How cybersecurity postures quickly become outdated and vulnerable in today’s threat landscape.
Legacy systems can still be found at the heart of many organizations, despite the need to digitally transform. These systems often pose a major threat to organizations, making them highly susceptible to cyber-attacks.
ExtraHop’s latest cyber confidence index revealed that 54% of organizations in Asia Pacific (APAC) last updated their cybersecurity infrastructure in 2020 or before, with 76% being concerned that their legacy systems would be attacked.
The frequency of ransomware attacks makes it all the more concerning, with only 17% of respondents in APAC reported that they did not experience a ransomware attack over the past five years.
There’s a real urgency now for investment and action in cybersecurity infrastructure. CybersecAsia discussed the security implications of legacy environments, the very real threat of multiple breaches, and how quickly cybersecurity postures can become outdated and vulnerable, with Daniel Chu, Vice President of Systems Engineering, Asia Pacific and Japan, ExtraHop.
How do legacy systems aggravate vulnerability in the light of increasingly sophisticated cyberthreats?
Daniel Chu: Legacy systems are easy prey to cyber-attackers and pose a range of issues for organizations that still make use of them today. When a vendor stops providing support for software or applications, it leads to security concerns being magnified. An organization’s environment can be much easier to access via a known vulnerability if it’s running outdated software in its environment.
When widespread exploits like Log4j are discovered, they become standard items in vulnerability scanners and in the toolkits of hackers. Nearly all legacy systems, designed in-house or supplied by vendors, have inherent risks, and thankfully, organizations in APAC recognize this risk, with 76% of organizations worried that their legacy systems are at risk of being attacked.
What do businesses need to focus on to improve their cybersecurity infrastructure in terms of technology?
Chu: Cyber-attackers do not discriminate and will menacingly target organizations across industries regardless of size. They know that the manner businesses deliver their services and operations is through their mission-critical digital assets. Thus, there is a need to focus on cyber risk as an enterprise-wide risk. Implementing enterprise risk management (ERM) is vital to achieving real business goals via effective and efficient risk analysis and management. An effective ERM approach also provides better visibility for emerging risks and potential impacts, giving organizations the time to prioritize valuable solutions.
With threats everywhere, organizations need to establish a risk management strategy that quantifies and mitigates cyber risk. This is why it is fundamental that businesses anchor their strategy around the three pillars of assess, reduce and manage.
These three fundamentals are crucial if organizations are to be open with themselves about their security posture, which is essential in avoiding losses that will damage reputation and revenue.
Another area of improvement that all organizations have to take note of is upgrading their cybersecurity technology. Investing in the right technology like network detection and response (NDR) allows organizations to monitor their networks in real-time for potential cyberattacks and tailor effective responses that prevent attacks from escalating.
This technology merges previous known attack behavior and the capability of understanding the usual operations of an organization to alert security teams about unusual shifts in the system. Analyzing information from the east-west corridor, it detects threats and provides the best response.
What talent and skills do businesses need to develop threat identification against cyberthreats?
Chu: The cybersecurity skills shortage is a very real global problem, but is especially acute in Asia Pacific Training and development is crucial, not just for developing and retaining cybersecurity talent, but also for inculcating a zero-trust approach across an organization.
Furthermore, organizations are in a bind over how to empower Security Operations Centers (SOCs) to derive actionable insights from large datasets, without burdening security operations (SecOps) teams further.
This highlights the clear need for enhanced automation and orchestration to take the pressure off human analysts.
Organizations should also consider using SOC metrics, so that SecOps teams can assess and analyze statistics around the number of incidents handled, time from detection to eradication, and the number of incidents closed in a single shift. This ensures the business is armed to fend off the threats of today by laying out a compelling story of the importance of SecOps.
Enhancing collaboration by eliminating silos is also crucial, as integration heightens transparency and decision-making. Non-technical skills should also not be overlooked, as they can be as crucial as technical expertise. For example, having adequate and strong communication skills facilitates information sharing and response against a potential threat.
What role does social engineering play in improving businesses’ cybersecurity posture?
Chu: Social engineering is a technique used by threat actors to trick employees in an organization into passing sensitive data or privileged access through malware or phishing. Cybercriminals often leverage easily findable personal information about the victim to craft their attack.
Educating employees about this threat and other security hygiene basics should be considered a security best practice.
APAC organizations need to add this to their security checklists for 2022 as ExtraHop research revealed only 58% of organizations train their employees to recognize social engineering cues. However, 47% plan to implement a social engineering strategy in 2022.