This article first appeared in Digital Edge, The Edge Malaysia Weekly on April 11, 2022 - April 17, 2022
Here’s a terrible tale with a twist: Three tourists who trespassed into a remote village are caught, convicted and sentenced to death by hanging at the gallows, built over the river. The first man steps forward. A tribesman fastens a noose around the man’s neck, and the witch doctor pulls a lever that opens the trapdoor. The rope breaks, the man falls into the river — and quickly swims to the other side.
The second man steps forward. A new rope is hung around his neck. The witch doctor pulls the lever and the rope snaps. The man falls into the river — and swims away to safety.
Finally, the third man steps forward. Another rope is hauled up the gallows. The noose is placed around his neck. “I want to warn you about something important,” the man tells the witch doctor. “Before you pull that lever, please make sure the rope is strong — because I cannot swim.”
If that quirky story made you laugh, then this piece of news should make you lament: The potential economic loss in Malaysia due to cybersecurity incidents could be as high as RM51 billion, according to a study conducted by Microsoft and Frost & Sullivan published in July 2018.
In all of 2021, a total of 10,016 cyber-incidents were reported to Cyber999, the cybersecurity incident response centre under MyCERT (Malaysia Computer Emergency Response Team). Ubaid Mustafa Qadiri, head of technology risk and cybersecurity at KPMG Malaysia, noted that 71% of the reported incidents were fraud-related. Intrusion attempts and malicious codes were among the top three threats.
“Cybercrime is changing as criminals avail themselves of new technology, which means our approach to cybersecurity must evolve as well,” Ubaid stated in a blog post. “Whether it’s advanced persistent threats, ransomware, backdoor attacks, or something we’ve yet to see, there will always be new perils for us to contend [with]. A lack of preparation and being overly reactionary can be as detrimental as the actual cyber-incident. It’s important to have a plan, test your responses according to different scenarios, and understand the depth and breadth of cyber-incidents to your business.”
Gartner Inc says enterprise cybersecurity needs — and expectations — are maturing, and executives need to have more agile security amid an expanding attack surface. “The CISO (chief information security officer) role has moved from a technical subject-matter expert to that of an executive risk manager,” says Gartner research vice-president Peter Firstbrook. “By 2025, a single, centralised cybersecurity function will not be agile enough to meet the needs of digital organisations. CISOs must reconceptualise their responsibility matrix to empower boards of directors, CEOs and other business leaders to make their own informed risk decisions.”
The pandemic has already caused pandemonium worldwide, with people forced to work, study and play at home as countries forced lockdowns on their populations. And now, as the worry of World War III looms large, the risks — both physical and virtual — have gone up several notches.
“Organisations are facing sophisticated ransomware, attacks on the digital supply chains and deeply embedded vulnerabilities,” Firstbrook notes. “The pandemic accelerated hybrid work and a shift to the cloud, forcing CISOs to secure an increasingly distributed enterprise — while dealing with a shortage of skilled security staff.”
While digital transformation propels cloud adoption and usage, it puts institutions and businesses at greater cyber risk. “Lack of cloud security skills means the business of protecting the organisation operates at a distinct trust deficit,” states KPMG’s Cybersecurity Considerations 2022 report.
“Organisations can promote the view that all data in the cloud is the responsibility of the organisation and ensure everyone understands cloud-specific security requirements and collaborates with the cloud service provider to avoid misconfigurations.”
In the decade before the pandemic, of every US$2 in new global investment, US$1 went to companies in Asia. “However, more companies in the Asian region destroyed economic value than created it,” notes a recent study by McKinsey. “Asia had more ‘troubled’ companies (those with deep economic profit losses) and fewer economic champions. The pandemic widened the gap between leaders and laggards.”
The silver lining? “Corporate Asia has proved to be resilient in the face of the pandemic, expanding profits,” McKinsey says. “As economies rebound, there appears to be a huge momentum that can enable leading companies to use the pandemic as a catalyst for enhanced performance.”
On the flip side, Asia has also become the epicentre for cybercriminals. In all of 2021, Asia was the most-attacked region with 26% of all hits. Europe and North America followed closely behind with 24% and 23% of attacks respectively, says a just-released study by IBM Security X-Force.
“The world grapples with a pandemic, shifts to ‘work from home’ and ‘back to office’, and geopolitical changes are spawning a constant drone of mistrust,” the X-Force team reports. “All of this equates to chaos, and it is in chaos that cybercriminals thrive. In 2021, we saw how threat actors used a shifting landscape to adopt techniques to infiltrate organisations across the globe successfully.”
The X-Force team monitors 150 billion security events per day in 130 countries and has been granted more than 10,000 security patents worldwide. The X-Force Threat Intelligence Index 2022 mapped new trends and attack patterns, drawing from billions of data points — ranging from network and endpoint detection devices, incident response engagements to domain name tracking.
In Asia, finance and insurance companies were attacked most frequently, accounting for 30% of incidents, followed by manufacturing at 29%, professional and business services at 13%, and transportation at 10%. The finance and insurance industry was the most attacked from 2015 to 2020 globally. The X-Force team reported that Japan, Australia and India were the most attacked countries in Asia.
Cybercriminals have discovered that attacks on the digital supply chain can provide a high return on investment. “As vulnerabilities such as Log4j spread through the supply chain, more threats are expected to emerge,” Firstbrook says. “Gartner predicts that by 2025, 45% of organisations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.”
Can companies develop a response plan for ransomware? Every industry and geography is at risk of an attack. How your corporate team responds during the critical moment can make all the difference in the amount of time and money lost in a response.
Here are five preparation and mitigation tips from the X-Force team:
Prepare a response plan. It should include immediate containment procedures. Which stakeholders and law enforcement officials should be informed? How would your organisation store and restore from backups? Which alternate locations are ready for critical business functions to be run during remediation?
Plan a data theft and leak scenario as part of the ransomware attack. This is a prevalent tactic used today, seen in a very high percentage of ransomware attacks X-Force remediates.
Use ransomware drills to think through whether your organisation would pay a ransom and what factors would alter your calculus for that decision.
Ensure your ransomware response plan includes a specific contingency for a cloud-related incident, as it may require additional tools and skills.
Avoid data corruption due to malware or ransomware attacks with flash storage solutions that help prevent data loss, promote operational continuity, and lower infrastructure costs.
The bottom line: How vulnerable are you? Corporate vulnerability is a dynamic game that the hacker and the hacked play 24/7. It is played in the shadows, with tools that turn employees against their employers without the employees being aware. Vigilance and tools — such as analytics and AI and big data and business intelligence — must be deployed to mitigate the risks, halt the hackers, alert the authorities and keep cyber criminals out.
Since we started with a tribal tale, let’s end with another. Two tribesmen return from a tedious and futile hunting trip and one of them frowns. “What’s the matter, bro?” his buddy asks. “Why do you look so worried?” The other tribesman raises an eyebrow and points at an adjoining hut. “When one’s goat goes missing, the aroma of a neighbour’s soup gets terribly suspicious.”
Raju Chellam is vice-president of new technologies at Fusionex International, Asia’s leading big data analytics company
Save by subscribing to us for your print and/or digital copy.