Cybersecurity remains an ever-growing concern in a digitized, post-pandemic world. Covid-19 has killed in more ways than one – physically, and with the demise of multitudes of jobs across the world.
However, the outbreak has also catalyzed the maturation of digitalization – demand for digital services has been nothing short of explosive during the pandemic.
Growth of Digital in APAC
The Southeast Asian (SEA) region is not a stranger to digital disruption, innovation, and digitally transformative initiatives, either. Rapid and proactive action by governments to control the spread of Covid-19 has resulted in tight border and movement restrictions.
This has, in turn, jolted businesses ranging from mega entities to small and medium business (SMBs) towards optimizing and increasing adoption of digitalized solutions in order to keep their hungry economies connected and vital.
Computer security and talent shortage woes
The region has been racing to adopt technologies such as cloud, edge, 5G, artificial intelligence (AI), machine learning (ML), and IoT, in post-pandemic economic recovery efforts. Alas, a menacing darkness looms over this sliver of economic hope: cybersecurity threats.
Earlier last year, Tech Wire Asia reported that cybersecurity was at the forefront of priorities for APAC business decision-makers alongside digital growth. However, the lack of talent in the field is still a major concern.
The 2021 cybersecurity update
In May 2021, Check Point Software Technologies released research data on cybersecurity threats in APAC and found that, compared to May of the previous year, cyberattacks have increased by an alarming 168%.
In fact, there was a 53% increase from April to May this year alone. The top five countries seeing the largest increase in cyberattacks as compared to May 2020 are Japan (40%), Singapore (30%), Indonesia (25%), Malaysia (22%), and Taiwan (17%).
The top three sectors most affected by these cyber threats are utilities (39%), internet and managed service providers (ISPs/MSPs with 12% of the total), and software vendors (6%). According to Check Point, the economic devastation brought about by Covid-19 has led to hard times for many. This has precipitated a steep growth in crime, with a significant rise in cyberattacks in particular, within the hard-hit SEA region.
Eight security trends for a safer workplace
Earlier in March 2021, global research & advisory firm Gartner held a Security & Risk Management Summit for APAC leaders, exploring top security and management risk trends for 2021.
It identified eight trends that APAC leaders ought to look out for this year.
- Cybersecurity mesh
Gartner suggests looking at cybersecurity mesh architectures. These enable the centralization of policy management, deployment, and critically, cybersecurity tools that interoperate by providing foundational security services, instead of within silo’d approach.
- Identity-first security
The SolarWinds attack emphasized how badly identities are managed and monitored. Identity-first security puts identity at the center of security design, so effective monitoring of authentication can spot attacks against multi-factor authentication infrastructures (e.g. SSO, biometrics).
- Overhauling remote working policies and tools
A majority of the workforce (64%) are working remotely, and it is expected that up to 40% will continue to do so post-pandemic. Organizations should thus overhaul their policies and security tools for remote working. These include policies for data protection, disaster recovery, and backup to make sure they’re optimized for a remote work environment.
- Increasingly cyber-savvy directors
Gartner predicts that by 2025, 40% of board directors (currently 10%) will push for a dedicated cybersecurity committee that’s overseen by a qualified board member.
- Security vendor consolidation
When it comes to security vendors, the plethora of products by different vendors “increases complexity, integration costs and staffing requirements”. As such, 80% of IT teams said they plan to consolidate vendors over the next three years.
- Privacy-enhancing computation
Emerging data protection techniques such as privacy-enhancing computation are predicted to be adopted by 50% of large organizations by 2025. They protect data while being used, instead of when it’s unused or being transmitted, even in untrusted environments. Use-case scenarios include fraud analysis, intelligence, data sharing, financial services (such as anti-money laundering), pharmaceuticals, and healthcare.
- Breach and attack simulation (BAS)
BAS tools are emerging to provide continuous defensive posture assessments, unlike tools such as penetration testing. With BAS as part of regular security assessments, teams will be more efficient at identifying gaps in their security posture and be able to prioritize security initiatives better.
- Machine identity management
Non-human entities are increasingly present in organizations. It is thus imperative that they implement machine identity management as part of their security strategies, in order to establish and manage trust in machine identities and their interactions with other entities such as devices, applications, or cloud services and gateways.
Computer security efforts around APAC
Down under, the Australian government updated its ten-year, US$ 1.2B national cybersecurity policy in 2020, channeling US$ 45mil into protection for SMEs. APAC leader in cybersecurity readiness, Singapore also strengthened its policies to deal with the rising tide of attacks on financial institutions worldwide.
Some private sector players have also been stepping up computer security efforts, such as Alibaba-backed Lazada. The SEA e-commerce giant has been working with white hat hackers to detect security vulnerabilities in its IT environment over the past 18 months, this week making their ‘bug bounty’ program public, offering US$10,000 to anyone for each critical vulnerability they detect in Lazada’s platform.
Whilst these efforts are commendable, APAC leaders should look towards realigning their strategies with those trends in mind, for consistently stronger and more efficient cybersecurity practices.