How can governments empower businesses to embrace digitization as crises expose fragility in cybersecurity and digital infrastructures?
[caption id="attachment_21687" align="alignright" width="300"] By Matt Bennett, Vice President, APJ, VMware Carbon Black[/caption]
Today’s businesses operate within complex, global and digital service ecosystems. And in this complicated environment, companies often suffer consequences from their cybersecurity weaknesses.
As cloud computing and connectivity rapidly improved over the past decade, many of us have benefited from working remotely and collaborating digitally. But while convenient, unsecure networks—such as public Wi-Fi hotspots—can be exploited by malicious actors.
This has been brought into sharp relief as COVID-19 consigns much of the working world to their homes. The UK’s National Cybersecurity Center recently revealed a range of techniques used by cybercriminals to exploit pandemic uncertainty. Phishing remains popular, with bogus emails containing links claiming to have important updates. Once clicked, devices are infected with malware that can siphon off sensitive data.
As home isolation increases digital consumption, businesses and employees must be vigilant and follow cybersecurity best practices to ensure business continuity.
State of Cybersecurity in APAC
Almost half of the businesses in the Asia-Pacific (APAC) region experienced security attacks in the past 12 months, according to Telstra 2019 research. Additionally, 3-in-5 surveyed companies experienced business interruption due to security breaches. The threats faced are varied.
- Ransomware was most popular, currently responsible for 20 percent of attacks in Singapore and 18 percent in Australia.
- Watering hole attacks—where a website is compromised and pushes malware to visitors—were cited as the most effective.
- Wiper attacks—where malware deletes all data from infected hard drives—were the most destructive.
Threats are also evolving rapidly. Research by Carbon Black found that 50 percent of current attacks in APAC used “island hopping” tactics to contaminate a business’s entire supply chain by gaining access to just one point of entry. Frequency of attacks continue to rise, especially in high-growth economies like Vietnam and Thailand, signaling a need to keep pace with cyberthreats.
Cyberattacks are one of the top 10 long-term risks organizations will face over the next decade according to the World Economic Forum’s Global Risk Report 2020. Something needs to be done.
Better Governance, Better Business
Despite digital businesses performing better, 3-in-5 APAC businesses delay digitization out of fear of cybercrime.
The cost to an organization that is a victim of a cyberattack can be anywhere from $96,000 for mid-sized businesses to $30 million for those with over 500 employees. But this risk has to be managed and mitigated. If APAC embraces a "cyber-smart" culture, the region could realize a $145 billion growth opportunity over the next decade.
Governments around APAC play a large role in boosting business confidence. This includes:
- Leading by example, with strict adherence to cybersecurity best practice principles inside government departments.
- Using policy and regulation to set minimum standards for cyber-preparedness, alongside policing and penalizing cybercriminals.
- Providing tools, training, resources and other support to ensure businesses are well-equipped.
What Businesses Can Do Now to Protect Against Cyberattacks
As increasing numbers of employees work from home in response to COVID-19, there are also quick wins that businesses can deploy to secure their data.
- Stay on top of patching and regular software updates. Patches often resolve weaknesses and security vulnerabilities within products. For organizations, IT operations teams need to patch and configure devices remotely.
- Use multi-factor authentication. Enabling multi-factor authentication ensures that the user logging in as an employee is truly who they say they are.
- Use a VPN. A virtual private network (VPN) can secure information sent from a device to a network via an encrypted connection over the internet. Public Wi-Fi should be avoided for work connections unless completely unavoidable.
- Educate the workforce. Make sure employees know how to spot and stop common attacks, like phishing. Due to the current climate, additional training or refreshers may be needed to help the workforce recognize potential threats.
- Automatically push updates. Security solutions should allow security and policy updates to be automatically pushed to all devices, regardless of whether they are on the corporate network.
As digital economies grow in each country, so does the risk of cyberattacks. Organizations can mitigate risks by being prepared. Policymakers must help protect businesses from cybersecurity risks through legislation, whilst allowing companies to innovate and maximize the potential of digital technologies. It should never be forgotten that cybersecurity is everyone’s responsibility.