Month: June 2022

Ramesh Umashankar, CEO – International Business, iValue InfoSolutions In recent years, the Asia-Pacific (APAC) region has become increasingly attractive to cybercriminals. According to IBM X-Force Threat Intelligence Index 2022, Asia was the most attacked region in 2021, receiving 26 percent of the global attacks. India tops the list of the most attacked country in Asia. Various reports highlight a significant shift in cyberattacks from North America and Europe to Asia. The rise in cyberattacks in APAC is credited to the region’s rapid digitalization coupled with low cybersecurity awareness, training, and regulations. This regional focus marks an emerging opportunity for business leaders in the APAC to consider how they can improve their cybersecurity postures and be aware of the latest cybersecurity trends. Here are the top 4 cybersecurity trends for APAC companies in 2022: 1. A renewed focus on data privacy and security The impact of GDPR laws on data protection has inspired APAC governments to introduce cybersecurity bills on data protection. Bangladesh is well on its path to introducing the first of its kind draft cybersecurity strategy that aims at creating safer cyberspace. While India is inching toward the final approval for its Personal Data Protection (PDP) bill. But the biggest impact for companies in APAC is the widespread introduction of mandatory data breach notification laws. For instance, Singapore’s new Cybersecurity Act requires organizations from 11 key industry sectors to report any breach of critical information infrastructures to the Singapore Cyber Security Agency. Under its Personal Data Protection Commission (PDPC), organizations are to notify of any cyber incident within three days of the event. The shift from voluntary to mandatory reporting, in a time-limited setting, would require companies to focus on improving their privacy compliance and security strategies or risk paying hefty fines. iValue Recommends: Set up an incident response team and create a template data breach notification. Your team would be responsible for planning a response to a breach and notifying employees, partners, vendors, regulatory bodies, and other stakeholders. 2. Combating Ransomware-as-aService According to the 2022 Thales Data Threat Report, 1 in 5 businesses have paid or would pay a ransom for their data. Organizations in APAC are attacked 51 times per week on average. Indian companies are prime targets for ransomware, with 1 in 4 companies reporting a ransomware attack in 2021. Adding to the alarming statistics are reports that APAC organizations are more likely to pay the ransom sometimes as high as $USD 1 million. APAC’s vulnerability to ransomware, fuelled by Ransomware-as-a-Service (RaaS), is a push for leaders to devise ransomware defense plans. The aim is to prioritize building cyber resilience by implementing new technologies and providing cybersecurity training to employees. iValue recommends: The biggest element for cyberattacks is human error. Invest in training your staff in best practices of cybersecurity and maintaining basic security hygiene. Have advanced threat hunting solutions in place to weed out trojans (Trickbot, Emotet, Dridex, CobaltStrik) and ransomware infections from your network. 3. Rise in collaborative cybersecurity efforts Given that threat actors target companies with multiple locations, there is a need for an increased collaborative effort between governments, companies, vendors to strengthen the cybersecurity landscape. In light of the increasing threats and challenges, many companies and governments are working together to share information and best practices and develop new cybersecurity solutions. Through initiatives such as information sharing platforms and incident response exercises, organizations in the Asia Pacific region are working together to address cyber threats and accelerate public-private partnerships in cybersecurity. For example, Philippine bankers are learning cybersecurity best practices from the United Kingdom. According to FIT Country Director Richard Colley, the initiative aims to help forge relationships and build connections between the UK and the Philippines and work together in addressing cyber security risks. Meanwhile, Microsoft is on a mission to unite APAC governments and state agencies with the cybersecurity council. The Asia-pacific Public Sector Cyber Security Executive Council is a growing group of government leaders, policymakers, regulators, and industry stakeholders from Singapore, Indonesia, South Korea, Malaysia, Thailand, Brunei, and the Philippines. The council meets every quarter to maintain a continuous exchange of information on cyber threats and cybersecurity solutions. iValue recommends: Look for security management platforms that offer automation at scale, customized threat intelligence, and leverage AI. 4. Cybersecurity Education A dearth of cybersecurity experts and skillsets is the bane of the cybersecurity industry. Despite reskilling and up skilling efforts, organizations are finding it increasingly difficult to find and retain qualified talent. According to the 2021 World Economic Forum (WEF) report, the APAC region accounts for 66 percent or 2.045 million of the global cybersecurity talent shortage. To address the cybersecurity workforce gap, organizations, institutions, and governments are working on specialized cybersecurity training programs. For instance, The Asia Pacific University of Technology and Innovation (APU) in Malaysia offers specialized graduate courses in collaboration with industry experts, a state-of-the-art infrastructure learning space (CyberSecurity Talent Zone), a full-fledged Cyber Threats Simulation and Response Center (or Cyber Range), and a Security Operations Center (SOC) with military-grade real-time cybersecurity monitoring systems, research centers, and simulation infrastructure. Whereas, giant tech corporations like IBM and Microsoft are investing in cybersecurity hubs in APAC regions to deliver immersive training programs. iValue recommends: Cybersecurity is a necessity for every company. Organizations must recognize that investing in skilled cybersecurity professionals and building a team is essential for long-term success. Expand your team’s capabilities, skillsets, and geographies by hiring remote workers across the globe.  

Satish Kumar V, CEO, EverestIMS Technologies Losing credibility is equivalent to losing your standing in the increasingly competitive market, and it will directly impact your business. Therefore, it is essential to adopt a robust security strategy to maintain its sterling reputation as a reliable and trustworthy enterprise. Enterprises that adopt a Zero Trust philosophy can confidently offer new business models and enhanced and secure user experience to their customers. Evolved business models and satisfying customer experience impact the bottom line empowering businesses to be future-ready without fear of security threats. From an enterprises standpoint a Zero Trust Network Access (ZTNA) perspective has to be embedded within the access and security layers that they adopt. What is Zero Trust? At its core, Zero Trust is about verifying every user, validating every device, and limiting access intelligently. Instead of relying on Single-Sign-on (SSO) and multi-factor authentication alone, AI/ ML helps enterprises with behaviour-based access i.e. tracking user behaviour patterns and detecting any deviation from that baseline. It enables the verify-first practice. Almost all our devices are linked. Therefore, we need to employ device management solutions with the context and policies to ensure safer access. Access to the workforce in any enterprise is based on their roles and tasks. Unfortunately, changes in roles do not always change access rights soon enough. Therefore, privileges need to change as quickly as changing roles or employees leave the enterprise. It can only be done through integrated real-time applications that cause zero delays on access-based decisions. Zero Trust Network Access (ZTNA) offers a model where trust is never implicit and enforces policies that are granular, adaptive, and context-aware. A ZTNA strategy for enterprises Enterprises committed to adopting Zero Trust must keep in mind the following key factors: Micro-segmentation: Enterprise security will use granular controls to handle user controls over networks, data usage, SaaS applications, and endpoint applications. Enforced policies everywhere: Security must be persistent and not limited to a file-access approach. It must involve uncompromising security at all times from everywhere – across different applications and file types. Greater visibility through automation: Log all behaviour, suspicious or not. Enterprises can detect potential threats while ensuring compliance through frequent audits. Benefits of ZTNA implementation Enterprises en route to digital transformation aim to be future-ready. But, as businesses grow, so do cyber threats. The ZTNA (zero trust network access) ensures controlled access to the network. And the Zero Trust advantage for network security is that it reduces surface area from cyber-attacks. This control prevents direct exposure of your applications to the internet. With the advent of ZTNA, enterprises can phase out their previous dependence on VPNs for remote access. While access to applications was through intermediaries such as VPNs before, it is a cloud service now, either self-hosted or from a third party. ZTNA technologies enable application access without going through the network. It starts with Zero Trust, even before allowing connectivity, and is purely based on identities and devices, with authorization coming first and foremost. Typically, enterprises are challenged by certain limitations i.e., they have not been able to limit the incident to one identity without compromising others or contain the incident before it turns into a data breach. The Zero Trust model offers intelligent responses with more authentication methods and controls to ward off cyber threats. Moreover, zero trust enables risk-adaptive security control and customizes enforcement based on user actions. Working from anywhere on any device has altered the way businesses operate irrevocably. It is estimated that over 50% of the workforce will continue to work remotely in the next few years. The new working model means vast amounts of data flow through various devices and out of a secure office facility. Moreover, employees log in and out between office laptops and personal devices or use a public Wi-Fi network or a shared family system. Hackers find enterprises in these circumstances an easy target. Clearly defined policies and stipulations of the devices, data access, and data encryption in a Zero Trust model alone can ensure total compliance. A word to the wise It is vital that enterprises, small, medium, or large, understand the evolving cyber landscape, risk perceptions, and the connection between them to prioritize risk mitigation based on threat analysis. With ZTNA, enterprises control data usage, with unified data security policies across the board – cloud, networks, endpoints, and SaaS applications. Therefore, the time to implement ZTNA is now.