A perfect example of remote work security issues occurred when an NTUC employee accidentally downloaded malware to a laptop that he used to access corporate files by plugging in a personal USB drive. “We got a security alert right away, but the elimination was difficult,” Lo recalls. “We had to send a cybersecurity officer home to an officer on a motorcycle to get a computer for an investigation. In the past, we could protect the network by simply cutting off access to an employee’s laptop. But if an employee works from home, we cannot risk losing any data over the Internet. ”
Welcome to the new cybersecurity threat landscape, where 61% of organizations are increasing investment in cybersecurity in an era of home-based pandemics, according to a Gartner CIO Agenda 2021 poll. , collaborating on projects or joining video calls with clients. And if information technology (IT) teams, which are now physically removed, don’t respond to their needs, remote workers can easily shop to solve their own online problems. But all this bypasses the usual practice of cybersecurity – and opens the alarm for IT.
However, for many regions of the world, telecommuting is just one of many factors that increase an organization’s susceptibility to cybersecurity breaches. The Asia-Pacific region is no exception, where 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks report experiencing a cybersecurity attack due to an unknown, unmanaged, or poorly managed digital asset.
Conducting a full inventory of Internet-connected assets and restarting cybersecurity policies for today’s modern remote work environment can reduce risks. But organizations also need to understand the trends and challenges of cybersecurity that define their markets, many of which are unique to organizations operating in the Asia-Pacific region.
To better understand the challenges facing today’s security groups in the region and the strategies they need to adopt, MIT Technology Review Insights and Palo Alto conducted a global survey among 728 respondents, 162 from the Asia-Pacific region. Their responses, together with the involvement of industry experts, identify specific security issues in today’s IT landscape and provide an important framework for protecting systems from a growing battalion of bad participants and fleeting threats.
Vulnerabilities in the cloud environment
The cloud continues to play an important role in accelerating digital transformation. And for good reason: cloud technologies offer significant benefits, including increased flexibility, cost savings and greater scalability. However, according to the Cortex Xpanse Surface Management Threat Report for 2021, cloud environments are responsible for 79% of the observed impacts, compared to 21% for local assets.
This is a major problem given that almost half (43%) of organizations in the Asia-Pacific region report that at least 51% of their activities are carried out in the cloud.
One way cloud services can jeopardize an organization’s security is to contribute to the shadow of IT. Because cloud computing services can be easily purchased and deployed, Loe says, “the procurement power shifts from the company’s traditional financial office to its engineers. With nothing but a credit card, these engineers can buy a cloud service without tracking purchases. ” The result, he said, is a “blind spot” that could thwart IT’s efforts to protect the company’s surface – a set of possible entry points. After all, Loe adds, “We can’t defend what we don’t know – it’s an extraordinary reality today.”
Agnidipta Sarkar of Biocon agrees. “Without the bureaucracy associated with acquiring IT capabilities, the shadow of IT can unfold,” says Sarkar, chief information officer (CISO) of the Indian pharmaceutical company. “If an organization doesn’t really plan for digital sustainability, unplanned and uncontrolled growth of digital assets can avoid the focused management that information security requires.”
The exponential growth of interconnected devices is also challenging organizations in securing their cloud infrastructure. “Many people don’t know that IoT devices, such as sensors, are actually computers, and that they are powerful enough that they can be used to launch bots and other types of attacks,” Lo warns. He cites the example of smart locks and other mobile apps that allow employees to unlock and open doors – and allow hackers to gain unauthorized access to corporate networks.
While cloud services and interconnected devices raise general cybersecurity issues, Asia-Pacific organizations face additional challenges. For example, Luo points to varying degrees of maturity of cybersecurity among countries in the region. “We have countries like Singapore, Japan and Korea that rank high in cyber maturity,” he says. “But we also embody Laos, Cambodia and Myanmar, which are at the lowest maturity levels. In fact, some government officials in these areas still use free Gmail accounts for official communication. ” Some vulnerable countries have already been used as launch pads for attacks on neighbors, Luo says.
Another factor that distinguished some countries in the Asia-Pacific region from other regions of the world was the unwillingness to quickly move to telecommuting in the first months of the pandemic. According to Kane Laitauler, vice president of Cortex, a division of the Palo Alto threat detection platform, organizations lagging behind in their digital transformation efforts “needed to prioritize business continuity first,” which allowed cybersecurity to take a back seat. Unfortunately, he adds, “many of these companies are still not involved in a safe and appropriate way of doing business. Only now, in 2021, are they starting to prioritize security again. ”
Download the full report.
This content was prepared by Insights, MIT Technology Review’s own content group. This is not written by the MIT Technology Review.