We are creating some awesome events for you. Kindly bear with us.

Exclusive: Why tech savvy enterprises are not always cybersecure

“Singapore is a major hub for data centres. Cybercriminals know that…many attacks globally are starting out of Singapore,”

This is from Stephan Neumeier, Managing Director APAC Kaspersky Lab. He shares this alarming fact with OpenGov Asia in a recent interview. Stephan is joined by Vitaly Kamluk, Director of GReAT (Global Research and Analysis Team) APAC Kaspersky Lab. Together, they share with us how in times like these, even the most tech savvy of organisations is susceptible to cyberattacks. Kaspersky is working with customers to improve their cybersecurity infrastructure and providing education on how to invest in cybersecurity.

All Enterprises Vulnerable to Cyberattacks?

Enterprises have become easy targets of attack. Vitaly notes that two key trends this year that has made businesses susceptible.

First, the attribution game this year has changed significantly with the appearance of Olympic Destroyer. Vitaly said it tricked the world. The malware caused mass disruption during the 2018 Winter Olympics in Pyeonchang, targeted financial organisations in Russia and attempted to attack biochemical threat prevention laboratories in Europe. Highly malicious, Olympic Destroyer was elaborately planned. Researchers could not easily attribute the source of attack since it bore close resemblance to other malwares. Investigations were severely slowed down since they needed to verify with multiple sources.

Second, supply chain attacks and the creation of a fake supply chain have also become commonplace. The financial industry has been especially susceptible.

Vitaly explained that the remotely managed ATMs have multiple backdoors for threat actors to enter. What’s worse is that the backdoors come from vendors and they are unaware of it. Attackers can easily enter and inject malicious code.

Even if a supply chain vendor is highly secure and cannot be breached, attackers create a fake supply chain. A cryptocurrency business suffered this fate. The attacker created a fake company using a software which looks and acts legitimately, resembling the business. Apart from the billions stolen in bitcoin, the reputational damage far outweighs.

“There is a hidden backdoor which is hard to discover. Fake vendors and supply chains are tricky and hard to discover,” explained Vitaly.

Another example Vitaly provided is an infected EDM. Hiding behind the veil of what seems like a legitimate company, a fraudulent product could be advertised through email. Although the product is not fully developed, the promotional material is attractive enough for end users to download it. In the process, they unknowingly open a backdoor.

Vitaly said, “Even if it is a temporary solution, once you download it, it opens doors to your organisation.”

Reminiscent of alligators staking out their preys near water bodies in the Savanna, these are known as a watering-hole attacks in the virtual world. Legitimate websites are compromised without the need for a malicious server. Attackers are confident that targeted users will fall prey.

Proving watering-hole attacks are common, Vitaly offers the example of how a highly secure and tech-savvy bank in Poland was breached by the malware Lazarus, a North Korean state actor. Although many of the bank’s applications were conducted offline – a precaution many would consider fool proof – attackers managed to break into the system.

A leeway was presented when a regular system update for an installed Flash Plugin failed. Typically, the plugin would fetch the update from an online source. However, given the bank’s security protocol, a proxy with the relevant credentials was needed to validate the process. No one in the organisation had followed up to check if the software update was conducted regularly. This slip allowed attackers to inject malicious code into the Flash Player, exploiting a selected group of visitors.

“Even if you are technically savvy, it is easy to overlook such things,” said Vitaly.

However, there is little consolation for those who want to protect themselves. When asked how an individual could protect themselves from well-disguised threats, Vitaly said, “That’s the problem – there is no chance.”

“You need the expert’s eyes. Not on the interface, but on the backstage.”

Where to Invest for Cybersecurity

Hence all organisations should consider Stephan began by explaining that traditional threat prevention methods such as endpoint security is insufficient today. Since cyberthreats are becoming more sophisticated, organisations need to diversify their investments.

“Of an organisation’s IT budget, 10% should be invested in cybersecurity.”

“In the past, many companies invest 80% of their IT budgets in endpoint protection and the rest in some other aspect. But this should shift. 40% should go into prevention. 60% needs to be invested in detecting, responding and predicting,” suggests Stephan.

However, beginning the journey or selecting the best combination of services might be a daunting one. Hence, Vitaly explained that Kaspersky Lab arranges meet-ups between businesses and their security experts. Businesses are briefed on the latest threats in the region or industry, and how best to respond.

Even for enterprises which do not subscribe to their services, Kaspersky Lab offers a heads up. The aforementioned cryptocurrency company is a beneficiary.

Kaspersky Lab offers a portfolio of these required solutions in its Enterprise Portfolio. The combination of technologies and services helps the IT department to prevent most attacks, detect new and predict future threats, and respond to emerging incidents. This helps to ensure operational continuity and regulatory compliance.

The comprehensive services offered are possible given the company’s global reach. According to Stephan, the company protects more than 400 million endpoints globally. They have good working knowledge of what is happening on the ground. Hence, high quality intelligence reports can be generated to help both their business and customers.

What to Do When Breached

Despite their global reach and geographic expertise, Stephan and Vitaly shared that not all countries or companies were open to receiving their help. More specifically, developing nations tended to have the most reservations.

Vitaly explained, “Developing countries, being much more suspicious and closed off [in sharing information about their breach] would say: ‘Show us proof, we don’t want to hear you’. In the end, they don’t want to hear about the breach. They want to live in their own shell and are afraid of discovering threats even on their own premises. They want to be ignorant about this.”

He added, “In Singapore, the response was opposite. We came on the ground, we did a search with their engineers and they found that our suspicions were based on fact. Their response was also very diligent. I was impressed.”

Stephan concurred, “This is a challenge we meet in many countries. When we talk to larger corporations or even government, the concern to share data, specifically after customers or citizens got breached, is huge. They don’t want to share anything.”

“But if you do not share, you cannot leverage on information which is out there as well. If you look at the cybercriminals, this is a global network. There are no borders. They share all the malicious codes they have, they send it to each other to develop it further. They are very well connected globally. If companies and governments are not working globally with each other, then there will always be a disadvantage. They will always be a step behind.”

Ending off, Vitaly said, People trust too much, they are not suspicious enough. On the internet, people are much more relaxed. They think no is going to attack them physically, so computers and smartphones are not as harmful.”

The rise of private information extortion through scams in Southeast Asia should be warning enough.

He advised users, “Put less trust in systems and strangers on the networks. If you receive messages from social media, text or emails, about being hacked or being blocked, do not engage in the conversation. This allows the malicious actor to enter.”

Unless people revert to devices with limited functionalities, there is little to no chance of evading an attack these days. Threats will keep evolving and it there will be no end to them. As long as individuals and organisations install apps and plugins to their devices, there will be always be malicious intents waiting to lure unsuspecting prey.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend