EXCLUSIVE – Expert shares insights on the changing cybersecurity landscape in Asia Pacific region
Given technological advancements and the rapid proliferation of Internet of Things (IoT), our world is increasingly interconnected. Governments and businesses across the globe also seek to leverage technology to improve their products and services to citizens and customers. While digital technologies present new opportunities and transform the way we live and work, the digital disruption also brings out new challenges, particularly in cybersecurity.
Recently, OpenGov had the privilege to speak to Mr Stephan Neumeier, Managing Director of Kaspersky Lab Asia Pacific, on the fast-changing cybersecurity landscape in the Asia Pacific region and how organisations can better prepare themselves to deal with cybersecurity threats.
When asked to comment on how the cybersecurity landscape has evolved and some of the emerging trends, Mr Neumeier shared some of his observations that 2017 has seen “the most intensive of cybersecurity incidents”.
“Unfortunately, most of what our researchers at Kaspersky Lab has projected to happen were brought to fruition --- espionage has gone mobile, APTs attacked enterprise networks, financial attacks continued, a new wave of ransomware attacks came about, critical ICS processes were disrupted, poorly secured IoT devices were targeted, and even information warfare figured last year,” he said.
This year, he saw a continuation of these attacks and much more as the themes and trends build on each other, year after year, expanding further the threat landscape where individuals, businesses and governments are relentlessly pursued and attacked.
Cybersecurity challenges in Asia Pacific
As different markets may face different challenges, depending on the region’s capabilities to tackle and mitigate cybersecurity threats. OpenGov asked Mr Neumeier his views on whether the Asia Pacific region face similar or unique challenges compare to the rest of the world.
According to him, the Asia Pacific market is very different and unique from other regions globally, especially from a cultural perspective.
“It is a very young region with a very significant number of millennials growing up. Not to mention that it consists of the two most populated countries in the world, China and India. As internet is becoming a major part of our lives, these young generations require access to fast internet. To cater to these need, massive investments are being made by respective countries in the APAC to infrastructure to improve internet speed, making sure that their country are not left behind and to keep up with the growth of the technology space,” he said.
“With that, in the last few years, infrastructures within the APAC countries are beginning to have almost similar qualities as countries in Europe such as Switzerland and Germany. However, from a cybersecurity perspective, the awareness and understanding are not in the same level as those in these matured countries and this is a huge challenge for the APAC region. This is why, in this market, we should focus more in education and awareness of cybersecurity.”
On the level of cybersecurity awareness in the region, Mr Neumeier pointed out that although the region has a large number of active users of the Internet, there still appears to be a low awareness of cybersecurity among Internet users in this region.
Unfortunately, this low level of cybersecurity awareness combined with high Internet usage means that the Internet users in the region have been the prime targets of cyber threat attacks such as when the Naikon APT targeted top-level government agencies and civil military organisations or when the Wannacry and Petya ransomware outbreak began or when the Mirai malware unleashed DDoS attacks.
“Additionally, bring your own device (BYOD) is the big trend affecting how businesses operate online, with 72% of companies expecting to use the concept extensively in the near future, according to a survey by B2B International on behalf of Kaspersky Lab. It’s inevitable that in any company, small or large, many employees will use personal devices to connect to the corporate network and access confidential data. That’s why companies need to implement policies that safeguard both corporate and personal mobile devices,” he said.
“As a society, we need to find ways to raise awareness of the risks associated with online activity and develop effective methods to minimize these risks. There’s technology at the core of any solution to tackle cybersecurity. But it is most important to incorporate the human dimension of security, so we can effectively mitigate the risk,” he added.
“All it takes is a single person to bring it all down”
On the biggest cybersecurity threats organisations face today, Mr Neumeier highlighted the human factor in IT security, naming it “most common security vulnerability”.
He cited a recent global study conducted by Kaspersky Lab on cybersecurity awareness involving about 5,000 businesses, which showed that organisations are at a very real threat from within. According to this study, careless or uninformed employees account for about 52% as the top cause of data leakage in organisations worldwide.
“Taking a closer look at this study, it reveals that despite the rapid proliferation of destructive and more complex malware or Trojans, organisations should be more concerned about their most important asset - their people,” he said.
“You can have the best technical means and the most thought-out security policy but it is never enough to protect your organisation from cyberthreats. All it takes is a single person to bring it all down,” he added.
However, he also pointed out that in most case, it is unintentional because that one employee is unaware of threats and doesn’t have the basic cybersecurity knowledge. According to the cited study, an approximate 65% of organisations now already invest in employee cybersecurity training to close this loophole.
Data breaches affect both large and small organisations, with average losses from data breaches currently passing the $1 million mark, a significant jump over the past two years.
“For enterprises, the average cost of one incident from March 2017 to February 2018 has reached $1.23 million, which is 24% higher from 2016-2017. For the SMBs, it’s an average of $120,000 per cyber incident, which only costs $32,000 more than a year ago,” he shared.
Mr Neumeier iterated that whether it is a massive cybersecurity incident or small-scale one, about 80% of them point to having been caused by human error.
“More than ever, cybersecurity awareness and education are now critical requirements for organisations of any size that is faced with the prospect of falling prey to cybercriminals. At this point, there is a definitive need for organisations regardless of size for solutions that provide centralized security management of networks combined with training that zeroes in on the ‘how’ part of the equation.”
Importance of an effective cybersecurity strategy
Organisations need to develop an effective and all-round cybersecurity strategy to protect its assets and interests. Mr Neumeier recommended a cyclical approach of continuous monitoring and analytics in building an effective cybersecurity strategy.
“Twenty years in the industry has taught us that what makes the most sense for enterprise IT infrastructure to have true cybersecurity is to put in place a cyclical adaptive security framework. This would have to be a flexible, proactive multi-layered protection infrastructure which dynamically adapts and responds to the ever-changing threat landscape,” he said.
According to him, Kaspersky Lab’s security architecture is based on a cycle of activities, comprised of four key segments namely Prevent, Detect, Respond, and Predict.
He continued to explain, “At the core of Kaspersky Lab’s True Cybersecurity is HuMachine Intelligence, a seamless fusion of Big Data-based Threat Intelligence, Machine Learning and Human Expertise. We have designed it so because we believe we’re in a never-ending arms race --- IT threats are dramatically evolving day in and day out and here we are totally focused on following the trail of hackers and further refining our solutions so we stay ahead of them. It’s a continuous process.”
Key components of cybersecurity resilience
On how threat intelligence and endpoint detection can protect organisations and boost organisations’ ability to respond to threats, Mr Neumeier stated that targeted attacks have become one of the fastest growing threats in 2017.
“It used to be that organisations employ endpoint protection platforms (EPP) to control known threats such as traditional malware or unknown viruses which might use a new form of malware directed at endpoints. However, cybercrime techniques have significantly evolved such that attack processes have become aggressive and expansive in recent years,” said Mr Neumeier.
It is alarming that the specifics of the targeted attacks that cybercriminals use, and the technological limitations of traditional endpoint protection products mean that a conventional cybersecurity approach is no longer sufficient.
The cost of incidents associated with simple threats is negligible at US$10,000 compared with an advanced persistent threat (APT) attack which would set an organisation for about US$926,000.
“To withstand targeted attacks and APT-level threats on endpoints, organisations need to consider EPP with endpoint detection and response (EDR) functionalities,” the expert said.
“EDR is a cybersecurity technology that addresses the need for real-time monitoring, focusing heavily on security analytics and incident response on corporate endpoints. It delivers true end-to-end visibility into the activity of every endpoint in the corporate infrastructure, managed from a single console, together with valuable security intelligence for use by an IT security expert in further investigation and response,” he explained.
According to Mr Neumeier, an organisation needs an EDR if it is looking at a proactive detection of new or unknown threats, previously unidentified infections penetrating it directly through endpoints and servers. This is achieved by analysing events in the grey zone, home of those objects or processes included in neither the “trusted” nor the “definitely malicious” zone.
Depending on each organisation’s maturity and experience in the field of security, and the availability of necessary resources, some businesses will find it most effective to use their own expertise for endpoint security but will take advantage of outsourced resources for more complex aspects.
Meanwhile, they can build up in-house expertise with skills training, through access to a threat intelligence portal and APT intelligence reporting, and using threat data feeds. Or — particularly attractive for overwhelmed or understaffed security departments — they can adopt third-party professional services from the outset.
Kaspersky Lab’s approach to endpoint protection includes the following components: Kaspersky Endpoint Security, Kaspersky Endpoint Detection and Response, and Kaspersky Cybersecurity Services.
For organisations unable, for reasons of regulatory compliance, to release or transfer any corporate data outside their environment, or that require complete infrastructure isolation, Kaspersky Private Security Network provides most of the benefits of global cloud-based threat intelligence as provided by Kaspersky Security Network (KSN,) without any data ever leaving the controlled perimeter.
To counteract advanced threats and targeted attacks, businesses need automated tools and services designed to complement each other and help security teams prevent most attacks, detect unique new threats rapidly, handle live attacks, respond to attacks in a timely manner, and predict future threats.
On prevention as a key line of defence, Mr Neumeier gave the following suggestions on measured that organisations can take to prevent cybersecurity incidents:
“We cannot emphasise it enough - that preventing cybersecurity incidents from happening or damaging our organisation’s finances or reputation, starts with raising awareness and education.”
In this, he urged organisations to strengthen the weakest links, toughen the target systems and assets, and improve the effectiveness of current solutions to keep up with the modern threats.
At the same time, Mr Neumeier emphasised the importance for organisations to be well equipped with threat intelligence.
“This is moving from a reactive security model to a proactive security model based on risk management, continuous monitoring, more informed incident response and threat hunting capabilities,” he said.
“As we say at Kaspersky Lab, prediction is doing more to guard against future threats. Having access to cybersecurity experts that will keep organisations updated on the constantly-changing global threat landscape and will help them test their systems and existing defenses is a vital element to help them adapt and keep pace with emerging security challenges”.
Tips on how to keep up with the fast-changing cybersecurity landscape
As we face increasing cybersecurity challenges, what can organisations and individuals do to protect themselves?
For organisations, Mr Neumeier spoke on the importance of having cybersecurity trainings and adopting a cyclical approach to cybersecurity strategy.
“Based on how we conduct our cybersecurity trainings, here are two quick tips: One, avoid abstract information and focus on certain practical skills. Second, instruct different groups of employees differently,” he shared.
“Educating the staff on the motivations of security policies, the importance of working safely and how to contribute to the security of their organisations can help mitigate the risk of security incidents and safeguard what is truly important - their data.”
He also underscored the importance of having a new mindset in the face of new threats. Here are some of the best practices he shared on how individuals can to be risk-ready in the world of advanced attacks and epidemic outbreaks:
1. Remember the weakest link. Be aware and knowledgeable about cybersecurity.
2. Invest in technology. Shift your focus towards a proactive protection approach that goes beyond prevention; should be adaptive, advanced, predictive and involve human expertise
3. Back up
5. Secure your network with a strong password.
“There exists today a great deal of highly-motivated cybercriminals who will try to find all points of vulnerability in an Internet user or within an organisation just to get what they want. Most of the time, the road to remediation and recovery is complicated and expensive, whether the victim is an individual or an institution,” he concluded.
What’s a Rich Text element?
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
Static and dynamic content editing
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
How to customize formatting for each rich text
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.