Public and private sector organisations – from government and military to banking, energy and transportation – have become digital-centric to seek economic savings, productivity gains and to create customer and citizen value.
As economies move towards digital transformation and adoption of Industry 4.0 technologies, cloud migration and adoption are no longer a question, but a given. The focus now must expand on understanding the risks involved after deployment and how new cyber threats can be mitigated for Critical National Infrastructure (CNI).
Cyber-attacks in Southeast Asia (SEA) have increasingly grown in sophistication and prevalence, in part due to increased digitalisation but also geopolitical changes and disruptions by the ongoing Covid-19 pandemic.
Earlier this year, an unnamed SEA government became the target of a new cyber-espionage weapon, in what has become a long-running campaign targeting official agencies and owned businesses across the region.
According to Deloitte, critical infrastructure operators in Asia-Pacific are progressively being targeted by cyber espionage and sophisticated attacks with the potential for severe disruption to essential services such as energy and water supply.
Rapid digital transformation and convergence of disruptive technologies have led to a much wider attack surface, testing the resilience of the region’s infrastructure.
As more organisations expand their cloud services, new findings in a Vectra PaaS & IaaS Security Survey Report has revealed uncovered some startling blind spots. These include 30% of organisations surveyed have no formal sign-off before pushing to production and 40% of respondents say they do not have a DevSecOps workflow.
But it’s not just enterprise security that needs further scrutiny. With the development of critical infrastructure projects, such as public health initiatives and massive investments in supply chain, billed as vital to lead the region towards economic recovery, more eyes will turn to how best to protect these prime targets from cyberattacks.
Unfortunately, not every country in the region is well-equipped to bolster cybersecurity capabilities and the question remains, how best can they be supported to lay the foundation to do so?
A collaborative approach to regional cyber defence
Singapore and Australia are leading examples of countries that are capacity building and investing in boosting cybersecurity beyond their shores. For example, the Cyber Security Agency (CSA) of Singapore launched the ASEAN-Singapore Cybersecurity Centre of Excellence, a $30 million investment over five years to offer policy and technical programmes for its participants.
Earlier this year, Australia launched the International Cyber and Critical Technology Engagement Strategy; this programme pledges over A$37 million towards a strategic and coordinated approach for Australia and the Indo-Pacific region to address cyberspace and critical technology issues.
The private sector has further championed these efforts; for example, Microsoft has brought together 15 policymakers from seven APAC markets to form a cybersecurity executive council, to facilitate the sharing of threat intelligence and resources.
This initiative pays recognition to the higher frequency of malware and ransomware attacks in the region compared to global averages and the vulnerabilities of emerging economies, such as Indonesia, India and Sri Lanka.
While no single agency or government can fight cybercrime effectively, it is abundantly clear that organisations must better understand how to mitigate risks and double down on efforts to stop attackers breaching critical infrastructure.
Imagine the chaos that can be unleashed in today’s growing digital economy of eCommerce and e-citizen services, online payments, virtual learning, remote access building management and so much more!
Recognising the risks and finding a solution
The benefits of greater speed and agility that comes with the cloud have enabled faster delivery of applications among numerous other advantages. However, these need to be balanced against security risks that arise from cloud deployments, which can often be complex.
What Vectra’s PaaS & IaaS Security Survey Report has revealed is that risk exponentially increases as more people are granted access to a cloud environment. Although companies surveyed are investing heavily in security operations, the challenges of securing the cloud are expected to continue for the foreseeable future due to sheer size, scale, and continuous change.
Constantly evolving CNI threats means a round-the-clock effort and highly specialised skills to bolster enterprise cybersecurity.
Typically, most organisations have lean IT teams and lack the cybersecurity expertise required to pre-empt and mitigate sophisticated threats, placing enormous strain on what is potentially an already limited resource.
Securing the cloud with confidence is nearly impossible due to its ever-changing nature. To address this, companies need to limit the number of attack vectors malicious actors can take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible.
Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness.
Securing CNI infrastructure with incident response
CNI organisations must be ready and able to defend against a wide range of threats that attempt to steal from, disrupt, damage, or deny their operations.
When it comes to assets and infrastructure that are essential for the functioning of a society or economy, it’s no longer enough to just invest in the tools but it matters to build knowledge and establish stringent governance frameworks.
Attackers are increasingly targeting Operational Technology and Industrial Control Systems in ransomware attacks.
That’s where vendors with true cybersecurity expertise drive value, helping organisations not only to draw upon the expertise and intelligent, AI-driven detection tools but to also gain deep visibility into security and compliance gaps.
Slowing down the attackers is only part of the challenge, CNI organisations should have the right capabilities that would also speed up defences across all network stacks be that IaaS, SaaS, PaaS, or Datacentre.
The only way to achieve this is via prioritisation of incidents leveraging AI and automation. This will bolster the limited capacity of the security operations centre giving it the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and the risk of a widespread breach.
