Ransomware is a scourge that continues to haunt enterprises daily. In Asia-Pacific, one in every 20 organisations was hit with ransomware in 2023, according to the Financial Services Information Sharing and Analysis Center’s latest report. This meant that the incidence of ransomware attacks in the region increased by 15%.
According to Morgan Jay, Chief Revenue Officer of cybersecurity firm Pentera, many APAC firms are still exposed to hackers despite making sizable cybersecurity investments. Jay sat down with Frontier Enterprise to share his thoughts on security gaps in the region, automating security validation, and AI’s role in fending off threats.
Blind spot
On average, APAC enterprises invest US$1.4 million on 54 security solutions across their organisation per year, Pentera’s State of Pentesting 2024 report revealed. For Jay, this is a notable development in the fight against cybercriminals.
“The good news is that organisations in the market recognise the growing dangers associated with cybersecurity threats, adopt proactive approaches to increase their resilience, and are making the applicable financial investment. This is a great first step towards improving the situation. Willingness to invest is the first major step towards building a comprehensive program,” he said.
The problem, however, is that 73% of these organisations are making changes to their IT environment at least every quarter, while only 40% are undertaking penetration testing during the same period.
“This is a serious frequency gap between the rate at which changes occur within the IT infrastructure and the rate of security validation testing, leaving organisations open to risk for extended periods of time,” Jay noted.
Globally, there has been significant strides in endpoint detection and response (EDR) validation, although organisations still have blind spots, the CPO remarked.
“Organisations believe their EDR coverage is 100%, but testing often reveals agents missing from assets or agents not leveraging the correct policy. With the frequent changes to IT environments, it’s common for these types of misses to happen. New users, workstations, or deployments can shift your exposure constantly, so even if your EDR coverage was 100% last week, this week it may very well have changed. Ongoing, frequent testing of your live environments enables security teams to identify and quickly remediate issues so that they ensure the coverage really is the 100% they believe it to be,” he explained.
Strategic design
According to Jay, proactive security frameworks such as continuous threat exposure management are quickly becoming the standard among enterprises worldwide. By maintaining an adaptive cybersecurity posture, organisations can actively manage their cyber exposure by prioritising risk mitigation strategies.
Meanwhile, security validation is needed to ensure successful exposure management, validating the effectiveness (or identifying the ineffectiveness) of existing security controls against the tactics, techniques, and procedures that threat actors are using in the wild.
“We recommend that you test your security early and often. Security validation testing allows organisations to continuously test their complete IT attack surface, identifying where existing security measures are effective and where vulnerabilities may be exploited by threat actors. This understanding helps security teams identify and prioritise the most dangerous gaps based on their business impact, ensuring that the remediations have a real impact to reduce exploitability and strengthen their security posture,” he said.
Jay, who has previously served in various capacities at Imperva, also shared some of his learnings in designing a comprehensive security strategy for enterprises.
“Consistency is paramount for any successful company as it expands. At Imperva, managing different regions taught me that while it’s essential to allow teams the flexibility to make slight adjustments suited to their specific markets, the overarching strategy must remain consistent. This consistency ensures that every region, regardless of its unique characteristics, upholds the same core values and standards,” he reflected.
“Ultimately, all regions collectively represent a single, unified company. Maintaining this balance between regional autonomy and global consistency is key to driving cohesive growth and sustaining our brand’s integrity worldwide,” the executive continued.
Future growth
Within the next few years, Jay identified artificial intelligence as the technology that will have the most significant impact on cybersecurity. The CPO, however, noted that AI is a double-edged sword.
“On the one hand, AI can significantly improve our cybersecurity measures. For example, AI can improve pattern recognition and develop better anomaly detection tools. It can also help security teams address talent shortages by increasing overall team efficiency and filling knowledge gaps. Processes that once needed manual implementation, like network segmentation and access control, can now be automated, reducing security risks. The benefits of AI are limitless,” he said.
On the other hand, as crooks also leverage AI to carry out attacks, it is important to always be one step ahead.
“They can use it to increase the sophistication of phishing campaigns, comb through massive amounts of data to identify and locate sensitive data such as passwords, even if they don’t speak the language the file is written in, and eventually to write the malicious code for their attacks,” Jay explained.
Meanwhile, Pentera Labs’ research team, composed of cyber researchers with backgrounds in intelligence units, has recently architected a safe version of the complete LockBit 3.0 ransomware campaign to test the vulnerability of Linux environments.
“This enables our customers to stress-test and validate the effectiveness of their existing security against one of the most dangerous and ubiquitous ransomware attacks without the associated risks,” the executive concluded.