IT security starts with understanding your assets: Asia Pacific


A perfect example of the remote work security challenge is when a NTUC employee accidentally downloaded malware onto a laptop that he used to access company files by plugging in a personal USB drive. “We received a security alert immediately, but the repair work was difficult,” Loe recalled. “Actually, we had to send a cyber security officer to ride a motorcycle to the employee’s home to retrieve the computer for investigation. In the past, we could protect the network by simply cutting off the employee’s laptop access. But when the employee works from home, We cannot risk losing any data on the Internet.”

Welcome to the new cyber security threat landscape, where 61% of organizations are increasing their cybersecurity investments According to the Gartner CIO Agenda survey in 2021, in the era of the home office pandemic. Teleworkers rely on cloud computing services to complete their work, whether it is communicating with colleagues, cooperating on projects, or joining video conference calls with customers. Moreover, when the information technology (IT) team is now in a state of physical relocation and cannot meet their needs, remote workers can easily purchase their own online problem solutions. But all of these bypassed normal cybersecurity practices and brought a worrying world to IT.

However, for many parts of the world, remote work is just one of many factors that increase the risk of organizations facing cybersecurity breaches. The Asia-Pacific region is no exception. 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks report that they have experienced cybersecurity attacks from unknown, unmanaged or poorly managed digital assets.

A comprehensive inventory of networked assets for today’s modern remote working environment and restarting network security policies can reduce risk. But organizations must also understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in the Asia-Pacific region.

To better understand the challenges facing security teams in the region today and the strategies they must adopt, MIT Technology Review Insight and Palo Alto conducted a global survey of 728 respondents, of which 162 were from the Asia-Pacific region. Their response and input from industry experts have identified specific security challenges in today’s IT environment and provided a key framework to protect the system from the increasing number of bad actors and fast-moving threats.

Vulnerabilities in the cloud environment

The cloud continues to play a key role in accelerating digital transformation. And there are good reasons: cloud technology provides huge benefits, including greater flexibility, cost savings, and greater scalability.However, the cloud environment is Accounted for 79% of observed exposureAccording to the 2021 Cortex Xpanse Attack Surface Management Threat Report, local assets are 21%.

This is a key issue because nearly half (43%) of Asia Pacific organizations report that at least 51% of their operations are in the cloud.

One way cloud services can disrupt an organization’s security posture is to contribute to shadow IT. Loe said that because cloud computing services can be easily purchased and deployed, “purchasing power has been transferred from the company’s traditional financial office to the engineers. With just a credit card, these engineers can purchase cloud services without the need for anyone to track the purchase.” He said the result is that “blind spots” may hinder IT’s efforts to protect the company’s attack surface-all possible entry points. After all, Loe added, “We can’t protect what we don’t know exists-this is an extreme reality today.”

Agnidipta Sarkar of Biocon agreed. “If there is no bureaucracy related to purchasing IT capabilities, shadow IT will be rampant,” said Sarkar, the group chief information security officer (CISO) of the Indian pharmaceutical company. “Unless the organization truly plans for digital resilience, the unplanned and uncontrolled growth of digital assets may evade the centralized governance required for information security.”

The exponential growth of interconnected devices also poses challenges for organizations to protect their cloud infrastructure. “Many people don’t know that IoT devices such as sensors are actually computers, and they are powerful enough to launch robots and other types of attacks,” Loe warned. He cited examples of smart locks and other mobile apps that allow employees to unlock and open doors and allow hackers to gain unauthorized access to the company network.

Although cloud services and interconnected devices have caused widespread network security issues, organizations in the Asia-Pacific region face more challenges. For example, Loe pointed to the varying degrees of cyber security maturity among countries in the region. “We have countries like Singapore, Japan, and South Korea that rank high in terms of network maturity,” he said. “But we also reflect Laos, Cambodia, and Myanmar, which are at the lowest end of the maturity period. In fact, some government officials in these regions still use free Gmail accounts for official communication.” Loe said that some vulnerable countries have been used to attack neighbors. Country’s launch pad.

Another factor that distinguishes some Asia-Pacific countries from the rest of the world is that they were not prepared to move quickly to remote work in the first few months of the pandemic. According to Kane Lightowler, vice president of Cortex, Palo Alto’s Threat Detection Platform Division, organizations that lag behind in their digital transformation efforts “must prioritize business continuity first,” thereby relegating cybersecurity to a secondary position. Unfortunately, he added, “Many of these companies still haven’t caught up to doing business in a safe and compliant manner. It’s not until 2021 that they start to put safety first again.”

download Full report.

This content was produced by Insights, the custom content division of MIT Technology Review. It was not written by the editors of MIT Technology Review.


Source link