As we enter the last quarter of 2022, how have global events and trends impacted the cybersecurity landscape in Asia Pacific?
To say that the first three quarters of 2022 have been eventful would be an understatement.
As the world tried to resume some semblance of normality while the COVID-19 pandemic continued its course, many organizations have accelerated their digital transformation, and moved from remote working to hybrid working arrangements.
Cross-border travel has gradually resumed, adding another dimension to the hybrid work-from-anywhere trend.
Adoption of automation – as part of the accelerated digital transformation – has also contributed to a faster pace in IT-OT convergence across industries.
Meanwhile, the Russia-Ukraine conflict is still ongoing, causing major disruptions to the global supply chain.
How have these events and developments affected the cybersecurity landscape in the Asia Pacific region? CybersecAsia finds out from Daniel Kwong, Field CISO, South-East Asia and Hong Kong, Fortinet.
What are some key cybersecurity trends and threats you’ve identified across the major industries in Asia Pacific?
Kwong: Noticeably, the rapid pace of digitization has raised complexity. Therefore, integration is emerging as a key issue for organizations looking to secure themselves as they strive for digitization. With limited time for integrating disparate security products, the convergence of networking and security coupled with integrated cybersecurity platforms is critical.
Awareness of the fact that attackers are capitalizing on new vulnerabilities—both zero- and n-day exploits—is critical, as threats are compromising entire systems much quicker than before. For example, ransomware-as-as-Service (RaaS) enables more threat actors to leverage and distribute the malware without having to create the ransomware themselves.
As political conflict increases across Asia, so does hacktivist activity. These attacks have ranged from major public services to retail shop displays. Attackers also have more tactical variance than before, with dual-stage attacks following reconnaissance a popular mode of executing an operation.
Finally, we are also seeing a rise in attacks targeting operational technology (OT). Our recent survey found that 93% of OT organizations experienced at least one intrusion in the span of 12 months and 78% had more than three intrusions. As a result of these intrusions, nearly 50% of organizations suffered an operation outage that affected productivity, with 90% of intrusions requiring hours or longer to restore service. Additionally, one-third of respondents saw revenue, data loss, compliance and brand-value impacted as a result of security intrusions.
While the OT-IT convergence compels businesses to improve OT security, security gaps still exist. Many organizations face challenges with using multiple OT security tools, further creating gaps in their security posture. Our report found that a vast majority of organizations use between two and eight different vendors for their industrial devices and have between 100 and 10,000 devices in operation, adding to complexity.
With cross-border travel resuming, and hybrid work arrangements in many organizations, what are the top cyber-hygiene tips travelers and work-from-anywhere employees need to take note of?
Kwong: Cyber hygiene is critical, especially with the dramatic increase in the exposed network edge. Poorly protected endpoint devices and networks can be targeted and exploited by malware, ransomware, and other threats that continue to challenge organizations. Organizations should ensure their employees are aware of best practices such as avoiding the use of public networks, ensuring applications are updated and avoiding third-party apps with dubious privacy terms and conditions.
However, equally important is the need to ensure secure, remote connectivity for all endpoints, especially as business travel resumes and flexible work arrangements continue. Amid increasingly distributed networks and the rapidly dissolving network perimeter, moving to modern endpoint security solutions and embracing a zero-trust model is imperative. This enhances visibility into devices and their state, while facilitating user access without compromising valuable assets.
How does automation help CISOs and security teams combat evolving cyberthreats, in particular the more sophisticated tactics and techniques employed by cyber-adversaries today?
Kwong: Automation is key for lean security teams to help reduce reaction times and offload mundane tasks from SOC analysts. Consider a threat feed with threat intelligence and with policies being applied. Without that, organizations would be lost, as the sheer volume and speed at which potential threats move can be overwhelming.
Where machine learning and AI come in, is for detecting the unknown unknowns. AI is the action piece, whereas machine learning (ML) is the learning piece. Organizations need to be able to leverage both to effectively secure against various attack vectors. By utilizing machine learning and AI, organizations can reduce risk dramatically.
The other side of the coin is two-pronged in that there is an acute skills gap which can drive up operational expenditures due to the high demand and low supply. Machine learning goes a long way to not only replace but fill those gaps. We know there is a shortage in the workforce globally, not just in cybersecurity, of course, so how do you address that gap? This is where machine learning solutions and an integrated approach to security can support skilled employees.
Fundamentally, automation, AI and, ML offer organizations the opportunity to overcome existing labor market challenges. They are also able to maximize their human resources by freeing them from the burden of processes that are repetitive, and which are prone to slip-ups.
For organizations in this region, what are some best cybersecurity practices you’ve noted?
Kwong: The region’s organizations must be proactive by taking pre-emptive steps to improve their security posture. Moreover, given the destructive potential of state sponsor attacks, it is crucial for organizations to be aware of the threat and take steps to protect themselves. This includes things like hardening systems and networks, improving detection and response capabilities, and increasing awareness and training among employees.
This can be achieved by ensuring security processes are aligned with the organization’s workflows and people. An integrated security platform such as a mesh architecture, can provide total visibility and consistent security across endpoints, networks, and clouds, but must also ensure usability so that even the least tech-savvy team member can continue working effectively and efficiently.
Zero trust should also scaffold organizations’ cyber strategy to ensure they are perpetually prepared to hound out threats and mitigate their impact. Pairing this with adequate and regular employee awareness training will arm organizations to keep threats at bay.
Being cognizant of the importance of a comprehensive and proactive approach to protecting assets also enables organizations to gain resilience and avoid the pitfalls of a cyber incident such as disruption to operations, reputational damage along with direct financial losses. An integrated cybersecurity platform enables consistency, seamless interoperability and complete visibility, as well as granular control for hybrid deployments.