IT security starts with knowing your assets: Asia-Pacific
A perfect example of remote work security challenges occurred when an NTUC employee accidentally downloaded malware to a laptop he or she used to access corporate files through plugging in a personal USB drive. “We immediately received a security alert, but it was difficult to fix,” Loe recalls. “We really had to send a cybersecurity staff to the employee’s home on a motorbike to get the computer for investigation. In the past, we could protect the network by simply cutting off access to the employee’s laptop. But if an employee works from home, we can’t afford the opportunity to lose any data on the internet. ”
Welcome to the new cybersecurity threat scene, where 61% of organizations are increasing their investment in cybersecurity during the pandemic at home from work, according to a survey in the 2021 Gartner CIO Agenda. Remote workers rely on cloud computing services to do their jobs, whether it’s compatible with co-workers, collaborating on projects, or participating in video-conferencing calls with clients. And if information technology (IT) teams, which now have physical disengagement, don’t respond to their needs, remote workers can easily shop for their own online solutions to problems. But all that goes through the usual cybersecurity procedures – and opens up a world of concern for IT.
Even for many regions of the world, remote work is just one of many factors that increase an organization’s exposure to cybersecurity violations. The Asia-Pacific region is no exception, where 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks report experiencing a cybersecurity attack that originates anonymously, unsupervised, or maliciously. digital asset management.
Creating a full inventory of internet-connected assets and rebooting cybersecurity policies for today’s modern remote workplace can reduce risks. Although organizations need to understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in the Asia-Pacific.
To better understand the challenges currently facing security teams in this region, and the strategies they need to adopt, MIT Technology Review Insights and Palo Alto conducted a global survey of 728 respondents, 162 from Asia-Pacific. Their responses, along with the input of industry experts, identify specific security challenges in today’s IT landscape and provide a critical framework for guarding systems against the growing battalion of bad artists and quick to threaten.
Weaknesses in a cloud environment
The cloud continues to play an important role in accelerating digital transformation. And for good reason: cloud technologies offer many benefits, including increased speed, cost savings, and even greater size. However, cloud environments responsible for 79% of the observed disclosures, compared to 21% for assets already in place, according to the 2021 Cortex Xpanse Attack Surface Management Threat report.
That’s a significant concern, given nearly half (43%) of Asia-Pacific organizations report that at least 51% of their operations are in the cloud.
One way cloud services can compromise an organization’s security posture is by contributing to the IT shadow. Because cloud computing services are easy to purchase and deploy, Loe said, “purchasing power shifts from a company’s traditional finance office to engineers. There’s not even one else in the other. credit cards, engineers can buy a cloud service without anyone tracking the purchase. ”The result, he said, is a“ blind spot ”that hinders IT efforts to protect attack the company-the totality of possible entry points. Afterwards, Loe added, “We can’t protect what we don’t know-that’s a serious reality right now.”
Agnidipta Sarkar agreed with Biocon. “Without the bureaucracy involved in acquiring IT skills, shadow IT could run,” said Sarkar, chief security officer (CISO) at the Indian pharmaceutical company. “Unless an organization really plans for digital resilience, the unplanned and uncontrolled growth of digital assets can avoid the focused management required by information security.”
The exponential growth of integrated devices also challenges organizations to secure their cloud infrastructures. “A lot of people don’t know that internet devices are things like sensors in real computers, and that they are too powerful to be used to launch bots and other types of attacks,” warns Loe. He cited the example of smart locks and other mobile applications that allow employees to open and unlock doors — and allow hackers to gain unauthorized access to corporate networks.
As cloud services and interconnected devices raise universal cybersecurity issues, Asia-Pacific organizations face additional challenges. For example, Loe pointed to different levels of cybersecurity maturity among countries in the region. “We have countries like Singapore, Japan, and Korea that rank high in terms of cyber maturity,” he said. “But we also symbolize Laos, Cambodia, and Myanmar, which are at the lowest end of maturity. In fact, some government officials in these areas are still using free Gmail accounts for official communication. “Some vulnerable countries are already being used as launchers for attacking neighbors,” Loe said.
Another factor that distinguishes some Asia-Pacific countries from other regions of the world is the unwillingness to quickly return to remote work in the early months of the pandemic disease. According to Kane Lightowler, vice president of Cortex, on the risk side of Palo Alto’s risk discovery, the organizations behind their digital transformation efforts “must put business sustainability first,” allowing in cybersecurity to sit in the back seat. Unfortunately, he added, “most companies have not yet come to do business in a safe and compliant manner. Only now, in 2021, is security starting to take precedence again.”
Download full report.
Its content was created by Insights, the standard MIT Technology Review content. It was not written by the editorial staff of the MIT Technology Review.