Urgent digitalization; WFH vulnerabilities, and business distractions from the pandemic have led to the perfect cyber threat storm in APAC.
From February to June last year, the Asia Pacific region (APAC) saw the highest increase (68%) in the use of remote access technology compared to other regions. Recently, a study of cybersecurity incidents in the region by Cisco had concluded that four out of the top five markets with the highest percentage of major cybersecurity incidents were from Asia.
To find out if there is a link between the adoption of remote access technology in APAC and the recent high rankings in cyber-vulnerability, CybersecAsia interviewed Kerry Singleton, Managing Director of Cybersecurity, Cisco (Asia Pacific, Japan and China) for answers.
CybersecAsia: What are your thoughts about Asia’s high ranking for organizations reporting a major cybersecurity incident in the last two years?
Kerry Singleton (KS): The transition to a remote-working environment in the wake of the pandemic serves as a key reason for this. This shift upended the security architecture of many organizations because a significant proportion of endpoints suddenly transitioned to outside the corporate network perimeter. Also:
- Our 2020 Duo Trusted Access Report also revealed that APAC relied more on remote access technologies for a longer time as work-from-home arrangements continued. The region saw the highest increase in remote access technology (68%) use as compared to western markets like United States (51%) and the European Union (34%).
- Accelerated digital transformation and increased adoption of cloud technologies amid remote- working present a myriad of new challenges for organizations in the region. An increased digital footprint means that organizations face a growing attack surface and a dynamic threat landscape with adversaries carrying out more sophisticated and relentless attacks.
Moreover, companies’ cybersecurity preparedness levels also play a role in the rise of cyber incidents. According to Cisco’s Future of Secure Remote Work Report, around half (54%) of APAC respondents shared that they were only ‘somewhat prepared’ to support the sudden transition to a remote workforce. Notably, 7% of APAC respondents said they were not prepared for this transition. This stands at just 1% less compared to the global and western numbers.
In the future of work where employees expect to work from anywhere and on any device, security needs to be the foundation behind the success of any digitalization effort. Only then, will organizations be able to effectively secure a distributed workforce amid an evolving digital landscape.
CybersecAsia: Your study showed APAC with the highest increase (68%) in-remote access technology use (February to June 2020) as compared to other regions. What are some key cybersecurity threats and challenges coming out of this trend?
KS: One emerging trend we have noticed since the pandemic’s onset is that hybrid workplaces are here to stay. According to Cisco’s Future of Secure Remote Work Report, one-third of APAC respondents had said they expect more than half of their workforce to continue working remotely, compared with just 19% before the pandemic.
The same report also revealed that APAC respondents encountered the highest jump in cyber threat alerts globally: 69% encountered a 25% or higher jump in cyber threats or alerts since the start of the pandemic. Also:
- The top cybersecurity challenge faced by APAC organizations when supporting remote-workers was secure access (63%), defined as the ability to verify and establish trust no matter how or where users log in. With employees connecting remotely, it has become more crucial than ever to adopt a flexible yet holistic cybersecurity posture that protects users from the network, to the endpoint, to the Cloud. Other key cybersecurity challenges they faced include data privacy (59%), maintaining control and enforcement policies (53%), and implementing multi-factor authentication (59%).
- In terms of cyber threats, ransomware is undoubtedly one of the biggest threats globally and regionally. Globally, it is the second most common threat observed at the endpoint. Phishing attacks and other scams that take advantage of people’s fears during a crisis also continue to be on the rise as our personal and professional lives converge online. Cisco Umbrella found phishing treats jumped 40% between 2019 and 2020, driven partly by pandemic themes.
- Over the past year, malicious attackers have increasingly adopted new, innovative strategies to maximize the effectiveness of their attacks and force organizations to give in to their ransom demands. An approach known as “big game hunting” has gained popularity recently. In 2020, it was one of the biggest threats many organizations faced, with cases of successful attacks publicized weekly.
CybersecAsia: How should business and educational organizations mitigate the risks of work-from-home and home-based learning arrangements?
KS: Organizations need to ensure that security is at the heart of all their digitalization efforts. They need to invest in a robust cybersecurity infrastructure that will give them visibility of the users, devices, and the corporate applications and data they are accessing. Fortunately, as businesses embrace a hybrid workplace, cybersecurity now tops corporate priorities. According to our report on the Future of Secure Remote Work, 85% of APAC respondents said cybersecurity is important or more important than ever before.
When it comes to enforcing cybersecurity protocols, employee cyber-awareness training and corporate-culture changes are also crucial for organizations to strengthen their security infrastructure and adapt to the evolving cyber landscape. Lack of cyber-awareness and having too many tools or solutions to manage are top obstacles for APAC organizations.
By raising employee awareness on cybersecurity protocols and simplifying the whole process, organizations can protect themselves against these threats and ensure smooth, secure operations in a hybrid-work environment.
Aside from businesses, educational institutions also need to manage the risks amid a remote-learning environment while maintaining an ideal student experience, engagement and retention. With lessons conducted virtually, concerns surrounding the privacy of remote platforms and tools have risen. Collaboration tools must ensure security and privacy: there should never be a trade-off for convenience and simplicity.
CybersecAsia: With more than 3,500 security solution providers available, how should organizations deal with the complexity of security architecture and simplify the delivery of end-to-end security?
KS: Cybersecurity has historically been overly complex, with the constantly changing application environments, coupled with having multiple tools and solutions from a variety of providers. Organizations should opt for a simple, integrated approach that will address the cybersecurity challenges we face today. It is crucial to have complete visibility across the endpoint, users and applications to quickly implement policies and secure control points.
One of the best ways for organizations to simplify security is to adopt a Zero Trust approach that looks at security in three key areas — workforce, workload and workplace.
- Workforce: Protect users and their devices against stolen credentials, phishing, and other identity-based attacks. This can be done by using tools such as multi-factor authentication.
- Workload: Protecting the flow of information across your network, right from your data centers to the cloud and to end-points.
- Workplace: Ensuring that the office network is adequately protected so that IT teams are able to gain insights into users and devices, identify threats and maintain control over all connections in the network.
One of the best ways for organizations to simplify security is to adopt a Zero Trust approach that looks at security in three key areas — workforce, workload and workplace.
At the same time, organizations need a platform approach to simplify their security across the network.
Finally, organizations should also begin on their SASE journey to integrate multiple security and networking functions into one single enhanced platform to secure today’s distributed workforce.
CybersecAsia: There are 2.8 million cyber professionals in the world and 4 million unfilled jobs at the same time. How can we effectively bridge this talent gap?
KS: Continuous upskilling and retraining of talent serve as a key approach in bridging this talent gap. Cisco’s research in accelerating digital agility had revealed that over half (54%) of APJC respondents who were Chief Information Officers (CIOs) and IT Decision Makers were upskilling talent within the next 12 months, higher than the global average of 46%. Some 52% of them were also investing in talent in new areas.
On top of upskilling and retraining talent, organizations should look into emerging technologies like AI and ML to address the talent gap. Manual tasks can be largely eliminated, giving employees the freedom to take on more value-adding, meaningful tasks.
In the hybrid future of work, the skills that are in demand will continue to evolve, and we foresee that increased automation will continue to shape the skills and talent landscape.
CybersecAsia thanks Kerry for his insightful responses.