We interview a top-rated cyber-resiliency firm for ways businesses can stay vigilant and proactively resistant to state-sponsored attacks.

Last year, Singapore and the world saw a rising number of high-profile cyberattacks. According to US cyber-security firm Carbon Black, 96% of organizations in Singapore reported at least one breach in the past 12 months. Statistics from the Cyber Security Agency of Singapore also noted that cyber-crimes were up 15% in 2018 compared to 2017, and businesses lost nearly S$58 million to email impersonation scams in 2018, a third more compared to the year before.

In view of these rising concerns and increased sophistication of cyber-attacks, CybersecAsia noted that even a renowned specialist such as Kroll—a consultancy in corporate investigation, risk consulting, compliance, cybersecurity and incident response—cannot remain complacent, but continue to acquire new intellectual property to expand its repertory of expertise. The deal is expected to enhance the firm’s suite of end-to-end cyber resiliency solutions to its clients.

How does such mergers help forensic cyber specialists to dissect hack-ins and sniff out cyber-fraud and other malicious activities? How can firms in the region tap on such services to toughen their defences? CybersecAsia did a Q&A with Kroll APAC’s leader and managing director Paul Jackson for some neutral insights.

CybersecAsia: Given the contenders available for acquisition, can you elaborate on the particular strengths that RP Digital Security offered to Kroll in being targeted as the right fit for Kroll’s operations and regional business strategy?

Jackson: RP Digital Security is a market leader in computer forensic investigations, incident response, digital security and eDiscovery services. The company has deep cyber investigation experience, including a track record for investigations of data breach, ransomware, business email compromise, internal employee checks, and remediation and recovery guidance.

Kroll believes that the existing talent within the RP Digital Security team will enhance our own growing global cyber investigation team and add to our already strong capability in the sector. Rob Phillips and the RP Digital Security team are proven experts in managing cyber incidents effectively and have built up trust and depth of experience in dealing with clients whose brand and reputation are at stake.

The acquisition of RP Digital Security will further strengthen Kroll’s ability to respond to incidents and provide clients with best-in-class services.

CybersecAsia: Compared to the rising rate of high-profile cybercrimes in Singapore, how do the other countries in the APAC region fare in terms of preparedness and mitigation capabilities? Can you shed light on low-profile or unreported cybercrimes in the region as well, and the demographics behind non-disclosure or transparency?

Jackson: The rise in reported cybercrime is not unique to Singapore and can be attributed in no small part to regional strengthening of cybersecurity and data privacy laws and regulations. Public awareness of the fact that it is a fundamental responsibility of organizations to protect personal data has led to a changing of attitudes among boards and leadership in how they approach cybersecurity and breach notification.

The fact remains though that very few organizations are truly prepared for the worst-case scenario. Increased spending is being made on security tools and personnel, but thorough testing and in-depth simulations are rarely done. Thus, if there is an incident, organizations often find that the security they have in place is not as effective as they had thought and that they are unprepared for the complexities of a real incident.

The decision to go public is a difficult one for all organizations to make when an incident occurs. The reputational, legal and cost implications can be severe—but the cost of non-transparency can be even higher! The growth in cyber insurance is also having an impact: when the costs of an investigation are being covered, these decisions are sometimes made much easier.

CybersecAsia: The recent Iranian-US spat has put all countries on high alert due to Iran’s (and its supporters’) cyber espionage capabilities. What can we expect in terms of likely vectors and end-goals of the attackers? Should insurance coverage be strengthened against ransom payments?

Jackson: Businesses operating in Western countries across all industries have been on alert for cyberattacks by Iran state-sponsored groups and/or pro-Iran factions as Iranians and their allies may seek to respond to the killing of Major General Qassem Soleimani on 3 January 2020 with asymmetric attacks, as they have consistently done so over decades.

Regional allies of the USA, international assets, as well as corporate interests especially those with a high profile or assets of a high symbolic value, or seen as being aligned with the US government, could be targeted.

Iranian state-sponsored and affiliated actors are increasingly using ransomware as an attack vector. While many insurance policies have provisions to reimburse ransom payments for organisations, organisation should be aware that it is illegal for them to make these kinds of payments to countries sanctioned by regulatory agencies like the Office of Foreign Assets Control in the US, or the Office of Financial Sanctions Implementation in the UK. Violations can lead to civil and criminal penalties. Therefore, it is imperative that organisations consider the ramifications of a cyberattack by actors in sanctioned countries and adjust incident response plans accordingly.

In view of this, Kroll recommends that companies conduct an immediate review to strengthen their cyber posture in five critical areas:

  • Activate or accelerate a vulnerability management program that includes security patches and penetration testing
  • Deploy endpoint monitoring throughout as many systems as possible
  • Expedite implementation of multifactor authentication (MFA) across all sensitive systems (email, financial, HR, etc.)
  • Implement a disaster recovery and business continuity program that includes redundant offline backups
  • Source and validate threat intelligence expertise to provide broader insight into specific regional and industry actors

CybersecAsia: With Kroll’s newfound security capabilities, how can Operational Technologies and Critical Information Infrastructures (CII) of large (and/or underdeveloped countries) tackle and foil notorious groups such as APT33?

Jackson: There are many organized crime groups (such as APT33) around the world with increasingly sophisticated capabilities in the realm of cybercrime. Defending against such capabilities is never easy and there are no magic solutions. Kroll handles more than 1,500 incidents every year globally and is well positioned to assist clients to assess their current security posture and enhance their capability to monitor, detect, investigate and remediate threats. Kroll’s global team of highly experienced experts have a unique standpoint in this.

Most importantly, Kroll is independent of any cybersecurity product and so we can provide objective and independent advice based on real-world knowledge. Strengthening the in-house team’s capability to defend the organization day-in day-out should be a top priority, and Kroll prides itself on meeting these needs by sharing best practices and helping to test these capabilities.

A combination of robust oversight and governance, well-trained internal cybersecurity staff and the correctly selected (and deployed) security tools and monitoring will go a long way to protect an organization.