An Ox is usually a castrated adult male bull: so APAC enterprises should strive to have bullish cybersecurity in the months ahead!
Over the last 12 months, as business leaders across the Asia Pacific region (APAC) were scrambling to ensure continuity and resilience amid unprecedented change and challenges, we witnessed how cyberattacks increased in frequency and sophistication.
According to data from VMware Carbon Black, the attacks have become even more advanced. Forrester has predicted that cybersecurity trends and concerns will dominate the agendas of businesses and governments in 2021 as well, with an increased adoption of Zero Trust.
In the Lunar Year of the Ox, James Alliband, Security Strategist, VMware Carbon Black, points out the main emerging trends in APAC that can dictate the who, what, where and when of investing in cybersecurity:
- Fortifying the supply chain
Island-hopping, otherwise known as supply chain attacks, are emerging as the next style of attack enterprises need to be prepared for. This involves an attacker infiltrating an organization’s network to launch attacks on other businesses along the supply chain.
Attackers use vulnerabilities in the first company’s defenses as a point of entry to the second, third and so on. More often than not, these attackers use compromised software that can be very difficult to detect if it has been altered at the source, making it harder for organizations to respond and contain the threat before the attacker infiltrates the entire supply chain.
This also means today, a third-party provider may be the weakest link for an enterprise’s security posture. In Singapore, the Monetary Authority of Singapore (MAS) recently announced a new set of central banking rules for all financial services and e-payment firms in the wake of a similar attack. This vulnerability exponentially expands the enterprise attack surface, and enterprises that previously adopted a multi-vendor approach for different areas of technologies now face significant risk exposure across these varied vendors.
To mitigate risks, enterprises can consolidate vendors to reduce supply chain vulnerabilities with a shift towards strategic players and platforms that can cover more ground. While the onus of accountability and security patching remains on the vendor, enterprises should also conduct regular risk assessments and threat hunting to ensure environments are secure.
- Securing a balanced hybrid workforce
The rushed adoption and transition to remote-working in 2020 posed major cybersecurity challenges for enterprises.
Enterprises that loosened cybersecurity infrastructures to support remote-working for their employees have also created security gaps. For example, an overreliance on public clouds by a remote workforce creates the opportunity for cloud-jacking, which may become the new island-hopping strategy of choice for cybercriminals in 2021. The responsibility of security is now distributed to everyone within these enterprises and every user must be prepared for malicious attempts such as phishing attacks.
According to IDC, creating digital parity will be a priority in 2021. According to its forecast, by next year, the top 2,000 public companies in the world will have spent an additional USD$2bn on desktop and workspace-as-a-service. Some 75% of these companies will be incorporating employees’ home networks and workspaces as part of the extended enterprise environment. Hence, it will be essential for organizations to rethink their cybersecurity defenses and training to ensure secure operations.
- Securing accelerated cloud migration with DevSecOps
In addition to having employees work remotely, enterprises have been migrating their applications and data to the cloud for some time now. However, the rush to support a fulminant distributed workforce and drive business continuity has accelerated cloud migration exponentially.
This hastened cloud migration requires enterprises to adjust to securing their remote users, applications and data storage, while also building the security to reinforce exposure points. To do this, enterprises may actively ramp up their cloud security options to consistently identify risk, prevent, detect and respond to threats across the business, as well as secure access services as part of their remote working infrastructure.
One of the main challenges that comes with this migration is the pressure on IT and security. A hybrid workforce (home and office) involves different work hours, locations and variable spikes in network traffic, making threat identification a newfound challenge.
Many organizations have looked to integrate development, security and IT operations teams to create a DevSecOps team. The integration enables these teams, who traditionally work in siloes, to collaborate better with the same tools while driving greater efficiency.
- Evolving cybersecurity requirements
The Lunar New Year is traditionally seen as a herald of new beginnings. However, the global health crisis is not yet over, as demonstrated by many countries seeing subsequent resurgences of mass infections. Enterprises are likely to continue remote-work or hybrid work arrangements this year. Therefore, as digitalization in the region ramps up, the cloud will remain a sought-after technology for enterprise IT teams, subject to continual changes, challenges and even unpredictable turns of events.
Cybersecurity strategies will therefore need to be resilient, agile and scalable to address what the new year brings, not in an oxen manner but with the tenacity of a bull.
By adopting a bullish and strategic cybersecurity posture with the four factors above in mind, enterprises will be in a good position to focus on driving recovery, growth and resilience until the Tiger arrives.