Cybersecurity has become a top-of-mind priority for many business boards in Asia Pacific. However, a staggering 89% perceive their organizations to be increasingly insecure.
As remote and hybrid work arrangements become the new norm, many businesses are transitioning to a cloud-first strategy and embracing novel technologies to enable the office of the future, such as cloud computing, AI and project management tools. However, the growing reliance on these technologies has inevitably increased workplaces’ exposure to cyberthreats.
Low cybersecurity literacy is common among mid- to entry-level employees, contributing to an alarming rise of high-visibility data breaches, 45% of which are cloud-based — such as July 2023’s Microsoft Azure breach that entailed unauthorized access to the email systems of the US government and 24 other organizations.
Alongside ransomware and phishing attacks, there is an increased prevalence of threats from hacking groups like ALPHV and Scattered Spider, that leverage stolen credentials and system vulnerabilities.
How can we adopt modern security architectures, technologies, and processes to enable a secure workplace of the future? CybersecAsia gets some answers from Rhonda Robati, Executive Vice President, Asia Pacific, Crayon.
What are some key threats and challenges that organizations face today in securing their workplaces?
Rhonda Robati (RR): The need for hybrid and remote work requires companies to digitalize and improve their operations, with cloud computing being the foundation of this digital transformation. While it has brought about many benefits, this technological integration exposes companies to a growing number of cyberattacks and breaches.
In the APAC region alone, enterprises experienced the highest year-over-year increase in weekly cyberattacks in 2023. Malware attacks, including ransomware and viruses, are prevalent, along with Denial-of-Service (DOS) attacks and phishing scams. A prominent threat that has impacted many workplaces is dubbed the Azure fraud, where malicious actors gain unauthorized access to and control of Azure resources. This resulted in significant financial losses with costs reaching up to 100,000 EUR per day.
This is not a sophisticated attack that could not have been avoided. Such incidents often stem from the lack of basic cybersecurity practices and controls. Enabling multi-factor authentication, for example, is relatively easy these days and it can help to significantly reduce the risk of unauthorized access to organizational IT ecosystems. Even after a successful credential theft, such tools remain useful in mitigating subsequent cyberattacks.
What are the crucial ingredients that enable a secure office of the future?
RR: New ways of working require different strategies that fit different models. The primary component is building a comprehensive security posture that includes technology, processes, culture, and talent.
At Crayon, we help companies build the right strategy through a comprehensive assessment of the organization’s existing security posture and the creation of a roadmap, which outlines a step-by-step approach to improving security capabilities. We also help customers implement an improved security posture, like making sure basic security hygiene and foundational controls are in place and maintained properly. It sounds simple, yet it requires effort when done consistently.
Once the challenges and areas for improvement have been identified, companies should consider selecting a security partner that can go beyond providing large coverage — to offer businesses the right built-in security solutions and integrated controls, alongside simplifying relevant processes.
This can be a tedious process, and with many security vendors and solutions available in the market, it can be challenging for companies to make informed decisions. This is where collaboration with an experienced technology and security services provider can be invaluable.
Moreover, cultivating a cybersecurity-conscious organizational culture is vital for effectively thwarting cyberthreats. Employees should receive regular education on security best practices and policies, alongside being kept abreast of the latest cyberthreats. This starts with management leading by example, through educating themselves and following the same policies and best practices.
Why do you think organizations in APAC should refocus their workplace and cybersecurity strategies?
RR: Common among small to mid-size (SMBs) and large enterprises alike, low cybersecurity literacy is prevalent among entry-to-mid-level employees — leaving them prone to rising email-based phishing attacks. And despite increased investments in security solutions, security incidents continue to occur every day.
A 600% increase in cybercrime has been reported since the COVID-19 pandemic, and this trajectory is expected to remain steadfast — with cyberattacks projected to result in an annual globe-wide cost of USD10.5 trillion by 2025.
With less resources at hand, SMBs are particularly vulnerable to such attacks. Contrary to the common belief that cyberattacks are predominantly targeted at large corporations, a recent study found that 46% of all cyber breaches impact businesses with less than 1,000 employees.
In the face of these challenges, organizations of all sizes must re-evaluate their workplace and cybersecurity strategies, especially when looking to adopt new technologies. Think for example of the challenges that come from adopting AI solutions that help organizations become more agile and resilient, but at the same time expose organizations to new risks.
How does leveraging a cloud-first approach help to mitigate organizations’ exposure to cyberthreats?
RR: IBM research found that 82% of data breaches involved data stored in the cloud. Contrary to popular belief, however, these breaches are not a result of cloud systems being insecure or highly susceptible by nature. They are largely due to organizations’ poor understanding of necessary cloud security protocols and basic security hygiene. Amid rising cloud migration rates, it is therefore imperative for businesses to adopt a cloud-first cybersecurity approach. This can be easily done as businesses today have more tools to protect their environments — be it through implementing holistic cloud-based defenses, effective automation integration, or the adoption of a zero-trust framework.
Partnering with cloud solutions providers and security vendors can also go a long way in ensuring good cloud security; businesses can leverage their pre-existing cloud-security tools for quick and easy deployment. On top of that, a cloud-first approach can help organizations with different types of work configurations reduce vulnerabilities when handling their hardware and software components, as this streamlines their infrastructure, minimizing the exposure to cyber threats, and allowing easier IT infrastructure maintenance and enforcement of controls.
Furthermore, organizations that opt for a cloud backup solution remain resilient and prepared for possible breaches. These tools can act as a safety net to mitigate potential data loss if the company’s data is compromised.
Please share some examples of organizations in APAC that have securely enabled the office of the future.
RR: A notable example of a business successfully implementing the office of the future with security as a number one business priority is a multinational traditional Chinese medicine (TCM) company we assisted.
The Singapore-based company has as its #1 priority to protect its customer’s data. The company was concerned about eventual attacks leading to data breaches via in-store point-of-sale systems and the storage of patient records.
We helped them to obtain an enhanced security posture, achieve a better understanding of their license’s security features, and the products they needed to get to the security state they wanted to get to. Through a two-pronged approach, the Crayon team was able to first reprioritize the TCM company’s IT costs and upgrade licensing plans for bolstered security.
This was followed by providing the company with a comprehensive security assessment based on ISO 27001 standards.