In the ever-evolving world of cyberthreats, the size of an organization is not the only aspect that impresses attackers.

Modern cybercriminals are not deterred by the scale of their target; instead, they focus on vulnerabilities and the potential for exploitation.

Understanding this shift in strategy is crucial for organizations seeking to fortify their defenses against increasingly sophisticated cyberthreats.

In this interview with Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky, CybersecAsia delves into why attackers prioritize weaknesses over size, examining case studies of breaches in both small startups and massive corporations.

However, this approach has become less effective as the number of mobile devices and cloud services used among employees grew. The pandemic further accelerated the trend with more corporate resources now located outside of the traditional perimeter due to hybrid working arrangements.

As a result, organizations should employ the concept of Zero Trust – an alternative to perimeter security. Rather than distinguishing between external versus internal, Zero Trust focuses on validating every user, device and application whenever they interact with corporate resources. This approach assumes no digital edge and addresses modern challenges organizations might face more effectively.  

The volume of threats has also become indiscriminate between small and large organizations as cybercriminals are leveraging increasingly sophisticated attack methods to infiltrate organizations of all sizes. As organizations grow to focus on their core businesses, there is a shift in appetite in sourcing for third-party IT providers. Organizations now use third party providers for non-core IT functions, and integrating third party systems into their core IT. This approach increases data exchange between organizations and IT service providers to facilitate a more efficient way to achieve business objectives.

The increase in collaboration between companies has also resulted in tighter integration of data, between them and their suppliers, or between them and their customers. For example, a PC manufacturer may have their enterprise resource planning (ERP) system connected to their hard-disk manufacturer to better coordinate the assembly of a customized PC. Thus, we are beginning to see growing connections among different organizations, and among organizations and their employees.

What are the primary challenges associated with securing a large number of computers individually?

Yeo: Scalability of operation and cost are among the primary challenges associated with securing a large number of computers individually.

Another new challenge brought on by the COVID-19 pandemic is the geographical sprawl of these corporate resources. With employees working from home, or in remote areas, the ability to update resources and devices effectively while remotely also poses challenges.

Remote work has allowed employees more access to company resources and data from various locations and devices outside of the traditional corporate network. This has resulted in a growth in the number and diversity of endpoints that need to be secured.

Organizations are also adopting cloud-based services and applications to support remote work. This also means multiple endpoints for the cloud environment must be secured. Employee behavior and remote working are also closely linked when examining factors contributing to an organization’s cybersecurity.

In what ways does the concept of “defense in depth” diminish the importance of the sheer number of computers in enterprise security?

Yeo: Defense in depth is an approach where layers of security measures are put in place to protect against threats. Instead of relying on a single computer or device for security, these layers aim to add levels of protection across the enterprise network.

If one layer is compromised, the other layers can still provide protection, reducing the overall risk of a security breach. Defense in depth allows security measures to be efficiently scaled to meet the size and complexity of the IT infrastructure. It ensures security is not solely dependent on the sheer number of computers but rather a comprehensive strategy that can be flexibly adjusted to the organization’s needs.

How do advancements in cloud computing and virtualization technologies impact the relevance of counting individual computers in security strategies?

Yeo: Cloud environments often centralize management and control, reducing the need and emphasis on individual computers. This may result in security strategies shifting to securing the cloud infrastructure rather than individual computers.

Virtualization is the process of creating virtual representations of servers, storage, networks, and other physical machines, and it requires physical machines to run on. Thus, both components – the virtual instances and physical machines – need to be protected.

The easy creation and decommissioning of virtual instances also mean that security policy and posture have to respond appropriately and speedily.

What role do centralized management and orchestration platforms play in mitigating security risks across multiple computers?

Yeo: A lack of visibility and manageability of complex IT and OT environments would be the most challenging issues for organizations. Having a unified platform for managing security and compliance risks allows organizations more oversight, allowing for a more secure, transparent and efficient approach.  

These platforms involve the automation and management of policies across multiple systems, applications and devices. The goal is to provide a centralized platform where an organization defines a set of security policies that apply to all its applications. This may include the ability to configure alerts and automate responses to potential threats which helps to save manual effort and time.  

Why is it increasingly important to focus on securing data and identities rather than individual machines?

Yeo: Data and identity security remain the top priority as processes become streamlined and security risks are increasingly becoming a major obstacle to the digital business transformation.

In 2023, Kaspersky’s solutions detected and intercepted over 13 million web threats aimed at businesses in Southeast Asia.  The concept of identity does not only apply to employee accounts but also to servers and applications. The number of non-live accounts often greatly outweighs the employee headcount.

Data protection has become a necessity for organizations. According to a recent survey by Kaspersky, small businesses are aware of the importance of data protection with 62% saying it is a concern and more than a quarter, 27%, identifying it as the most important issue in their businesses. Additionally, Kaspersky data has revealed that an average breach costs US$105,000 for small and medium-sized enterprises (SMEs), and US$927,000 for enterprises in Southeast Asia.  

Data is now more commonly stored in data centers or a cloud storage service – to be retrieved when needed rather than locally in individual machines.  Thus, prioritizing securing data and identities rather than individual machines allows organizations to focus and allocate resources more efficiently.

In a nutshell, what are the benefits of a holistic, risk-based approach to cybersecurity over a strategy focused on securing each and every computer?

Yeo: Cybersecurity management is a complex and rigorous process. A holistic, risk-based approach allows for a more efficient allocation of budgets, cybersecurity efforts and strategies.

This approach provides comprehensive coverage across an organization’s digital environment, prioritizes and addresses the most pressing and significant risks by considering the potential impact of the threats, and can adapt flexibly to emerging trends and threats.

A holistic, risk-based approach is essential to building a resilient defense against a wide range of threats and improving one’s cybersecurity readiness.