As cybercriminals and state-sponsored threat actors ramp up their attacks, previously adequate cyber defense strategies need to be tightened and updated
With over 400m internet users (and growing) in the South-east Asia region (SEA), the threat surface of cybercrime is ever-increasing, thus expanding the incentive and potential reward of cybercriminal activity.
Server access attacks, ransomware and data theft are the more dominant cyber threats seen in SEA, with underfunded and unsecured infrastructure in countries such as Malaysia, Indonesia, and Vietnam allowing for attackers to compromise or gain control of assets within a network and spread to other devices on the same network.
To evade increasingly sophisticated security controls, cybercriminals are also resorting to deepfakes. In one survey by VMware, two out of three respondents saw malicious deepfakes used as part of an attack, a 13% increase from 2021. Email was the top delivery method for deepfakes, which corresponds with the rise in Business Email Compromise (BEC) across the industry.
Aware of the rising attacks, countries are slowly increasing cybersecurity spending, with the APAC region increasing cybersecurity spending to over $31bn, a 15.5% boost. Many countries are also setting up more rigid cybercrime regulations, such as the recently bill in the Philippines aimed at combatting cybercrime in the financial sector..
Updated defense strategies
To efficiently and effectively address the most prominent methods of cyberattack in SEA, security teams need to evolve their defense strategies.
Here are a few additional best practices to consider:
- Focus on workloads holistically: Many companies focus on keeping compromised applications and devices out of the network. However, rather than just looking for anomalous behavior and vulnerabilities at these entry points, companies must understand the inner workings of their entire workload.
- Inspect in-band traffic: Many modern attacks succeed by disguising themselves as legitimate IT practices. For example, by using accepted protocols (such as the LDAP protocol that companies use to store usernames and passwords), attackers may connect to systems that should be off-limits. Do not assume traffic shipped in a familiar wrapper is safe.
- Integrate network detection and response (NDR) with endpoint detection and response (EDR): Detection and response technology employs real-time, continuous monitoring of systems to detect and investigate potential threats before using automation to contain and remove them. By bringing together EDR and NDR, enterprises can have access to a broad and deep data set to lay a solid security foundation, and gain visibility into both the endpoint and network—the basis of extended detection and response (XDR).
- Embrace Zero Trust principles: This broad approach to security assumes every digital transaction could be dangerous and emphasizes robust identity, access and attribute management for every interaction between users and resources and among resources themselves. In addition to continuous security monitoring, zero trust requires all users to be authenticated and capable of accessing only authorized, relevant systems. This reduces the blast radius of an attack by containing any east-west spread.
- Conduct continuous threat hunting: Security teams should assume attackers have multiple avenues into their organization. Threat hunting on all devices can help security teams detect behavioral anomalies as adversaries can maintain clandestine persistence in an organization’s system.