Over the past two years, the number of cyberattacks has gone up astronomically. Ransomware, state-sponsored attacks, and various other threats continue to rise. Meanwhile, IoT and 5G are emerging, and remote work has already established itself as a credible model for the future of work.
In a recent webinar organised by Jicara Media and hosted by Armis and Netpoleon, senior executives from the two companies discussed the changing cybersecurity paradigm in this new borderless landscape, in which the digital and physical worlds are merging to raise the stakes in security.
APAC: A growing market for cybercriminals
Today, there are around 52 billion devices in the world, to cater to a population of about 8 billion. And, as Max Foo, COO & Regional Director at Netpoleon, pointed out, about half the world’s population – around 4 billion – lives in APAC.
Of this 4 billion, he elaborated, about 2 billion people are connected. Even though this is only half the region’s population, it is still a substantial number when compared to a region like Europe, which has only 500 million people.
Foo described that, with such a huge population that is rapidly jumping onto the digital highway, the security landscape has inevitably evolved. Cybercriminals are now presented with a larger attack surface, in the form of all the devices, and have capitalized on it by increasing the number, intensity and sophistication of the attacks. An example, he said, is the rise the of BEC (Business Email Compromise), with companies being tricked into transferring large sums of money because of a single, legitimate-looking email.
Andrew Draper, APJ – Regional Vice President at Armis, concurred, stating that ransomware is on the rise, and described the monetization of cybercrime. He cited the example of healthcare data, showing how compromised health data can be much more commercially valuable to a cybercriminal compared to credit card data. Credit cards have a limit and can be cancelled immediately, and therefore have a relatively low economic value for the hacker. Hospital records, on the other hand, can be sold in the dark web for a much larger sum. And even more valuable today is the ability hacking into systems that control critical infrastructure, which can become a national security threat and impact the physical safety of people.
Agentless security: A new approach
The participants all agreed that APAC is facing a shortage of skilled cybersecurity experts, extending from Australia to Singapore, Malaysia, and all other parts of the region. This situation has exacerbated due to travel restrictions brought on by the pandemic. Due to this shortage, resource has become an issue, and many enterprises today are hard-pressed to find people to manage and run their expanding security scope.
One way to address this, said Draper, is to turn to agentless device security, which is completely passive and requires no agent. The reason, he said, is the sheer volume of devices means that it’s impossible to put agents on all of them. The traditional security routine of loading Endpoint Detection and Response (EDR) onto devices has become impractical for technological and business reasons. Devices such as security cameras and building management systems are too complex to be secured traditionally, and trying to do so would be both expensive and time-consuming. Agentless security, on the other hand, allow enterprises to monitor every single device, 24/7.
Dealing with shadow IT
With pandemic-era Work from Home and the current transition to the hybrid workplace, IT teams across APAC are unable to get a catalogue of all the devices within the enterprises. A single employee might now have many devices, and might unknowingly bring threat into the organization.
Florence Lau, APJ Channel – Solution Architect at Armis, added that personal devices such as mobile phones are so convenient that bring-your-own-device (BYOD) options cannot be resisted or prevented. However, because of the convenience, users act without consideration of the risks, for example, by logging into any free Wi-Fi SSID that may be compromised.
Draper suggested that shadow IT is not limited to BYOD and unauthorized devices, but also hardware and software that are not identified. These might be different cloud instances or applications. For example, he illustrated, a large service provider in North America was discovered to have 2000 active servers which data centre security personnel were unaware of. Such a scenario brings a security risk, in that the patching or configuration of the servers is unknown, and also an environmental and economic risk in terms of the amount of heating, cooling, and energy used.
When managing shadow IT, Lau suggested, the problem lies in receiving relevant and detailed information on the network. She said that platforms devices plugged into Google, AWS and Azure can be kept track of using security platforms such as an EDR and EPP (Endpoint Protection Platform), but these are unable to send detailed reports about each specific device. Questions such as whether the right traffic is being directed to the right things cannot be answered, nor anomalous traffic understood. Foo said a multi-pronged solution is needed, because shadow IT is an all-encompassing term that can be either a device or application, and that there is no one solution that fits all.
APAC and the future of IoT
The session concluded with participants agreeing that the industry has changed, and so have to rules of cybersecurity. Foo described the situation as “a case of Tom and Jerry, an endless loop” in which cybersecurity experts and criminals are in a constant chase after rapidly evolving and adapting threats from multiple vectors – many of whom are well-resourced.
Draper summed up the situation in APAC: fortunately or unfortunately, he said, there will be more state-based probing of businesses and networks. Governments are implementing more legislations around cybersecurity infrastructure, and are also willing to spend more on it. He ended on an optimistic note, declaring that while ransomware and security threats have evolved, new innovations in the security space such as agentless security allow enterprises to stay one step ahead without having to unravel their current security posture and build from scratch.
