CIO Academy Asia #HASHTECH Insights
April 13, 2020
The COVID-19 crisis is transforming the way we live, work and play. Businesses are now dependent on digital channels to engage employees, customers and suppliers. Working from home is the new normal, necessitating the widespread use of collaboration tools.
The Southeast Asia Technology Trends and Priorities Survey Report published by CIO Academy Asia shows that even before the COVID-19 crisis, 40% of IT decision makers in ASEAN, believed that their organisation’s cybersecurity function did not meet its needs. This number can be expected to be larger today, as remote working exposes organisations to more cybersecurity risks.
Cyber attackers are already taking advantage of vulnerabilities arising from a radical change in working patterns. For example, collaboration tools have been hacked and new phishing campaigns have emerged with malicious actors posing as distributors of protective equipment, or as official sources of information.
Phishing, inadequate policies, and insecure connections threaten remote working in the COVID-19 era
COVID-19 is forcing nearly all organisations to embrace remote working immediately. This places huge pressure on IT teams, network architectures and even equipment suppliers. Crucially, it creates an expanded attack surface, as endpoints multiply, many of which are not managed by IT.
According to cybersecurity experts from CrowdStrike, COVID-themed phishing attacks are becoming widespread in the COVID-19 era. Phishing is often the primary attack vector for malicious actors. In the past, phishing attacks often tried to exploit greed, such as the infamous ‘Nigerian Prince’ schemes. Today’s phishing attacks focus more on the fear of COVID-19. They exploit shortages of goods such as protective equipment and sometimes claim to offer official information relating to COVID-19.
CrowdStrike Intelligence assesses with high confidence that additional phishing campaigns will align themselves with health guidance, and other COVID-19 news.
Remote employees often access sensitive business data through home Wi-Fi networks that will not have the same security controls — such as firewalls — that are used in offices. There is more connectivity from remote locations, which requires greater focus on data privacy, and hunting for intrusions from a much larger number of entry points.
Not many organisations have adequate security policies to address the COVID-19 era. Issues such as access management, the use of personal devices, and updated data privacy requirements, for employee access to documents and other information, need to be considered. There will also be an increased use of shadow IT and cloud technology, which further drives the need to identify associated security risks and policy modification.
Ransomware will continue to be a major threat. The CrowdStrike 2020 Global Threat Report identified more incidents of ransomware and ransom demands from cybercriminals. These attackers increasingly, conducted data exfiltration, which enabled them to exploit sensitive data. COVID-19 offers new avenues for ransomware.
Endpoint security is more important than ever
Today’s remote working paradigm requires a strong defensive security posture which ensures that remote services VPNs and multi-factor authentication solutions are fully patched and integrated. Security awareness training for employees working from home is also key.
It is essential that customers can rapidly deploy endpoint solutions for remote workers as needed. Personal devices require the same levels of security as corporate devices.
Customers require cybersecurity solutions that can allow organisations to easily scale the number of endpoints to be protected. Customers may choose to scale up the number of licenses to accommodate remote working for all or most of their employees. Ideally, the solution allows the number of licenses to be scaled down when lock-down restrictions are relaxed.
Solutions must also be easy to install and configure by home-based employees. Employees require tools that allow them to securely and productively access corporate resources. Administration needs to be centralised, preferably using cloud native tools which offer greater agility and flexibility.
Organisations are advised to select solutions that offer artificial intelligence capabilities, together with real-time protection and full visibility across all activities, with a focus on attacks on endpoints. Platforms that can provide analysis of endpoint events across the globe play a major role in risk mitigation.
An example of a platform that offers these capabilities is CrowdStrike’s Falcon platform. Importantly, it is cloud-native and leverages cloud-scale artificial intelligence. It addresses today’s remote working requirements by allowing customers to easily increase and decrease license counts for endpoints, as required. The platform can correlate over 3 trillion endpoint-related events per week in real time from across the globe. This drives the its artificial intelligence capabilities.
Recommendations: Ensure rapid intrusion detection and threat elimination
Fundamentally, cybersecurity postures must place more emphasis on endpoints than before and work with employees to increase awareness of the new and emerging threats that we face.
Key recommendations include:
- Focus on securing endpoints.
- Use AI to predict and address new threats.
- Select a cloud-native platform to benefit from its scalability, flexibility and agility.
- Adopt a defensive cybersecurity posture, making sure remote services, VPNs and multifactor authentication solutions are dynamically patched and integrated.
- Run security awareness programs to highlight risks associated with remote working and processes to follow when a threat is detected or suspected.
Addressing the plethora of threats emerging from the COVID-19 crisis, requires solutions that can prevent, detect and respond to threats with speed and agility. CrowdStrike’ 1-10-60 rule urges organisations to:
- Detect intrusions in under one minute.
- Investigate and understand threats in under 10 minutes.
- Contain and eliminate the adversary from the environment in under 60 minutes.
Achieving swift elimination of sophisticated threats, requires people and processes, as well as technology. Few organisations are is equipped to engage attackers 24/7. It is recommended that organisations work with solution providers to help fill critical talent gaps in a cost- effective manner.
The Southeast Asia Technology Trends & Priorities for 2020 Report, published by CIO Academy Asia in collaboration with the Lee Kuan Yew Centre for Innovative Cities at SUTD, is now available for download.
Visit here to get your copy