Cybersecurity continues to be the biggest concern for organisations all over the world. Be it large enterprises or small businesses, running a business today with minimal or traditional cybersecurity protection is basically like serving an open buffet to cybercriminals.
While businesses have been taking the necessary precautions and adding solutions to protect their organisation, there are still many challenges they need to overcome. Some of these challenges can be easily solved, while others require more attention.
At VMworld 2020, VMware unveiled several updates for security portfolio, including VMware Carbon Black Cloud Workload. It delivers advanced protection purpose-built for better securing modern workloads to reduce the attack surface and strengthen security posture. This innovative solution combines prioritised vulnerability reporting and foundational workload hardening with industry-leading prevention, detection and response capabilities to protect workloads running in virtualised, private and hybrid cloud environments.
In a media session with APAC journalists, Tom Kellerman, CEH, CISM Head of Cybersecurity Strategy at VMware Carbon Black said, the US alone has seen a 400% increase in cyberattacks. Cybercriminals are using more advanced techniques with custom malware being deployed 50% of the time of attacks. The problem with custom malware is that it’s hard to prevent and highly problematic.
VMware Carbon Black’s Global Threat Report also reported that the global cyber threat landscape has escalated in the wake of COVID-19, with 91% of global security professionals surveyed reporting that they had seen an increase in overall cyberattacks as a result of employees working from home. 32% of global respondents found very significant gaps in their visibility into cybersecurity threats. At the same time, more than a quarter of those surveyed felt that there are severe and significant gaps in terms of enabling a remote workforce.
Tom also highlighted that island-hopping is now becoming the top method for cybercriminals. An island-hopping attack is a hacking campaign in which threat actors target an organisation’s more vulnerable third-party partners to undermine the target company’s cybersecurity defences and gain access to their network. In this case, organisations on their digital transformation journey are being targeted with their cloud, network, endpoints and mail servers being used to access mining marketplaces.
For organisations, there are five key challenges when it comes to dealing with security incident detection and response. They are:
Detection challenge – being able to detect a security incident
Investigation challenge – finding out where and how the incident happened
Incident response challenge – being able to react and take action on the incident
Time challenge – time taken to solve the threat
Distributed enterprise challenge – ensure the incident is contained
“Cybercrime is no longer just a burglary. It has transitioned into a home invasion. Businesses should focus be on how they can decrease the reaction time to cybercriminals. The decreasing dwell time is the true ROI. They have to consider an intrusion suppression via an intrinsic security approach. Businesses need to know at what point do they actually move all their data into the panic room. And this is what an intrinsic security can do for them,” said Tom.
VMware XDR transforms security operations with a unified security incident detection and response platform. Businesses will have full visibility across their entire infrastructure, allowing them to automatically collect and correlate multiple sources of telemetry and enforce on multiple types of control points to not only reduce noise but also enable faster threat detection and have a more sophisticated response. It protects any environment with integrations not only with VMware but others as well.
Cybersecurity challenges in ASEAN
Around the world, businesses are in different stages of their digital transformation. In the ASEAN region, the same applies as well.
Sanjay K. Deshmukh, Vice President and Managing Director, Southeast Asia and Korea, VMware, explained that the ASEAN has its unique challenges in their approach to cybersecurity. The biggest challenge is the diversity over the region, which VMware is working hard to fix in all countries.
There is also a varied level of maturity in the economies. Singapore, for example, is more prepared in their cyber security compared to Indonesia, which has the largest economy in the region and is the least prepared. However, Singapore is also the most targeted country in the region compared to the other ASEAN nation like Malaysia, Thailand and Vietnam.
“Most businesses in Southeast Asia are still having a very reactive approach to cybersecurity. They are on a 1.0 security paradigm. They need to realise that security has to go beyond the data centre. Whether its application or data, it has moved to the edge on the cloud. The threat radius has expended and this is a challenge. Dealing with these new threats requires a new approach which is lacking in this region. They need to have a transformative approach to security and deal with it in an intrinsic approach. We see a massive opportunity in this region,” added Sanjay.
Echoing Sanjay was Matt Bennett, Vice President of the Asia-Pacific and Japan region for VMware Carbon Black. Matt believes that security has to change from its reactive focus. Judging by the amount of incidences company faced in the last couple of months due to the COVID-19 pandemic, remote workers, for example, are the most vulnerable targets because most of them are using their own or company devices that do not have updated patches.
“Spear phishing is still a cyber threat but there have been more incidents whereby cybercriminals exploit unpatched applications followed by island hopping. Businesses need to integrate cybersecurity into IT controls. VMware offers grade A capability sets that are able to identify and prevent risk in an automated fashion,” explained Matt.
He added that most small businesses think they are not going to be targeted. However, all it takes are to have the right or wrong customer to allow island hopping. Cybercriminals know who small businesses deal with and will use them to get into the bigger organisations. This is where cybercriminals exploit digital transformation in small businesses. Small businesses can automate a lot of security through existing IT controls to defend against 95% of threats.
Interestingly, Sanjay pointed out that cost is not a bottleneck for small businesses when it comes to cybersecurity. In fact, he said a lot of businesses are still focused on the traditional firewall approach to security. For example, Sanjay said a customer in Singapore had partner field agents using their own devices to promote their business. However, the field agents had Android devices which were compromised and led to a challenge in solving the problem. If the company had taken an intrinsic approach, they could have avoided the entire incident.
Cybersecurity Post COVID-19
“We saw two things happen from COVID-19. Firstly, the threats went up and service attack became a lot broader. Secondly, businesses had to figure out how to enable remote working and how to secure it the right way,” said Tom.
Post COVID-19 is most likely going to see the second pandemic of cybercrime, as remote workers provide a massive opportunity for cybercriminals. The increased lack of visibility on remote workers will only see more opportunities for island hopping post-pandemic.
“How do you drive security and non-security people? Everyone has to play a role and understand that threats are dynamic, and threats change. Security must be a team sport and not be in silo. Everything and everyone have to be tied in,” concluded Tom.