, the geographical area Sean looks after. “People sometimes think it’s a cookie-cutter method — that we work in the US and then simply roll out the ideas across the world,” Sean says. “I disagree. The benefit we have in being here is that we have a local presence, so we understand the local challenges and the marketplace. From a threat perspective, these are localised as well. There are so many different cultures across Asia–Pacific so we need to be sensitive to that and be open to adapt and change.”
Sean has been working in this industry for more than eighteen years. He has held a range of different roles, everything from consulting services and presales to development, technology and strategy. His immediate role prior to joining Palo Alto Networks was as the Chief Technology Officer with Intel Security Asia–Pacific. When Sean stepped into the Vice President and Regional Chief Security Officer role with Palo Alto Networks in May 2015, he says there were a number of opportunities he saw for the company.
Protecting our digital way of life
“One was the culture here, which is so evident across the world,” he shares. “No matter how many times I pop into a different office, everyone believes in the mission and their purpose, which is to protect people’s digital way of life. The second was that Palo Alto Networks is a business that is doing things in cybersecurity that have never been done before. It is growing at an amazing rate, and it’s a fairly young company. Palo Alto Networks is changing the status quo. I wanted to be a part of that and see how I could drive that even further across Asia–Pacific.”
Education is the biggest area of focus for Sean. Through Palo Alto Networks, he wants to empower organisations and business leaders to start changing the conversation around cybersecurity.
“A lot of the time people think it is someone else’s responsibility but it’s not, we all have a shared responsibility to tackle these issues and ultimately, business risks,” he states. “If I think back over the past couple of years, for a lot of the security breaches that have taken place in a variety of industries the accountability was shared right across the business; however, the knowledge wasn’t shared. So that gets me thinking, how does Palo Alto Networks take that and start to share and empower business leaders to change the narrative in organisations across the region?”
The solution comes in the form of a series of regional guides, aimed at empowering businesses with the knowledge they need in a simple-to-read format. The Australian version of the guide, Navigating the Digital Age, was released in September and includes content from ten Australian thought leaders on cyber risks and how to deal with them.
Understanding the financial and operational business risks
“All of the business leaders I talk to fully understand the financial and operational risks to their businesses, and cybersecurity should be no different; it’s a huge risk,” Sean says. “We have had great success with the book we released with the New York Stock Exchange, and we hope the same goes for the Australian version. It’s all about changing the conversation, raising the awareness and empowering business leaders that their approach should not be based on the threats only, but on how they can start to have meaningful conversations about all of the risks. Hopefully the launch of the Australian guide will really encourage business leaders to take that extra step when it comes to their own cybersecurity.”
As well as the Australian edition of the guide, Palo Alto Networks will release one specific to Singapore, one in Japan and four in Europe; for the UK, Germany, France and the Netherlands.
Sean states that open transparency and the sharing of knowledge is “absolutely imperative” if businesses are to be successful in the digital world. “The ‘bad guys’ talk to each other too; they share skills, tools and capabilities. We must do the same if we want to defeat them. If we don’t talk to each other when one of us is attacked then we are actually doing a disservice to each other because the next person is potentially going to be hit by the exact same thing. If we get to a point where we are openly sharing information on what the attackers are doing then we might be able to put a stop to them, or at least make it harder for them to succeed.
“Everyone at Palo Alto Networks fully understands this mission. We have built the technology and the capabilities to act on it from the ground up and we are not borrowing bits and pieces from other organisations. As threats keep evolving so we are constantly working on how we can stay current and help others. I believe we have a big role to play helping and guiding businesses through all of the challenges to ultimately prevent these cyber attacks from happening.”