by James Henderson

How DHL is securing ‘the world’s most international company’

May 09, 2019
CIO CSO and CISO Security

Chin Kiat Chim, vice president and CISO of DHL, spoke to CIO ASEAN about the importance of combined business and technology strategies in security

Chin Kiat Chim
Credit: DHL

DHL is a giant of logistics, an iconic global brand with 50 years of market experience, serving flagship customers such as Formula One and Manchester United.

Housing more than 380,000 employees across over 220 countries and territories, the business delivers as many as 1,502,000,000 parcels each year – otherwise translated to north of 1.5 billion packages.

In operating at the beating heart of a connected global network, the security stakes are undoubtedly high.

“To secure the most international company in the world, I must make security simple to implement it globally with consistent quality, while also navigating culture diversity and security maturity specific to each location,” said Chin Kiat Chim, vice president and CISO of DHL.

Based in Singapore, Chim is responsible for the effective management of global IT security, data protection and risk management services for DHL Express, in alignment with the Express management board.

“Sometimes finding the simple solution to solve complex problems is very challenging,” Chim acknowledged. “But it also keeps me motivated every day to think outside of the box, and to continually explore creative ways of making incremental improvements, to keep operations running to achieve ‘best (secure) day every day’.”

“My role as a CISO in the business is to ensure the organisation is able to deliver the greatest service quality, retain customer loyalty and build profitable networks, along with the least possible risks from cyber disruptions which could impact the organisation negatively,” he continued.

“I am responsible for the overall organisation’s information security and data privacy topics, both in term of strategies and execution to effectively secure and defend organisational assets and customer data.”

Emerging tech

In sizing up priorities ahead, Chim is focused on the development of a core security analytics platform, enabled by machine learning (ML) and artificial intelligence (AI).

The aim? To “integrate and interoperate” with critical security technology components to better “identify, visualise and prioritise” critical security information in near real-time, in addition to providing timely remediation and responses to reduce possible business disruptions from cyber attacks.

“With an influx of emerging and disruptive technologies such as ML, AI and the Internet of Things (IoT), organisations need to attain high levels of confidence in cybersecurity to compete and dominate in the digital space,” explained Chim. “Cybersecurity, rather than being a blocker or damage controller, has become a prioritised commercial investment for several businesses.”

“Organisations dealing with digital transformation in any form are enforcing cybersecurity in every technology surface to ensure secure operations and meeting data privacy compliance.”

At the same time, Chim said cybersecurity industries are also adopting AI, sensor and blockchain solutions to collect, analyse and enrich significant number of events and intelligence to better prevent, detect and respond to security threats.

By observing the recent developments in AI, for example, Chim said such technology has driven smart autonomous cyber defence systems which are able to learn and train themselves.

“Exploiting the flavours of ML and AI software in dealing with advanced persistent threats (APT) and drawing the parallels alongside big data has become simpler,” Chim explained. “In fact, AI algorithms are valuable for recognising security anomalies from regular behaviours.”

“The combination of cybersecurity and AI provides the path in creating a baseline of what is normal and what’s going wrong with the pattern,” he added. “This capability enhances the response times from weeks/months down to minutes/hours, and empowering the Security Operation Centre (SOC) to provide timely incident response to secure business transactions and its operations.”

New-look CISO

Outside of DHL, Chim observed that businesses are struggling with the demands of today’s digital marketplace, in addition to connected citizens and consumers.

“Digital transformation is changing the composition of C-suites where technology is taking the driving seat for business growth and revenue,” he explained. “For CISOs, this means valuing the achievement of business and revenue objectives as equally important as risk management and compliance objectives.”

Consequently, Chim acknowledged that the CISO role is becoming more expansive, with new responsibilities spanning strategy, management and leadership.

“With the rapid innovation and change driven by digital transformation, CISOs need to be equipped with deep technical expertise, combined with transformational management skills,” he added.

“Both cybersecurity and data privacy regulations increasingly view security as an integral part of the overall customer experience, which demands robust security and privacy by design throughout the business and regulatory framework.”

Going forward, Chim said the result is the creation of a new-look CISO, one expected to be an enabler of innovation and growth, while keeping the castle protected from a security, compliance and privacy standpoint.

“The evolving role of the CISO from risk manager to business enabler requires a different approach to be able to deal with business demand and expectations,” Chim outlined. “The CISO now must identify themselves as a business enabler.”

He continued: “They must be recognised in the same way as others – from the boardroom or C-suite to the various lines of business and departments that keep the organisation focused, functioning and moving forward on a day-to-day basis.”

In speaking the language of the wider business, CISOs are now well-positioned – in assuming a seat on the executive table – to showcase security in the context of competitive differentiation, rather than merely risk.

“CISOs must walk the talk, communicate and connect with people within lines of business, while being a change agent to influence and inspire innovation to embrace digitalisation,” Chim said.

Whether in ASEAN, the wider region or the worldwide market, businesses of all shapes, sectors and sizes are experiencing the pressure associated with rising cyber attacks.

“Attacks are growing in both frequency and complexity,” Chim warned. “Nation-stated sponsored agencies, cyber criminals, hackers and a host of other bad actors are developing new tactics, tools and procedures to circumvent modern cybersecurity solutions.”

“The new targeted attacks are employing customised malware that get undetected by most of the traditional anti-virus.”

To effectively respond to such threats – while maintaining business operations and procedures – Chim said success can be found in balancing organisational requirements with deep technical expertise.

“These emerging trends have not gone unnoticed by threat actors who are looking for seams in new enterprise work streams to exploit,” he added. “CISOs are facing now an expanded combination of exploits of known vulnerabilities and customised zero-day attacks.”

“Today’s CISOs must be able to effectively secure expanding networks against this growing menace while also meeting the evolving business objectives that define their new role.”