Rapidly changing threat landscape forcing companies to redesign cyber-security strategies

The huge increase in cyber threats have created what could be called as the perfect storm in corporate circles. Apart from a huge jump in human and bot-led cyber-attacks, there’s a slew of solutions purporting to fend off all manners of cyber-hits. This is compounded by a severe lack of talent and a highly sceptical top management.

During the last three months, the CIO Academy Asia (CIOAA) teamed up with Kaspersky to hold focused C-level roundtables and discussions across five cities in ASEAN – Kuala Lumpur, Bangkok, Manila, Jakarta, and Ho Chi Minh City. Called “CyberInsights Executive Forum 2019”, the invited audience were a mix of CIOs, CTOs and CISOs from major public and private sector organisations. They shared their views, their concerns and the tasks they’re supposed to do.

One of the highlights of this multi-city roadshow which was extremely insightful was the cybersecurity threats and trends update by Kaspersky’s Global Research & Analysis Team (GReAT).

Based on their findings, the main conclusions of Kaspersky’s GReAT experts were as follows:

• Supply chain used for targeting attacks in an epic combo
• Russian-speaking activity is high in terms of new artefacts
• Interesting geopolitical games are in play in terms of leaks and indictments
• Korean-suspected groups are aggressive and persistent against their victims (especially financial industry targets)
• In future, organisations and governments have to be aware of malware that lives in the shadow, and prepare against 5G DDoS attacks, more targeted ransomware and technological overfeeding, which increases the attack surface

Here’s a gist of C-level concerns combined across the five ASEAN cities (in alphabetical order):

• AI:
  AI-led threats. Risk has evolved while most organisations – and organisational structures – have not.
• Budgeting:
  How much is enough? Changing threat landscape puts heavy burden on the C-level and Board.
• Complexity:
  Which solution to choose from which vendor? Digital strategies that worked before don’t now.
• Data Centre:
  In-premise SOC (Security Operations Centre)? What about monitoring cloud-based apps?
• Engagement:
  With C-level and staff on cyber-security/cyber-hygiene. Set up effective training programs?
• Forecasting:
  How to forecast and plan for major cyber-security and compliance issues in advance?
• Government regulations:
  Mere compliance does not guarantee any indemnity from attacks.
• Humans:
  Humans are the weakest link in any organisation. How to train rank-and-file staff on cyber-hygiene?

In all the cities’ events, Kaspersky experts also dwelled on the cybersecurity toolkits that organisations need today to prevent and be prepared against potential cyber threats. They spoke mainly in terms of building Security Operations Centres (SOC) and equipping them with the right tools, people and processes.

Overall, the Roadshow brought many insights and revelations in its wake. The technology leaders of the region freely shared their pains and trails that they have been going through while trying to secure their organisation and at the same time, learnt ways to better secure them from their peers and the security experts. As a participant put it, more technology does not mean more security. It all starts from awareness across the organisation, and finding the right solutions in place in terms of people, process and technology to develop cyber immunity in an organisation.