There’s no such thing as absolute cybersecurity

The imperative of cybersecurity has reached a new level: It has become a matter of national security as attacks on critical infrastructure become more rampant and are sometimes used to advance geopolitical agendas.

In 2021, four critical infrastructure organisations in Southeast Asia were targeted. Separately, an unnamed Southeast Asian government was targeted by a cyber espionage campaign as attackers had developed a previously unknown backdoor into the Windows software running on the PCs of victims. Because of this, the highly organised operations remained under the radar for over three years.

Beyond these attacks, 87% of security decision-makers, including those from Singapore, Hong Kong, and India, said their organisation had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019 (as per research by The Harris Poll). It is, therefore, unsurprising that the cybersecurity market in Asia-Pacific (APAC) is said to be the fastest-growing region. In contrast, Singapore’s cybersecurity market is expected to become a US$2.4 billion market from 2022 to 2030.

Even with significant investments made in cybersecurity for protection against cyberthreats, many organisations face obstacles to achieving the level of cyber resilience needed to protect against, detect, and respond to attackers. About 78% of enterprise security decision makers noted that the pandemic has driven them to re-evaluate their cybersecurity strategy. In addition, only 44% of businesses have identified incident response best practices they can employ when attacked – leaving organisations more vulnerable today than ever before.

With the rapid pace of digital transformation and rising attacks, businesses also cited a lack of integrated cybersecurity solutions as a barrier to detecting, responding to, and recovering from cyberattacks and data breaches. Furthermore, Anomali’s Cybersecurity Insights Report 2022 found that organisations are only moderately effective at detecting, responding to, and recovering from cyberthreats – marking this as one of the top challenges organisations face in achieving cyber resilience. As cyberattacks become more sophisticated, it’s no longer a question of ‘if’ but rather ‘when’ an attack will occur.

Resilience readiness: The transition to cyber resilience

The accelerating pace of digital transformation due to the COVID-19 pandemic and shifting our working habits to remote work has made the push for cyber resilience relevant now more than ever. The Cyber Security Agency of Singapore has even refreshed its cybersecurity strategy to include the building of a resilient digital infrastructure as a strategic pillar.

With hybrid work arrangements becoming the norm, many people have been using a range of devices and networks to access business data and information. At the same time, the wide adoption of cloud infrastructures has increased the attack surface faster than it was growing before the pandemic, forcing organisations to transform their security posture to protect against cloud infrastructure vulnerabilities.

In light of this, there is a need for organisations to move beyond cybersecurity to cyber resilience — supplementing the ability to protect against attacks with the expertise to mitigate damage by anticipating the possible failure of security measures. With the expansion and integration of cyber ecosystems, it is becoming more important to ensure all organisations can anticipate, recover, and adapt quickly to cyber incidents.

For organisations to shift from a cyber-defensive posture to a stronger cyber-resilient position, it will require a holistic and collaborative multi-stakeholder approach. Organisations could aim to develop trust and forge partnerships within their ecosystem and create a better two-way communication between executive groups, particularly given the perception gap between business executives and security leaders on whether their organisations are secure. Both groups must engage in regular interaction and become fluent with each other’s objectives, priorities, and limitations such that cyber risk management is aligned with business decisions. Ultimately, organisations must recognise that the company’s assets are interconnected.

Threat intelligence is foundational to resilience

While cyber resilience strategies can be extensive, a good starting point is to conduct risk assessments to identify where business assets are maintained and uncover any potential vulnerabilities. This may include devices, servers, and software. Digital transformation projects, growing remote workforces, and corresponding cloud infrastructure expansion have resulted in a growing attack surface where organisations are having to increase visibility over their systems.

With that, organisations are leaning into the adoption of advanced capabilities such as threat intelligence and extended detection and response (XDR). While firewalls remain widely used for threat detection, only 48% have XDR capabilities. For organisations that have not leveraged XDR, they are at risk of costly and disruptive incidents due to their inability to break silos to converge security data and telemetry generated by security technologies they’ve deployed, including firewalls. More importantly, they struggle to aggregate intelligence data and translate it into actionable insights.

XDR solutions can help address these challenges by aggregating alerts, surfacing relevant threats, and integrating intelligence to present a timeline of events related to cyber-kill chains that improve threat detection while streamlining investigations.

Threat intelligence management solutions or platforms pull together large volumes of data gathered from multiple sources of threat intelligence into one centralised location, allowing security analysts to make informed and actionable decisions. This is particularly useful for e-commerce platforms (such as Southeast Asian firm Lazada) which are vulnerable to attacks against their payment tools, as cybercriminals find new ways to steal credit card numbers or sensitive information about customers.

With the help of threat intelligence management, merchants can collaborate within and across sectors to proactively mitigate threats and work to secure critical access points to protect personal information. These advanced cybersecurity measures can also help to identify a breach often in advance of discovering payment data was stolen and used by criminals to commit fraud.

To this end, threat intelligence management solutions help organisations shift from a reactive to a more proactive approach as organisations are able to implement safeguards and identify threats within the industry. A holistic view of the threat landscape will enable organisations to streamline their cybersecurity architecture, optimising threat detection, incident investigation, and response.

Staying ahead of the curve

Amidst an evolving threat landscape, absolute cybersecurity is impossible to achieve, making cyber resilience essential in enhancing protection against cyberthreats and attacks. Furthermore, cyber resilience strategies can be tailored to individual businesses based on their needs.

Looking ahead, organisations should focus not only on how to protect themselves against threats, but also ask how well they are protected beyond foundational security measures.