Cyberattackers in the Asia Pacific region have become increasingly smarter with the advent of generative AI. As large language models are integrated into consumer-facing products, the threat surface for cyberattackers has also expanded. However, generative AI also offers specialised capabilities to more efficiently counter the evolving threats posed by malevolent actors.
In 2023, cyberattackers used AI to enhance the speed and accuracy of their attacks. For instance, employees at a major South Korean mobile phone manufacturer violated confidentiality protocols by sharing sensitive company data with a generative AI-powered chatbot, leading to three separate incidents of data leakage.
Threat actors are using generative AI to compose phishing emails and marketing lures that are exceptionally convincing and often highly personalised. Consequently, email-based cyberattacks in the region surged in 2023. The fact is, generative AI lowers the entry barrier at every stage of the attack lifecycle.
How do cybersecurity teams, and even CTOs and CISOs, enhance their security posture and increase their capabilities? Here are the key cybersecurity trends we’ve identified and what they mean for organisations this year:
1. Ransomware
Ransomware is a constant concern for businesses. The 2023 Verizon Data Breach Investigations Report (DBIR) shows that ransomware persist as a top attack tactic, accounting for 24% of breaches globally. The most common ransomware vector in the Asia Pacific region is phishing emails, followed by Remote Desktop Protocol (RDP).
Ransomware like any other cyber attack type requires a multi-layered approach to defend against. There are steps that can be taken to both prevent ransomware infections or stop the progress of a compromise.
- Cyber awareness training across the organisation is crucial in preventing ransomware attacks.
- Be vigilant with security software by investing in tools like Endpoint Detection and Response (EDR) and keeping them up to date to eliminate the easy access for attackers.
- Focus on zero trust to stop attacks in progress by deploying multi-factor authentication (MFA), advanced access controls and segmentation.
- Ensure monitoring the security tools that have been deployed to quickly identify and eradicate threats.
- Fix unpatched software and systems especially against known vulnerability that has been out awhile.
- Encrypt your important data as this is what ransomware gangs are after
- Regularly backup the important data to help recover quickly.
2. Zero Trust
Zero trust is a modern security framework that addresses challenges in remote and hybrid working, evolving ransomware threats, and hybrid cloud environments. With networks being local, cloud-based, a combination of both, or hybrid, and resources and staff accessing them from anywhere, zero trust operates on the premise that there is no traditional network edge.
This framework encompasses several principles and technologies, including continuous monitoring and validation, least privilege access, device access control, microsegmentation of security perimeters into smaller zones, prevention of lateral movement, and multi-factor authentication.
Zero-trust principles primarily aim to reduce an organisation’s attack surface. Additionally, by using microsegmentation, zero trust not only minimises the impact area but also lowers recovery costs. It reduces the impact of user credential theft and phishing attack likelihood by requiring multi-factor authentication. The framework also reduces the risk posed by vulnerable devices, including IoT devices, by verifying each request.
We can look at the 9 things to do to setup a Zero-Trust environment:
Four design principles
- Focus on business outcomes
- Design from inside out
- Determine who/what needs access
- Inspect and log all traffic
Five step methodology
- Define the protect surface
- Map the transaction flows
- Architect a Zero Trust environment
- Create Zero Trust policies
- Monitor and Maintain
3. Endpoint Detection and Response (EDR)
EDR continuously monitors end-user devices to identify and respond to evolving cyberthreats such as ransomware. Such solutions provide security teams with the necessary visibility to detect incidents that would otherwise go unnoticed. An optimal EDR solution offers continuous, comprehensive real-time visibility into endpoint activities using advanced techniques, such as behavioural analytics, threat intelligence and artificial intelligence to protect endpoints in real time.
In today’s modern cybersecurity defence, EDR is an essential component of endpoint security to help organisation to prevent, detect and respond while also enabling proactive investigations, containment, and threat hunting.
EDR offers precise visibility into intrusions when endpoints are compromised. It can also provide actionable intelligence for remediation by recording security-relevant data. Despite the advantages of EDR solutions, it is important to note that organisations need skilled resources to analyse the extensive data generated. Knowing what to look for eases complex data challenges, and expert resources are essential to expedite the remediation strategy.
4. Threat Hunting
Sometimes, security solutions may not detect malicious activities, allowing intruders to infiltrate the network and lie in wait for an opportune moment to strike. During this time, they can stealthy gather data, scan the network and systems for confidential material, or access login credentials to move laterally across the network environment. Many organisations lack the solutions to detect advanced persistent threats within their environment.
Proactive cyberthreat hunting usually involves three steps: the trigger, the investigation, and the solution. Threat hunting is highly complementary to the standard process of incident detection, response, and remediation, enhancing these operations by actively searching for hidden threats.
Effective threat hunting requires a combination of skilled human resources, large volumes of data, and the latest threat intelligence. Managed services providers can offer the necessary competencies for successful threat hunting to provide a peace of mind for organisations to stay ahead of the evolving cybersecurity landscape and protection from advanced attacks.
5. Cloud Security
Cloud security is a concern for all businesses, whether operating in the cloud or not. Major cloud security risks include denial of service, malware, SQL injection, data breaches, and data loss.
Complexity in cloud computing can lead to a loss of visibility into the infrastructure. Complying with cloud standards require knowledge of data location, access methods, processing, and protection measures. In the cloud environment, risks can arise unintentionally even from trusted employees, contractors, and business partners.
Contractual breaches can also compromise cloud security. Externally facing APIs may introduce cloud security risks, while misconfigurations remain one of the most common causes of cloud security vulnerabilities.
Effective cloud security management offers benefits like centralised threat protection, reduced costs and management effort, and higher reliability. A competent cloud security services provider can help secure data in transit and at rest, protect assets under regulations like GDPR, and monitor changes in configuration and security. They can also collaborate with trusted partners with proven cloud security track records.
A quality cloud service provider can provide tools for secure user management and integrate security and compliance while offering identity and authentication features. It’s crucial to choose a provider with strong operational security, protective monitoring, and pre-planned incident management processes to ensure the security, availability, and continuity of the cloud service or application, and minimize the impact and damage of any security incident.
6. Governance, Risk and Compliance (GRC)
As a corporate management model, GRC breaks down traditional barriers between business units, fostering collaboration to achieve strategic goals. Implementing GRC allows key stakeholders to set shared policies and ensure compliance with regulatory requirements.
Organisations can make quicker, data-driven decisions by monitoring resources and establishing rules or frameworks using GRC solutions. GRC streamlines operations around a common culture, promoting ethical values and fostering a conducive environment for growth.
An integrated GRC framework helps businesses employ data security measures to protect customer data and private information. A GRC-centric IT strategy builds customer trust and safeguards the business from penalties.
Defining organisational goals with the GRC model is important. Auditing current processes and technologies managing GRC helps in choosing appropriate frameworks and solutions. It’s vital that top leaders set clear GRC-driven policies and encourage acceptance within the business.
A managed services provider can help in establishing the right GRC strategy, framework and introduce suitable GRC solutions, including tools for risk analysis, assessment, and identifying links to business processes, internal controls, and operations.
7. Awareness Training
Over 90 percent of security breaches stem from human error. Security awareness training is crucial in reducing risks associated with human error. An effective training program should cover common cybersecurity mistakes employees may make while using email, the web, and in physical situations such as tailgating or improper document disposal.
Security awareness training is highly effective at changing employee attitudes and behaviour towards critical security practices through expert content and streamlined administration of courseware, typically from a single platform.
Components of awareness training should include training content in different shapes and sizes including videos, interactive quizzes, games around phishing awareness, password security, compliance with privacy issues covering HIPAA, PCI, and GDPR, insider threats, CEO or wire fraud education (i.e., demonstrating how attackers might impersonate a C-level executive to scam the company), understanding the vulnerability of data in motion and methods to protect it, and common office hygiene.
The program should also provide opportunities to practice reporting suspicious emails and links while regularly testing the users with “fake” phishing and spoofing attempts in order to train them to keep their alertness at all times. A successful program should also include a well establish tracking and reporting capability to ensure that content are set to appropriate levels for each user while documenting and measuring the improvements being made to the overall security of the organisation.
How the future looks like with AI
This subject probably warrants a series of articles by itself. Cybersecurity is one area that is eagerly incorporating AI or AI-like capabilities. Questions have arisen about the risks of AI and how it will impact people’s lives and society in general.
Everyone is talking about AI in cybersecurity. It’s the future of efficiency for both the good guys like us and the bad guys. With the current cyber skills shortage, AI and automation can significantly enhance cybersecurity functions, from automating repetitive tasks and reducing human error to detecting and responding to cyberthreats more efficiently. It can be used in predictive intelligence to anticipate and prevent attacks, balance security with user experience, and minimise fraud.
With the Asia Pacific region facing a shortage of 2.7 million cybersecurity workers, AI has the potential to augment the capabilities of understaffed teams that monitor and respond to cyber-attacks by automating tasks that reduces the workload and human error, predicting threats from data by detecting patterns and trends to indicate potentially malicious activities allowing human team members to proactively identify and track new or unknown threats
External expertise can be invaluable in determining how to use generative AI, weighing the decision between investing in AI and recruiting additional cybersecurity staff, while mitigating the risk of confidential information breaches.
If you are looking for help to enhance your organisation’s security posture, contact us today to discuss your needs.