IT Security Starts With Knowing Your Assets: Asia-Pacific

A perfect example of remote work security challenges occurred when an NTUC employee accidentally downloaded malware onto a laptop he was using to access corporate files by plugging in a personal USB drive. “We received a security alert immediately, but remediation was difficult,” recalls Loe. “We actually had to send a member of the cyber security staff to the employee’s home on a motorcycle to retrieve the computer for investigation. In the past, we could protect the network simply by cutting off access to the employee’s laptop. But when an employee works from home, we cannot risk losing data over the Internet. “

Welcome to the new landscape of cybersecurity threats, where 61% of organizations are increasing investment in cybersecurity. in the era of the work-from-home pandemic, according to a Gartner CIO Agenda 2021 survey. Remote workers depend on cloud computing services to get their jobs done, whether it’s communicating with coworkers, collaborating on projects, or joining video conference calls with clients. And when information technology (IT) teams, now at a physical distance, don’t respond to your needs, remote workers can easily find their own solutions to problems online. But all of that bypasses normal cybersecurity practices and opens up a world of concerns for IT.

However, for many regions of the world, remote working is just one of many factors that increase an organization’s exposure to cybersecurity breaches. The Asia Pacific region is no exception, where 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks report experiencing a cybersecurity attack that originated from an unknown, unmanaged, or poorly managed digital asset. .

Taking a full inventory of internet-connected assets and resetting cybersecurity policies for today’s modern remote work environment can mitigate risks. But organizations must also understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in Asia-Pacific.

To better understand the challenges facing today’s security teams in this region and the strategies they must adopt, MIT Technology Review Insights and Palo Alto conducted a global survey of 728 respondents, 162 from Asia-Pacific. Their responses, along with input from industry experts, identify specific security challenges in today’s IT landscape and provide a critical framework for protecting systems against a growing battalion of bad actors and fast-moving threats.

The vulnerabilities of a cloud environment

The cloud continues to play a critical role in accelerating digital transformation. And for good reason: Cloud technologies offer substantial benefits, including greater flexibility, cost savings, and greater scalability. However, cloud environments are responsible for 79% of the observed exposures, compared to 21% of local assets, according to the 2021 Cortex Xpanse Attack Surface Management Threat report.

That’s a key concern, given that nearly half (43%) of Asia Pacific organizations report that at least 51% of their operations are in the cloud.

One way that cloud services can compromise an organization’s security position is by contributing to shadow IT. Because cloud computing services can be easily purchased and deployed, Loe says, “purchasing power shifts from a company’s traditional finance office to its engineers. With nothing more than a credit card, these engineers can purchase a cloud service without anyone tracking the purchase. “The result, he says, are” blind spots “that can thwart IT efforts to protect the surface. attack of a company: all possible entry points After all, adds Loe, “we cannot protect what we do not know exists, that is an extreme reality today.”

Biocon’s Agnidipta Sarkar agrees. “Without the red tape associated with acquiring IT capabilities, shadow IT can run rampant,” says Sarkar, the group’s chief information security officer (CISO) at the Indian pharmaceutical company. “Unless an organization really plans for digital resilience, the unplanned and uncontrolled growth of digital assets can escape the focused governance that information security requires.”

The exponential growth of interconnected devices also challenges organizations to protect their cloud infrastructures. “Many people are not aware that Internet of Things devices, such as sensors, are actually computers and that they are powerful enough to launch bots and other types of attacks,” warns Loe. He cites the example of smart locks and other mobile applications that allow employees to unlock and open doors, and allow hackers to gain unauthorized access to corporate networks.

While cloud services and interconnected devices pose universal cybersecurity issues, organizations in Asia and the Pacific face additional challenges. For example, Loe points out the different degrees of maturity of cybersecurity among the countries of the region. “We have countries like Singapore, Japan and Korea that rank high in terms of cyber maturity,” he says. “But we also represent Laos, Cambodia and Myanmar, which are at the lower end of maturity. In fact, some government officials in these areas still use free Gmail accounts for official communication. ”Some vulnerable countries have already been used as launching pads for attacks on neighbors, Loe says.

Another factor that distinguished some Asia-Pacific countries from other regions of the world was the lack of preparedness to move quickly to telecommuting in the early months of the pandemic. According to Kane Lightowler, vice president of Cortex, Palo Alto’s Threat Detection Platforms division, organizations that lagged behind in their digital transformation efforts “had to put business continuity first,” enabling cybersecurity take a back seat. Unfortunately, he adds, “many of these companies have yet to catch up to conduct business in a safe and compliant manner. Only now, in 2021, are they starting to prioritize safety again. “

Download the full report.

This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by the editorial staff of MIT Technology Review.



Please enter your comment!
Please enter your name here