JM: The Principle of Least Privilege is the practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform legitimate functions for the time needed to complete the task. It is a timeless security concept that is just as effective today as when it was first discussed over 40 years ago.

While technology and cyber-attacks continue to get more sophisticated the reality is that all attacks rely heavily on the privileges of the account, application or user that they compromise. Even in the case of zero-day exploits – where an attacker leverages a previously unknown vulnerability – minimizing the privileges associated with the system or user being targeted can vastly limit the impacts of the attack.

In modern complex IT environments it is crucial to gain visibility across an organization’s identity fabric, to uncover all the identities, accounts and privileges in order to continuously drive towards least privilege and understand the identity attack surface. IAM and security teams are in a far stronger position to defend and mitigate the risks associated with sophisticated identity-related attacks when they have this visibility and the tools in place to protect paths to privilege.

What should organizations in APAC do to provide visibility and protection in the context of identity security?

JM: Having a robust Privileged Access Management strategy is essential for organizations to mitigate cybersecurity threats. This includes both removing and securing privileges. Our reports have previously shown that historically 75% of Microsoft critical vulnerabilities can be mitigated through the removal of local admin rights and the controlling of process execution. It is equally important that credentials associated with highly privileged accounts are rotated regularly or cannot be reused. This lowers the possibility of successful password spraying attacks using credentials that have been stolen or re-used.

Identity threats cross domains and organizational silos, we are seeing greater numbers of identity-related attacks start in the cloud and then migrate to on-premise or vice-versa. This means it is critical for security teams to have a unified, cross-domain view of their identity estate, including identity providers (IdP), cloud providers, SaaS applications, etc., to identify hidden threats and indirect paths to privilege that can be leveraged by attackers.

What are some trends in cybersecurity that organizations in APAC should take note of in the second half of the year?

JM: Many of the trends we see for the remainder of 2024 are the continuation of existing trends, but with potentially greater sophistication.

Ransomware continues to be a thorn in the side of many businesses and governments across the region. In the first part of the year we saw a significant increase in ransomware attacks in the Philippines while last month it was reported that a variation on the Lockbit ransomware was being used in attacks on Philippine government systems.

Earlier this year the Cyber Security Agency of Singapore (CSA) released its annual cybersecurity health report that identified ransomware as the number one cause of cyber incidents for Singaporean businesses.

As cyber-defenders we need to remember that ransomware is not magic. It can only leverage the privileges of the user or application that launches it. That is why enforcing least privilege is so important in defending against this type of attack.

Supply chain attacks, where attackers utilize the access provided to suppliers or contractors of their actual target, to gain initial access are also continuing. It is a problem that has been called out by the likes of the Australian Prudential Regulatory Authority (APRA), the government agency overseeing the financial services sector in Australia.

We have seen across the Asia Pacific region attacks where third-party access to systems – often via VPN – have been leveraged to steal and encrypt sensitive customer data. Organizations need to implement more secure remote access solutions that again limit the privileges available to contractors and suppliers to just those needed to complete the task but can also log and help identify potential attacks.

Finally, while much has been made of AI providing greater sophistication and scale to cyber-attacks, we are also going to see a greater use of AI to help us defend against attacks and make our defenses more robust. As mentioned earlier, for example, we can already use AI to help uncover hidden threats or paths to privilege within our identity estate.