Navigating the evolving cyberthreat landscape

Organisations across the globe, including Asia Pacific (APAC), have been investing in digital transformation with a view to adopt emerging technologies to drive business success. According to IDC, digital transformation spending in Asia Pacific alone is expected to reach nearly US$ 375.8 billion in 2019. Needless to say, new technologies present tremendous opportunities for both governments and businesses. However, this widespread adoption of digital technologies also opens more doors for malicious actors.

From trojan attacks to highly personalised ransom attacks, cyberthreats have only been getting more complex and elusive. In this game of cat and mouse, enterprises need to adopt a new mindset towards cybersecurity in order to come out on top.

You can run but you can’t hide

While digital transformation is taking place at a rapid pace, investments in cybersecurity are yet to catch up. As a result, we are seeing a rise in cyberattacks such as Advanced Persistent Threats (APTs) exploiting vulnerabilities and security gaps. For instance, ESET recently discovered the use of UEFI rootkits in a campaign by the infamous Sednit APT group (also known as Fancy Bear).

A rootkit is a dangerous malware designed to gain illegal and persistent access to a system. UEFI is the set of rules a system’s firmware functions on. As such, UEFI rootkits can be particularly dangerous, as they are very persistent, having the ability to survive a computer’s reboot, re-installation of the operating system, and even hard disk replacement, and also because they are difficult to detect.

The discovery puts into perspective the enormity of cyberthreats organisations face, as these rootkits only existed as a proof of concept up until this case and none had been detected in a real cyberattack.

Fact is, the threat landscape is evolving, and every organisation, irrespective of industry or size, can be a target. So, how can businesses protect themselves?

Taming the beast

The first step is putting cybersecurity at the centre of the business agenda. Often times, cybersecurity only comes to the forefront after a breach has been detected, when it is too late.

Enterprises today need to proactively develop cybersecurity strategies and invest in robust and holistic solutions that can protect them from advanced threats. It is also important to review the strategies and solutions on a regular basis because what works today may not work tomorrow, as the threat landscape becomes increasingly sophisticated.

Once a sound strategy has been devised and the necessary solutions have been put in place, the next step is training employees to understand and combat risks. Unfortunately, basic techniques such as phishing emails still work to this day. Employees need to be trained on various aspects such as password policies, web and email protection, and best practices for security, both at work and at home.  Without buy-in from employees and end-users, no organisation can succeed in its security journey. At the end of the day, every organisation is only as strong as its weakest link.

As the example of the UEFI rootkits highlights, threat intelligence is another critical aspect of enterprise security. In order to fully protect themselves, enterprises must keep track of the latest information on the threat landscape so that they can predict and prevent threats even before they strike.

Looking at the future

Having highlighted the dangers of cyberattacks, it is important to point out that it’s not all gloom and doom. Though advancements in technology are being used by attackers to their benefit, the same technologies are being used to devise solutions too. For instance, machine learning algorithms, which may pose a security risk if tampered with, can also be used to study large amounts of data and detect anomalies or threats in a much shorter timeframe.

Ultimately, as the region and the world goes digital, cybersecurity is a concern that simply can’t be avoided. Enterprises and their employees need to focus their time and resources on security to mitigate the growing risk presented by cyberthreats, known and unknown.