zero-trust - Tech Wire Asia https://techwireasia.com/tag/zero-trust/ Where technology and business intersect Wed, 06 Dec 2023 01:07:23 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.4 Dell Technologies sees AI, zero trust, and quantum computing leading 2024 https://techwireasia.com/12/2023/what-does-dell-foresee-for-ai-zero-trust-and-quantum-computing-in-2024/ Wed, 06 Dec 2023 01:25:34 +0000 https://techwireasia.com/?p=236101 2024 is predicted to be the year when generative AI shifts from disruption to optimization. Edge platform-centric models to rise in prevalence. Zero trust infrastructure mandates expected in 2024 across industries. The one-year anniversary of ChatGPT marks the beginning of the modern AI era, democratizing advanced AI for almost the entire global population. As 2024... Read more »

The post Dell Technologies sees AI, zero trust, and quantum computing leading 2024 appeared first on Tech Wire Asia.

]]>
  • 2024 is predicted to be the year when generative AI shifts from disruption to optimization.
  • Edge platform-centric models to rise in prevalence.
  • Zero trust infrastructure mandates expected in 2024 across industries.
  • The one-year anniversary of ChatGPT marks the beginning of the modern AI era, democratizing advanced AI for almost the entire global population. As 2024 approaches, the growing influence of AI is undeniable, yet it’s just one aspect of the broader IT industry’s evolution. All these facets are interwoven, collectively advancing the industry.

    Dell Technologies recently hosted the Visions 2024 briefing in Asia Pacific & Japan (APJ). This virtual event, led by John Roese, Dell’s global chief technology officer, and Peter Marrs, president of APJ, focused on emerging trends shaping the technology industry in 2024 and beyond. The briefing also covered Dell’s role in helping customers navigate these trends and capitalize on regional innovation opportunities.

    “AI is the center of the universe and edges are the way that you’ll put it into production. Zero trust is the way that you’ll end up securing it, and ultimately quantum will be the thing that powers it over the long term for the performance and efficiency needed to scale it into a global system,” said Roese. “Actively think of AI but do not do it independent of other architectures – this is how you’ll make sure your visions and actions align for long-term success.”

    AI at the forefront in 2024

    Roese presented four critical visions for the upcoming year, emphasizing the transition of generative AI from theory to practice. He noted that current uses of generative AI in business haven’t fully tapped its transformative potential. The year 2024 is expected to see these technologies being implemented in impactful ways in business operations.

    John Roese's outlook on pivotal tech trends for 2024 and beyond, including AI.

    John Roese’s outlook on pivotal tech trends for 2024 and beyond. (Source – Dell Technologies)

    Roese underlined the shift in focus from developing generative AI models to their practical application. He highlighted the importance of operationalizing these models through AI inference, which adds real value. Companies are now transitioning from model development to deploying these models for practical data processing.

    He pointed out that this shift prioritizes inference, requiring different infrastructure from the model training phase. Training involves extensive clusters and data centers, whereas inference focuses on efficient data processing. This shift necessitates reevaluating what effective inference infrastructure entails.

    Inference infrastructure typically involves smaller, distributed setups, often at network edges. For example, Dell’s chatbots will use regional inference capabilities, for instance in Asia Pacific, for real-time responses, rather than relying solely on centralized data centers in North America.

    2024: AI growth and security in the APJ region

    Marrs emphasized Asia’s rapid AI growth and deployment opportunities, attributing them to the region’s openness to technology, innovative spirit, and leadership in AI adoption. Asia’s innovative leadership positions are strongly suited for impactful AI deployment.

    Roese highlighted the importance of security in AI, especially for inference infrastructure. With adversaries trying to steal trained models during inference, secure architectures for inference are critical for the coming year.

    Marrs also discussed challenges in AI implementation, including bias and cultural nuances. He stressed the importance of partnership and guidance for clients to navigate these challenges effectively. Dell aims to assist customers at various stages of their AI journey.

    Lastly, Roese predicted that quantum computing will meet the high demand for computational resources in generative AI and large-scale AI applications. He foresees a hybrid quantum system, incorporating diverse compute architectures, including quantum processing units, to manage AI tasks.

    Embracing multicloud and modern edge technologies

    Roese explained that businesses have two primary options for establishing a modern edge network: developing multiple standalone edges or creating a multicloud edge platform. He advocated for the latter, suggesting that integrating the modern edge as an extension of multicloud infrastructure represents the most progressive approach.

    Marrs emphasized the central role of data in shaping the future and the importance of using it to unlock transformative business opportunities. He noted that while multicloud solutions are now widely adopted in APJ, there’s a need for deliberate strategies to enhance business agility and drive innovation.

    Zero trust: the new standard in security

    In the security ecosystem, there is an anticipation that zero trust will become central to security discussions, as it begins to manifest in reality. The industry has concluded that the only path forward involves a radical architectural shift. The preferred architecture to adopt is zero trust. Understanding anomalies is intrinsic within this infrastructure, making zero trust a topic of detailed discussion. Over the past years, there has been a growing consensus about the validity of this path forward.

    Currently, efforts are underway to actualize this concept. Project Fort Zero, announced recently by Dell, is an initiative using an architecture developed by the United States Department of Defense. “The aim is to industrialize this architecture and transform it into an offering for consumption by advanced customers worldwide, including defense departments, intelligence agencies, and governments,” said Roese.

    “The plan is to introduce this to select markets next year. This will not only be a reference architecture for zero trust but also a full implementation of advanced zero trust at a data center level, offering a repeatable blueprint that is validated and approved by the consuming governments.”

    This system, targeted at the ultra-high-end, is complex yet significant, as its existence will transform zero trust from a concept into a tangible reality.

    Governments and industries globally are adopting zero trust as a mandatory requirement, even if full implementation is not yet feasible. For instance, the US Department of Defense CIO, John Sherman, has aggressively moved all operations under the Department to zero trust, collaborating closely with Dell.

    Furthermore, Australia recently set a government-wide zero trust target, fully committing to this architecture. Similar movements are occurring in Europe and various industries. The coming year will witness early implementations of advanced zero trust systems and a progressive adoption and mandatory requirements for zero trust.

    Australia announced a huge investment in cybersecurity - AI 2024.

    Australia announced a huge investment in cybersecurity. (Source – X).

    “The prediction is that by the end of the next year, the focus within the security industry will largely be on enhancing the reality, pervasiveness, and adoption of zero trust. This marks a significant shift from the previous year, where zero trust was not a primary topic of conversation,” Roese added.

    Forging a data-driven future in APJ

    With rapid digital transformation and increasing digital maturity in APJ, Marrs sees the region as primed for significant advancements in emerging technologies. He believes that adopting an ecosystem approach in the coming year will enable collective learning and the application of best practices in technology deployment, thus maximizing impact on businesses and communities in APJ and beyond.

    Marrs spoke about the critical role of collaboration and a united ecosystem in driving technological and business advancements. He cited generative AI as an example where industry collaboration is essential for more significant achievements. Marrs advocated for building a digital unity, where collaboration leads to the realization of digitally empowered concepts. He positioned Dell as a critical facilitator in this process, uniting expertise, solutions, and partners to help customers forge a data-driven future.

    As 2024 approaches, Dell Technologies’ insights suggest a transformative year ahead, where generative AI evolves from disruption to practical optimization, edge platform-centric models gain prominence, and zero trust infrastructure becomes a mandated standard across various industries. With a focus on practical applications, security, and collaborative innovation, 2024 stands poised to be a landmark year in technology, setting new standards and opening up unprecedented opportunities for growth and advancement in the IT industry.

    The post Dell Technologies sees AI, zero trust, and quantum computing leading 2024 appeared first on Tech Wire Asia.

    ]]>
    What is network segmentation, and why is it vital in APJ organizations? https://techwireasia.com/11/2023/what-is-the-role-of-network-segmentation-in-ransomware-defense/ Wed, 22 Nov 2023 04:00:27 +0000 https://techwireasia.com/?p=235529 Network segmentation is key in fighting cyberthreats and speeding up ransomware recovery. Rising ransomware attacks prompt a shift towards microsegmentation and zero-trust security. Microsegmentation enhances network management and compliance, boosting security and efficiency. Navigating IT security’s increasingly complex challenges has become more demanding as attackers grow sophisticated, combining techniques to create frequent threats. This complexity... Read more »

    The post What is network segmentation, and why is it vital in APJ organizations? appeared first on Tech Wire Asia.

    ]]>
  • Network segmentation is key in fighting cyberthreats and speeding up ransomware recovery.
  • Rising ransomware attacks prompt a shift towards microsegmentation and zero-trust security.
  • Microsegmentation enhances network management and compliance, boosting security and efficiency.
  • Navigating IT security’s increasingly complex challenges has become more demanding as attackers grow sophisticated, combining techniques to create frequent threats. This complexity places immense pressure on security teams, especially since an online presence is vital for businesses, and a single successful breach can cause significant, sometimes irreversible, damage to reputation and revenue.

    Persistence in deploying security strategies can yield remarkable results. Segmentation, especially of critical assets, has proven to be a game-changer in defense. Organizations that have effectively segmented critical assets can contain and mitigate ransomware attacks 11 hours faster than those with minimal segmentation, crucially protecting customers, brand reputation, and revenue streams.

    Network segmentation, a strategic approach, divides a network into multiple smaller segments or subnets. Each subnet functions independently, allowing administrators to control network traffic between them. Organizations use this technique to enhance monitoring, improve performance, localize technical issues, and strengthen security.

    Network segmentation provides security personnel with a robust tool to prevent unauthorized access to sensitive customer data, corporate financial records, and confidential intellectual property. Given software-defined networking’s advent, these assets, often spread across various environments, require robust protection against attacks and breaches. Understanding network segmentation’s security implications requires considering the concept of trust in network security.

    The evolving threat landscape with ransomware

    A recent report addressing the escalating ransomware issue emphasizes the increase in incidents, the adoption of zero-trust frameworks, and microsegmentation’s advantages. While segmentation is beneficial, microsegmentation offers a more granular approach by dividing the network at the individual workload level, enhancing the network’s overall security.

    The State of Segmentation 2023 report by Akamai shows organizations globally experienced an average of 86 ransomware attacks last year, up from 43. In the Asia-Pacific-Japan (APJ) region, China and Japan reported the highest numbers, experiencing 83 and 81 attacks, respectively.

    Average number of ransomware attacks over the past 12 months by country.

    Average number of ransomware attacks over the past 12 months by country. (Source – Akamai)

    Post-ransomware attack impacts include network downtime (52%), data loss (46%), and brand reputation damage (45%). In response, security organizations increasingly adopt zero trust and microsegmentation strategies, with nearly all respondents in the APJ region deploying a zero-trust security framework alongside segmentation.

    Based on insights from 1,200 IT and security decision-makers, the report shows a regional variation in segmentation’s perceived importance. In the APAC and Americas, 62% and 60% of IT security teams and decision-makers, respectively, consider it crucial to security, compared to 53% in the EMEA region. India leads in segmentation efforts, followed by Mexico and Japan.

    Despite recognizing segmentation’s importance, its deployment in the APJ region is lower than expected, with only 36% of organizations segmenting more than two business-critical areas. The primary obstacle in APJ is the lack of skills and expertise (43%), followed by compliance requirements (42%) and performance bottlenecks (40%).

    Organizations implementing microsegmentation across six mission-critical areas reported recovering from attacks in an average of four hours. This recovery time is 11 hours faster than organizations that have implemented segmentation across only one critical area, thereby underscoring the effectiveness of a zero-trust strategy incorporating microsegmentation.

    Microsegmentation: advancing network segmentation for greater security

    Let’s delve further into microsegmentation and explore its importance.

    Microsegmentation significantly streamlines the deployment process in network management by introducing several key innovations. It starts by creating an interactive visual representation of all the connections within an environment, which is crucial for overcoming the primary challenges of deployment. This visualization offers a clear understanding of the network’s layout, simplifying the identification of critical areas that need segmentation.

    One of the notable aspects of microsegmentation is its ability to address performance bottlenecks. These bottlenecks often stem not from the technical strain on the system but from the labor-intensive process of manually segmenting business areas and troubleshooting them. By reducing the need for manual segmentation, microsegmentation alleviates the burden on the workforce, particularly in environments lacking segmentation expertise.

    Microsegmentation also offers robust technical support and professional services throughout deployment, ensuring that each organization’s unique IT requirements are met. AI-powered policy recommendations and ready-to-use policy templates for common scenarios further facilitate the deployment. This approach streamlines the workflow, minimizes the time required to establish policies, and reduces the risk of errors due to manual configurations.

    An example of the efficiency and cost-effectiveness of microsegmentation is seen in how a project, initially projected to take two years and cost over a million dollars, was completed in just six weeks with minimal staffing, cutting the total project cost by a significant margin.

    Akami shows why segmenting can hugely reduces risk - network segmentation.

    Akami shows why segmenting can hugely reduces risk. (Source – Akamai)

    How microsegmentation eases compliance

    In terms of compliance, microsegmentation is particularly effective for organizations needing to adhere to various regulatory standards such as PCI-DSS, SWIFT, Sarbanes-Oxley, HIPAA, and GDPR. These regulations often necessitate separating sensitive data from other systems, a task that traditional methods like firewalls and VLANs find restrictive.

    Microsegmentation allows for creating specific segments for sensitive data, controlling what can access that data. Visual maps offering near real-time and historical perspectives let organizations demonstrate compliance effectively. These maps show that unauthorized personnel or systems do not access protected data, providing tangible evidence of adherence to compliance mandates.

    Through these features, microsegmentation not only simplifies deployment by reducing manual effort and enhancing efficiency, but also ensures that organizations can meet stringent compliance requirements more efficiently and accurately.

    The post What is network segmentation, and why is it vital in APJ organizations? appeared first on Tech Wire Asia.

    ]]>
    The cybersecurity compliance checklist: A roadmap to cyber resiliency with Zero Trust https://techwireasia.com/10/2023/cybersecurity-compliance-checklist-framework-2023/ Fri, 20 Oct 2023 12:43:34 +0000 https://techwireasia.com/?p=234489 Modern hyper-connectivity and data proliferation is a double-edged sword: it has significantly expanded the cyber threat landscape, with more gaps and vulnerabilities available for bad actors to exploit. The rise in attacks is not only a result of the sheer amount of data and network connections but also new technologies like AI and the Internet... Read more »

    The post The cybersecurity compliance checklist: A roadmap to cyber resiliency with Zero Trust appeared first on Tech Wire Asia.

    ]]>
    Modern hyper-connectivity and data proliferation is a double-edged sword: it has significantly expanded the cyber threat landscape, with more gaps and vulnerabilities available for bad actors to exploit. The rise in attacks is not only a result of the sheer amount of data and network connections but also new technologies like AI and the Internet of Things (IoT).

    The global average cost of one of these breaches is estimated to be $4.45 million this year, which marks a 15 percent increase over the last three years. Zero-day vulnerabilities – undiscovered flaws in an application or operating system open to threat actors – are also becoming more of a concern. They are known to be one of the most valuable things a hacker can exploit.

    According to the Microsoft Digital Defense Report 2023, the number of human-operated ransomware attacks is up more than 200 percent since September 2022. This is, in part, because many attackers are choosing to skip the classic step of endpoint encryption. Instead, they exfiltrate valuable company data to extort from victims, reducing the time and effort needed to execute the attack. The cost of ransomware attacks is estimated to reach $265 billion by 2031.

    In response to these growing cyber threats, federal governments and accredited agencies worldwide have created compliance frameworks for organizations to follow. These frameworks help ensure the security of an organization’s digital infrastructure and sensitive data. Agencies often suggest guidelines for implementing robust cybersecurity measures and promote regularly auditing and updating security protocols to stay ahead of evolving threats.

    Cybersecurity

    Agencies often suggest guidelines for implementing robust cybersecurity measures and promote regularly auditing and updating security protocols to stay ahead of evolving threats. Source: Shutterstock

    Frameworks include the US National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, which helps companies manage cyber risks, with an update coming in 2024 for small businesses and higher education institutions. NIST SP 800-171 safeguards Controlled Unclassified Information, while Critical Security Controls (CSC) from the Center for Internet Security (CIS) defend against the most prevalent cyberattacks.

    The latest version of CSC specifically addresses modern threats which have emerged from the likes of cloud-based computing and remote work.

    Unfortunately, these compliance frameworks can be confusing to navigate. The language used is often ambiguous, making it difficult to determine whether the guidelines are being properly followed and which technologies are required to implement adherence. As an organization works through one compliance framework, it will likely implement software or technology that satisfies multiple – but not necessarily all – requirements from different frameworks. It can also be difficult to know which frameworks or specific guidelines are relevant to a company.

    Despite these challenges, working to follow the frameworks relevant to a company’s industry and jurisdiction is a worthwhile endeavour, given the presence of ever-advancing cyber threats. There is also no need to review each body of guidelines and governance separately, as ThreatLocker® has a comprehensive checklist that covers the guidelines the frameworks have in common. Its recommendations include:

    • Access controls
    • Antivirus/antimalware solution
    • Application controls
    • Backup system and disaster recovery plan
    • Data loss prevention
    • Encryption
    • Group health plans that protect private health information (PHI)
    • Incident response plans
    • Centralized log management
    • Network security
    • Physical security controls
    • Remote access controls
    • Follow secure coding practices
    • Secure configurations
    • Secure mobile device management
    • Training
    • Vulnerability management
    • Written policies
    Cybersecurity

    ThreatLocker’s solutions apply a true Zero Trust endpoint security model, where no entity is trusted by default. Source: Shutterstock

    Security solutions from ThreatLocker® can assist a company in meeting these requirements by providing endpoint security and application control. They are unique in that they apply a true Zero Trust endpoint security model, where no entity is trusted by default. Everything is blocked – applications, inbound internet traffic, downloads – unless an organization has specifically approved it. Gartner analysts predict that 60 percent of organizations will embrace Zero Trust as a starting point for security by 2025.

    ThreatLocker® is the only provider of Ringfencing™, an advanced application containment tool that controls what applications can do once they are running, reducing the likelihood of a zero-day vulnerability exploit and the weaponization of legitimate tools.

    To learn more about how the ThreatLocker® Endpoint Protection Platform can help your organization comply with the relevant cybersecurity frameworks and keep you ahead of threats, reach out to a Cyber Hero Team Member or book a free trial today.

    The post The cybersecurity compliance checklist: A roadmap to cyber resiliency with Zero Trust appeared first on Tech Wire Asia.

    ]]>
    The challenges of cloud computing security https://techwireasia.com/07/2023/what-are-the-cloud-computing-challenges-for-security-leaders/ Wed, 05 Jul 2023 04:00:37 +0000 https://techwireasia.com/?p=230400 Gigamon reported 93% predict more cloud breaches. 52% say boards/CISOs struggle to comprehend shared cloud security role. Cloud computing brings its own set of challenges, such as data security, compliance issues, and management of multi-cloud environments, which organizations must address as they navigate the complex landscape of hybrid cloud infrastructure. Forrester analysts report that 72%... Read more »

    The post The challenges of cloud computing security appeared first on Tech Wire Asia.

    ]]>
  • Gigamon reported 93% predict more cloud breaches.
  • 52% say boards/CISOs struggle to comprehend shared cloud security role.
  • Cloud computing brings its own set of challenges, such as data security, compliance issues, and management of multi-cloud environments, which organizations must address as they navigate the complex landscape of hybrid cloud infrastructure. Forrester analysts report that 72% of organizations are now in the hybrid cloud environment, primarily because enterprises tend to combine their private cloud with one or more public clouds for various advantages.

    With the rapid surge in cloud-based security threats and breaches, hybrid cloud security considerations have become paramount for CISOs, CIOs, and their teams.

    The Hybrid Cloud Security trends report by Gigamon paints a somewhat different picture of hybrid cloud security. Its annual survey, encompassing over 1,000 IT and security leaders globally, revealed that even though 94% of respondents believed they have total visibility and insights into their IT infrastructure, nearly one-third of security breaches go unnoticed by IT and Security professionals.

    Flexera indicates that 74% of organizations now operate in the hybrid cloud, which Forrester analysts consider the norm. However, the Gigamon survey suggests that this norm brings along its fair share of security concerns, with 93% of respondents predicting an escalation in cloud security attacks and 90% having experienced a breach in the past 18 months.

    Worryingly, 31% of breaches are detected post-incident, rather than being anticipated using security and observability tools. This issue is more pronounced in the US and Australia, with 48% and 52% of breaches, respectively, identified retrospectively.

    On a more positive note, there is an increase in IT collaboration. Globally, 96% of IT and Security leaders agree that cloud security is a shared responsibility, with almost all respondents (99%) viewing CloudOps and SecOps as pursuing a common objective. However, despite CloudOps taking the lead in strategy, a lack of security-first culture results in vulnerability detection often being confined to the SecOps team, as per 99% of respondents.

    The challenges of understanding cloud computing security responsibilities

    The increasing collaboration between CloudOps and SecOps teams is driven by the growing risks in securing hybrid cloud infrastructure. While shifting workloads to the cloud has been central to many organizations’ digital transformation strategies, traditional security and monitoring tools struggle to safeguard virtual or hybrid environments effectively.

    The lack of consensus on cloud security within IT leadership is concerning. While 30% of CISOs worldwide are confident in their ability to enhance cloud migration while maintaining security, the actual implementation teams are less assured, with only 12% expressing complete confidence.

    The disconnect between the Board/CISOs and other IT and Security leaders is further exacerbated by over half of global respondents (52%) asserting their boards are still unfamiliar with the shared responsibility model for cloud security.

    Cloud computing security challenges is a responsibility of all.

    The Board’s full understanding of the shared responsibility model inherent to cloud computing. (Source – Gigamon)

    This misunderstanding is particularly prevalent in Australia and the US, with a significant percentage of IT and Security leaders in these countries concerned about their boards’ understanding of the model. This disparity between global perceptions and the reality of cloud security responsibility presents a significant risk.

    Ian Farquhar, the security CTO at Gigamon, suggests that these findings underscore significant visibility gaps from on-premises to cloud environments, a threat that many IT and Security leaders seem to underestimate.

    “Many don’t recognize these blind spots as a threat, yet East-West traffic – laterally moving data – and encrypted traffic can be incredibly dangerous in the hybrid cloud world,” said Farquhar. “We’ve seen previous reports that highlight the vast quantity of malware that hides behind encryption. Considering over 50 percent of global CISOs are kept up at night by the thought of unexpected blind spots being exploited, there’s seemingly not enough action being taken to remediate critical visibility gaps.”

    Prioritizing the zero trust journey

    The Gigamon report identifies zero trust as another priority for IT and Security leaders. Notably, discussions about zero trust at the board level are increasing, with 87% of global respondents saying their boards openly discuss it. This represents a 29% increase from 2022.

    Mark Jow, EMEA CTO at Gigamon, suggests that while the implementation of Zero Trust is still an ongoing process for many organizations, it’s encouraging that at least half of the IT and Security leaders surveyed consider it crucial for enhancing their security posture, and appreciate the importance of visibility.

    “Deep observability and going beyond traditional MELT approaches is crucial if organizations are to advance successfully on their zero trust journeys, securing their hybrid cloud infrastructure and eradicating the critical visibility gaps that are clearly causing headaches and restless nights,” Jow mentioned.

    The post The challenges of cloud computing security appeared first on Tech Wire Asia.

    ]]>
    Why are organizations still struggling with implementing zero trust? https://techwireasia.com/06/2023/why-are-organizations-still-struggling-with-implementing-zero-trust/ Thu, 15 Jun 2023 03:13:09 +0000 https://techwireasia.com/?p=229716 Organizations have been implementing zero trust as an additional security framework since before the COVID-19 pandemic. However, its adoption peaked during the pandemic as organizations needed to have better visibility over who was accessing their networks, especially with remote work conditions still ongoing, Zero trust takes a more proactive and granular approach to security. It... Read more »

    The post Why are organizations still struggling with implementing zero trust? appeared first on Tech Wire Asia.

    ]]>
    Organizations have been implementing zero trust as an additional security framework since before the COVID-19 pandemic. However, its adoption peaked during the pandemic as organizations needed to have better visibility over who was accessing their networks, especially with remote work conditions still ongoing,

    Zero trust takes a more proactive and granular approach to security. It assumes that both internal and external networks are not inherently secure and that all access requests should be carefully evaluated and verified before granting permission. Simply put, it focuses on the principle of not trusting any entity by default, whether it’s a user, device, or network component, regardless of whether they are inside or outside the organization’s network perimeter.

    According to a Forrester report titled “The State Of Zero Trust Adoption In Asia Pacific,” organizations in APAC are starting to realize the benefits that zero trust offers, with 71% of APAC business and technology professionals saying that their organization will adopt zero trust edge in the next 12 months or have plans to do so.

    The report also indicates that APAC has now overtaken Europe in zero trust implementation. APAC CISOs now have a deeper understanding of what zero trust is and acknowledge that it encompasses far more than just identity or micro-segmentation tools. Security leaders in APAC are also now typically looking to their competitors and other brands to evaluate whether zero trust adoption is right for them.

    Interestingly in 2022, CISOs were much more willing to lead zero trust adoption rather than wait for their peers as they now see the benefits and opportunities in being the first to adopt, such as being seen as innovators, reaping business benefits, and allowing their teams to work with new solutions.

    The challenges in implementing zero trust

    zero trust

    Abbas Kudrati, Microsoft Asia’s Chief Cybersecurity Advisor (Source – Microsoft)

    Tech Wire Asia caught up with Abbas Kudrati, Microsoft Asia’s Chief Cybersecurity Advisor to get his views on the implementation of zero trust in organizations as well as the challenges CISOs are facing today in cybersecurity.

    “Based on my experience after speaking to organizations around the world, many companies have started their zero trust journey but they have stopped halfway or failed in between. This is because they make zero trust implementation in an IT or security project. In my opinion, zero trust is actually a business project. You are helping the business move into a zero trust architecture model,” said Kudrati, who also authored a book on the topic, Zero Trust Journey across the Digital Estate.

    Kudrati highlighted that when implementing zero trust, businesses need to bring on board different parts of the organization into the team. This includes the legal team and a HR team as they will now changing how people are going to work. There also needs to be a team to assess the end-user experience to ensure that there is a good framework in place or the entire implementation may fail.

    For example, businesses can’t just implement multi-factor authentication. There needs to be a process on how this can be enacted and where the authentication should be. Kudrati also suggested businesses consider going passwordless for some applications.

    Secondly, businesses don’t do an initial maturity assessment to identify gaps or assess solutions that they already have which can be used for a zero trust implementation. Most businesses only realize this halfway into their zero trust journey. They then realize they actually have a product that can be used in their zero trust architecture. This can disrupt the implementation process.

    “Many organizations are taking the risk-based approach. By taking a risk-based approach, businesses can identify risks that they want to focus on. And by doing this new architecture, they’re able to focus on these risks. For example, addressing phishing concerns as the main risk in the business. Businesses can look at how phishing emails are coming in, which identities are being targeted and such. They can also look at the amount of protection in place and consider new security approaches like multi-factor authentication and such,” added Kudrati.

    via GIPHY

    It’s all about planning

    Kudrati also pointed out that the project manager of zero trust needs to be agile. If a business wants to launch a new application, they most likely not going to wait for the zero trust implementation. An agile project manager needs to know how they can implement a secure online application online on the cloud while still meeting zero trust principles.

    One example is Celcom Axiata in Malaysia.  The company took an identity-centric approach and was the first organization in Southeast Asia to enable passwordless access.

    By utilizing facial recognition or fingerprint matching to verify identity on the employee’s device, optimal usability is achieved, especially for the company’s employees who are constantly on the go. The biometric Windows Hello for Business sign-in system ticked all the right boxes for its workforce of more than 12,500 employees. Beyond that, the combination of biometric and multifactor authentication creates a greater sense of awareness, therefore adding barriers to bad actors.

    “Going passwordless is not something businesses can start in a month. It’s a cultural shift. But the user experience at Celcom Axiata was awesome. They hit the main milestone of an identity-centric project that was zero trust by doing passwordless. They are now in the second phase of their strategy, whereby they are working on how to move forward and get mature. This is a never-ending project. It’s a journey,” explained Kudrati.

    The CISO

    Zero trust, AI in cybersecurity, supply chain security – all these would fall under the purview of the Chief Information Security Office or CISO. Responsible for developing and implementing all these security procedures and policies, many CISOs are still finding the role to be increasingly challenging, especially when they have limited capabilities.

    Kudrati believes organizations need to give enough authority and power to the CISO. They need to be able to make changes – from how cybersecurity is implemented to the processes in securing the supply chain.

    “The problem is most CISOs don’t even have access to the CEO or board members. These are the people they need to show and inform the risks and the odds they are fighting against. Not having the right authority and visibility for the security team is one of the biggest challenges. Most organizations always think from the cost point of view. And while that is important, the CISO needs to explain to them how they can reduce the cost of the security operation, and do more with less,” said Kudrati.

    At the same time, the regulations come into play as well. While the GDPR in Europe is going down hard on organizations, it’s a different scenario in this part of the world. In Malaysia for example, organizations don’t really come forward to report breaches. The information provided can be beneficial for other organizations to deal with threats. But it is not happening.

    Meanwhile, in Australia, the Optus data breach sent a huge shockwave across the country. Not only did companies begin taking cybersecurity measures more seriously, but the authorities have also implemented stricter rules in managing data, within a short period of time since the breach occurred.

    “There was damage reputation to Optus but their input has helped hundreds of other organizations within the country to be vigilant. They share who are the attackers, how they exploited APIs and organizations started looking into their API security. That’s the power of communication,” concluded Kudrati.

    The post Why are organizations still struggling with implementing zero trust? appeared first on Tech Wire Asia.

    ]]>
    Zero trust priorities for Singapore companies: Bridging the privilege gap https://techwireasia.com/02/2023/zero-trust-priorities-for-singapore-companies-bridging-the-privilege-gap/ Tue, 21 Feb 2023 07:38:37 +0000 https://techwireasia.com/?p=226248 The increasing prevalence of remote work in Singaporean companies has made protecting sensitive data more critical.

    The post Zero trust priorities for Singapore companies: Bridging the privilege gap appeared first on Tech Wire Asia.

    ]]>
    The increasing prevalence of remote work amongst Singaporean companies has made protecting sensitive data more challenging than ever. In addition, digital transformation has amplified the potential for security breaches and risks, allowing malicious actors to exploit vulnerabilities and cause significant business disruptions. To counter these threats, organizations are adopting zero-trust to enhance their cybersecurity measures and minimize the impact of potential attacks.

    However, a recent BeyondTrust survey suggests that more than half of businesses in Singapore are still at risk of privilege escalation attacks due to inadequate privilege management. This significant gap between companies’ perceived and actual preparedness underscores the importance of ensuring that zero trust fundamentals are implemented effectively to address security risks in modern work environments.

    Find out more on how Singapore organizations are progressing in their zero trust adoption journey.

    Source: Shutterstock

    Zero trust is a security model that assumes that all networks, devices, and users are untrustworthy by default. Under the zero trust model, every new or changed access request to a network or device must be verified, even if the user has already been authorized to access the network or device. Despite 88% of IT leaders in Singapore believing zero trust is vital to their organization’s cybersecurity strategy, the BeyondTrust survey found that most companies have not adequately addressed what it terms ‘the privilege gap.’

    The privilege gap refers to the excessive access that users in an organization have beyond what is required to perform their jobs. 54% of IT leaders believe that users in their organization have excessive privileges. This finding is a significant concern, as privilege escalation attacks are among the most common cyberattacks. These attacks occur when a hacker gains access to an account with privileges that allow them to access more sensitive data or take control of a system. In fact, past data from Forrester Research has shown that privileged credentials were implicated in 80% of data breaches.

    Proactively preparing for cybersecurity challenges

    Source: Shutterstock

    In the increasingly “perimeter-less” environment, companies must implement zero trust fundamentals, including privileged access management and secure remote access. As more than half (59%) of surveyed Singapore companies are embracing remote access by third parties, securing the remote workforce has become a significant challenge for IT leaders, with 75% finding it challenging. 69% of IT leaders also find it difficult to provide secure remote access for third parties, putting that aspect of their zero trust posture at risk.

    Organizations can implement the principle of least privilege to address these challenges and enhance the system’s overall security. This ensures that users are only granted access to the resources required for their specific job functions with the right amount of privileges for the right amount of time to complete their tasks effectively. By implementing the principle of least privilege, organizations can reduce the potential for privilege escalation attacks and ensure compliance with data protection regulations. Implementing the principle of least privilege also improves the security of remote setups and empowers organizations to better manage their remote workforce and third party access.

    As IT leaders in Singapore prepare for cybersecurity challenges over the next 12-18 months, increasing their implementation of zero trust should continue to be a key priority. By proactively addressing the privilege gap and implementing zero trust fundamentals, companies can better protect their sensitive data, improve their security posture, and ensure compliance with data protection regulations. The BeyondTrust survey highlights the importance of taking a proactive approach to privilege management and implementing zero trust fundamentals.

    Prioritizing the right tools and practices for zero trust implementation

    Implementing zero trust requires various tools and practices, and prioritizing which areas to focus on can present a challenge. With so many different aspects to consider, organizations may struggle to identify which areas are critical to their zero trust initiative. For example, segmentation is an essential tool for preventing attackers from having unfettered access to corporate resources, yet some organizations may overlook it in favor of other initiatives. As a result, these organizations may not operate under an “assume breach” mindset, which could hinder their zero trust efforts.

    Ultimately, the success of a zero trust initiative depends on an organization’s ability to prioritize and implement the right tools and practices to support the framework.

    To support their zero trust initiatives, companies can turn to the likes of BeyondTrust, a provider of intelligent identity and access security solutions. BeyondTrust provides several ways to enhance cybersecurity measures, such as inventorying all privileged assets, applying least privilege controls, and enforcing adaptive and just-in-time access controls based on the context in real time.

    By implementing these solutions, companies can eliminate blind spots, spotlight shadow IT, control access points, and reduce the potential for privilege escalation attacks. Click here to find out more

    The post Zero trust priorities for Singapore companies: Bridging the privilege gap appeared first on Tech Wire Asia.

    ]]>
    Dell’s four new year resolutions for CIOs https://techwireasia.com/12/2022/dells-four-new-year-resolutions-for-cios/ Wed, 14 Dec 2022 00:00:03 +0000 https://techwireasia.com/?p=224233 For CIOs, New Year resolutions provide an opportunity to look at their tech decisions and see where they can improve. As such, while most tech companies focus on predictions for the new year, Dell Technologies has taken a different approach. This year, the tech giant outlined four resolutions it feels businesses should take note of... Read more »

    The post Dell’s four new year resolutions for CIOs appeared first on Tech Wire Asia.

    ]]>
    For CIOs, New Year resolutions provide an opportunity to look at their tech decisions and see where they can improve. As such, while most tech companies focus on predictions for the new year, Dell Technologies has taken a different approach. This year, the tech giant outlined four resolutions it feels businesses should take note of next year if they want to remain competitive and protect their organization in the future.

    Speaking at a media briefing, John Roese, Global Chief Technology Officer at Dell Technologies, shared New Year’s resolutions for CIOs and organizations to commit to make the most of emerging technologies in 2023 and highlighted how digital solutions will shape the future of society in APJ.

    The four resolutions are:

    • Resolution 1 – I will not use the cloud without understanding the long-term cost
    • Resolution 2 – I will define my zero-trust control panel
    • Resolution 3 – I will determine where to first deploy quantum-safe cryptography and I will establish early skill sets to take advantage of quantum
    • Resolution 4 – I will decide what my multi-cloud edge architecture needs to be.

    The first resolution highlights a common problem businesses are facing in their cloud adoption today. In fact, Roese believes that managing the long-term costs of cloud and deciding nature of multi-cloud edge architecture are amongst the top CIO priorities for 2023. Organizations can no longer afford to be over budget due to inefficient distribution IT capabilities on the cloud and it is important to understand long-term architecture planning and the costs involved.

    “Cloud adoption has often been driven by tech or emotional decisions and not driven by the understanding of actual cost in long term. We’re not saying don’t use cloud, but over the past year there have been conversations with CIOs who were surprised by the cost of cloud services. This indicates an immature multi-cloud strategy when they realize the bill is high,” stated Roese.

    John Roese, Global Chief Technology Officer at Dell Technologies

    The second resolution is about empowering customers and partners to align their cybersecurity strategy across the data center, clouds, and at the edge. Roese states that it is important for organizations to understand the Zero-Trust control plane to achieve consistent identity, policy, and threat management for the total enterprise. Zero Trust will become an essential cornerstone of data security and trust in this multi-cloud world.

    “If you want to make zero trust work, it is critical that all infrastructure is under the same security control plane for identity and trust management. However, most businesses have several that interlap. They need to define the control plane for zero trust. Choose what it will be and commit to using it over every cloud, and don’t have multiple systems. Just look to have one authoritative control plane,” explained Roese.

    The next resolution is focused on determining quantum-safe cryptography risks for the organization and establishing early skill sets to take advantage of quantum computing. For Roese, quantum computing is getting real and soon there’ll be access to large enough quantum systems to pose risks to encrypted data across public networks. He believes organizations can use current tools to protect quantum data through cataloging cryptographic assets and identifying threats, then invest in quantum simulation and enable data science and AI team to learn new languages and capabilities of quantum.

    The final resolution for 2023 is that technology will continue to be pivotal to driving the future of society in APJ. APJ’s technology growth is expected regardless of the macroeconomic climate, hence it is important to think about how we can harness technology better. Roese added that technology has the potential to advance economic well-being and equality, but it also comes with the importance of creating connected, digitally powered societies for all.

    “We are in the multi-cloud era. The fact that most customers struggle with the economics of cloud, the smartest thing they can do right now is to be aware of the cost of their decisions. All four are resolutions that can be made without significant investments.

    We’re entering a complex economic cycle, but we are ready for it. Businesses need to prepare and make decisions without a huge investment and be prepared for emerging tech and get the best value out of a multi-cloud environment. It’s not hard to do and if you do them, you will get significant improvement to navigate the multi-cloud world,” concluded Roese.

    The post Dell’s four new year resolutions for CIOs appeared first on Tech Wire Asia.

    ]]>
    Will 2023 see the death of passwords and rise of the Chief Zero Trust officer? https://techwireasia.com/12/2022/will-2023-see-the-death-of-passwords-and-rise-of-the-chief-zero-trust-officer/ Mon, 12 Dec 2022 00:30:52 +0000 https://techwireasia.com/?p=224129 The last month of 2022 will always see tech companies offering predictions on their expectations for the industry in the new year. Oftentimes, most of these predictions tend to be on point, especially when it comes to issues regarding cybersecurity. For most tech companies, the two main areas for 2023 predictions are focused on cloud... Read more »

    The post Will 2023 see the death of passwords and rise of the Chief Zero Trust officer? appeared first on Tech Wire Asia.

    ]]>
    The last month of 2022 will always see tech companies offering predictions on their expectations for the industry in the new year. Oftentimes, most of these predictions tend to be on point, especially when it comes to issues regarding cybersecurity.

    For most tech companies, the two main areas for 2023 predictions are focused on cloud adoption and cybersecurity. True enough, both these verticals continue to see heavy innovations every year, especially with more businesses embracing the cloud and cybersecurity issues becoming more rampant.

    Interestingly, for John Engates, Field CTO at Cloudflare, there are four main areas in his 2023 predictions. Engates believes these four predictions would pretty much set the tone for organizations going forward, especially as they look to embrace more technology. This includes new takes on passwords, the cloud and even the establishment of a chief zero trust officer.

    The rise of the Chief Zero Trust officer

    In ‘The Journey to Zero Trust’ survey commissioned by Cloudflare, markets like Malaysia and Australia were found to have at least a 75% adoption of Zero Trust. When governments and organizations need to move quickly and cut across organizational boundaries, they often appoint a czar to take charge of a particular program and see it through to implementation or execution.

    “As pressure to implement zero trust intensifies, I predict that a role analogous to a Chief Zero Trust Officer will emerge within some large organizations. This person will be the zero trust czar for the enterprise and will be the individual responsible for driving a company on its zero trust journey. Their job will be to bring together siloed organizations and vendors and ensure that all teams and departments are aligned and working toward the same goal.

    If resistance is encountered, the zero trust czar should have the backing of senior leadership (CIO, CISO, CEO, Board of Directors) to make decisions quickly and cut across organizational boundaries to keep the process moving ahead. Whether the very bold title of Chief Zero Trust Officer becomes reality or not, an empowered individual with a clear mandate and a singular focus may just be the key to getting zero trust across the finish line in 2023,” explained Engates.

    2023 sees the death of “The Password”

    Phishing attacks continue to be a significant problem for companies around the world. Even with regular security awareness training, users will eventually click the wrong link and fall victim to an attack. And unfortunately, most cyber attacks begin with a phishing email.

    Engates highlighted that Cloudflare itself was attacked this year by a sophisticated, targeted SMS-based phishing attack. A total of 76 Cloudflare employees received the phishing link in text messages on their phones. Three employees fell for the attack and clicked the link and entered their credentials.

    “But unphishable, multi-factor authentication in the form of FIDO2-compliant security keys in conjunction with zero trust access prevented the attacker from breaching our systems. Other companies that used less secure time-based one-time passwords (TOTP) weren’t as lucky, and many were breached by the same attackers,” said Engates.

    For Engates, username and password authentication even when combined with common forms of multi-factor authentication is just not enough anymore. Enterprises can enable stronger FIDO2-compliant security keys along with zero trust access today if they’re using a system like Cloudflare’s to make it much tougher on attackers.

    “But the best way to protect most users and their credentials may be to remove the burden on the end-user altogether. The FIDO alliance envisions passwordless sign-in everywhere. Logins will use your face or fingerprint instead of the old username-password combo. A FIDO sign-in credential sometimes called a “passkey”, will make it easier on users and harder on the attackers. If there’s no password to steal, hackers won’t be able to harvest credentials to carry out their attacks. We predict many websites and applications will adopt passwordless login using the FIDO Alliance passkey standard beginning in 2023,” added Engates.

    (Source – Shutterstock)

    The cloud takes on compliance

    With governments around the world rolling out new privacy regulations, companies must now understand and comply with this patchwork of regulations as they do business globally. As such, how can organizations hope to stay current and build compliance into their applications and IT systems?

    “We believe the majority of cloud services will soon come with compliance features built in. The cloud itself should take the compliance burden off companies. Developers shouldn’t be required to know exactly how and where their data can be legally stored or processed. The burden of compliance should largely be handled by the cloud services and tools developers are building with. Networking services should route traffic efficiently and securely while complying with all data sovereignty laws. Storage services should inherently comply with data residency regulations. And processing should adhere to relevant data localization standards,” stated Engates.

    Remote browsers resolve device complaints

    Security policies, privacy laws, and regulations require all companies to protect their sensitive data; from where it’s stored and processed, to where it’s consumed in end-user applications. In the past, it was relatively straightforward to fully control end-user devices because they were often issued by and dedicated to company use only. But with the increasing use of personal smartphones and tablets, the bring-your-own-device (BYOD) trend has been picking up steam for several years and was even more readily embraced during the various stages of the global pandemic.

    “Looking ahead, we believe that this pendulum of BYOD will swing back toward tighter security and more control by the IT organization. The need to consistently enforce security policies and privacy controls will begin to outweigh the sense of urgency and demand for convenience we encountered during the last few years. But because so much of our digital lives live in a web browser, this control may take a different form than in the past. This new form will mean more control for IT administrators AND a better user experience for employees,” Engates said.

    Browser Isolation is a clever piece of technology that essentially provides security through physical isolation. This technique creates a “gap” between a user’s web browser and the endpoint device thereby protecting the device (and the enterprise network) from exploits and attacks. Remote browser isolation (RBI) takes this a step further by moving the browser to a remote service in the cloud. Cloud-based remote browsing isolates the end-user device from the enterprise’s network while fully enabling IT control and compliance solutions.

    “Some say in this remote browsing model that “the browser is the device.” Instead of BYOD, it might be appropriate to call this “BYOB” or Bring Your Own Browser. Most companies are looking to better balance the security and privacy needs of the company with the user experience and convenience for employees. At Cloudflare, we use our remote browser isolation in conjunction with zero trust access to protect our users and devices. It’s completely transparent to users and strikes a perfect balance between security and user experience. We believe remote browser isolation will be embraced broadly as IT leaders become more aware of the benefit and just how well it works,” concluded Engates.

    The post Will 2023 see the death of passwords and rise of the Chief Zero Trust officer? appeared first on Tech Wire Asia.

    ]]>
    Urgent need for organizations to adopt identity security for cyber defense https://techwireasia.com/11/2022/urgent-need-for-organizations-to-adopt-identity-security-for-cyber-defense/ Mon, 07 Nov 2022 23:30:52 +0000 https://techwireasia.com/?p=223171 Article by Lim Teck Wee, Head of ASEAN, CyberArk  In the past few months and years during the pandemic, we have been reminded of the need to adopt safe password practices and train employees not to click on phishing links. Cybersecurity has come to the forefront and is once again in the spotlight during the... Read more »

    The post Urgent need for organizations to adopt identity security for cyber defense appeared first on Tech Wire Asia.

    ]]>
    Article by Lim Teck Wee, Head of ASEAN, CyberArk 

    In the past few months and years during the pandemic, we have been reminded of the need to adopt safe password practices and train employees not to click on phishing links. Cybersecurity has come to the forefront and is once again in the spotlight during the Singapore International Cyber Week (SICW).

    Singapore’s Senior Minister and Coordinating Minister for National Security, Teo Chee Hean, announced plans to develop the next-generation National Cyber Security Centre (NCSC), which will feature tighter integration with Critical Information Infrastructure (CII) owners and Sector Leads which includes the government, healthcare, banking and finance and Infocomm. A new inter-agency task force was also formed to help businesses and research and educational institutions in Singapore to protect themselves against ransomware.

    Lim Teck Wee, Head of ASEAN, CyberArk

    As evident from numerous data breaches, organizations that hold significant volumes of personally identifiable information (PII) are attractive targets for attackers. Furthermore, with geopolitical tensions now being played out in the cyber realm, organizations involved in matters of national security and critical infrastructure are even more likely to be targeted. Hence, it is non-negotiable that security capabilities be stepped up to secure sensitive operations and data. On top of that, organizations are finding it hard to strike a balance between ensuring secure access and providing a seamless user experience for increased productivity and efficiency.

    One of the most essential components of boosting cyber resilience is identity security. Identities – both human and machine – that are not properly secured can act as a gateway for attackers to compromise systems. Identity security enforces Zero Trust by providing all identities with the least privilege and just-in-time access to the right resources needed to fulfil their duties without causing friction and compromising their user experience.

    The importance of a Zero Trust strategy was echoed by Singapore’s Communications and Information Minister, Josephine Teo, at the Tallinn Digital Summit. The minister stressed a need to shift our cybersecurity posture from emphasizing preventative measures to an “assume breach” mindset as well as putting an equal focus on recovery to build resilience in Singapore’s cybersecurity systems.

    Reinforcing key workforce risk areas through identity security 

    Securing identities is about focusing on five key areas, securing them with practical identity-centric defensive layers from being exploited by threat actors. They include:

    • Weak and disruptive authentication mechanisms. Data breaches typically happen because of compromised passwords or credentials, making single-factor authentication an ineffective strategy for securing company resources. Multi-factor authentication (MFA) has become the baseline for verifying user or device identity. However, attackers are finding new ways to circumvent MFA policies such as tampering with QR codes, hijacking cookies or “fatiguing” the user with MFA bombing. Behavioral analytics can help organizations understand their user’s access patterns and identify risk behaviors so that users do not have to go through extra authentication layers unless necessary. If the smart controls detect suspicious activity, they can take action by presenting additional authentication mechanisms and shutting attackers out if they fail.
    • Unprotected endpoints. Poorly guarded endpoints with no identity security, including desktops and servers, can act as a gateway for attackers to steal credentials and exploit over-privileged accounts. To counter this problem, organizations need to use an adaptive form of MFA with endpoint privilege accounts to secure access for devices and machines that are using the organization’s resources.
    • High-risk business applications. With users having access to multiple applications containing sensitive data, there is a risk of users misusing or abusing their access to attack systems. Implementing security controls can help IT teams monitor, record and audit users after authentication. This enhanced visibility can benefit security teams on many fronts.
    • Third-party vendors. External vendors can act as extensions for organizations’ operations and they will have admin-level access to internal systems. However, they can also represent an attack vector that requires just as much attention as internal users. To secure third-party users, organizations can implement third-party privileged access vetting and monitoring to assess their risk levels, even if they are using their own devices to access the systems.
    • Credentials outside of single sign-on. Users are finding it difficult to manage different passwords and credentials to access various programs and services. Simultaneously, these credentials are stored in unsecured locations or shared with colleagues, which can increase the risk of identity compromise. To account for credentials that are outside the system, organizations and agencies need to store them inside enterprise-level, vault-based storage protected by strong privilege controls. This way, users will be able to retrieve their credentials quickly and securely in order to fulfil their duties.

    In the face of increasing cyberattacks, it’s now a must for organizations to establish a proactive cybersecurity program. Identity security is an important discipline to keep critical data and operations protected. With this approach in place, organizations to which we entrust our personal information stand the best possible chance of protecting it in the face of attacker innovation.

     

    The views in this article is that of the author and may not reflect the views of Tech Wire Asia

    The post Urgent need for organizations to adopt identity security for cyber defense appeared first on Tech Wire Asia.

    ]]>
    What makes operational technology organizations in Singapore vulnerable to intrusion? https://techwireasia.com/10/2022/what-makes-operational-technology-organizations-in-singapore-vulnerable-to-intrusion/ Tue, 25 Oct 2022 00:00:33 +0000 https://techwireasia.com/?p=222761 12% of respondents in Singapore have achieved centralized visibility of all OT activities Singapore has been investing in securing operational technology through training cybersecurity professionals and the OT Cybersecurity Competency Framework Operational technology (OT) is just as vital to the economy and people’s daily lives, even though it is less apparent than information technology (IT)... Read more »

    The post What makes operational technology organizations in Singapore vulnerable to intrusion? appeared first on Tech Wire Asia.

    ]]>
  • 12% of respondents in Singapore have achieved centralized visibility of all OT activities
  • Singapore has been investing in securing operational technology through training cybersecurity professionals and the OT Cybersecurity Competency Framework
  • Operational technology (OT) is just as vital to the economy and people’s daily lives, even though it is less apparent than information technology (IT) in most enterprises and most definitely in public perception. After all, OT systems manage the critical infrastructure on which everyone relies, including transportation networks, fuel pipelines, power plants, and water and sewage systems.

    Threat actors have taken note of this trend and are closely monitoring OT systems. Over the past ten years, OT systems have seen a growth in cyberattacks, partly because of their greater susceptibility to attacks from outside the system.

    Attacks against OT infrastructure are getting worse, more frequent, and more significant. Like the colonial pipeline catastrophe and the JBS USA meat producer incidents that occurred last year in 2021. And this year, the attacks on Kojima Industries, a supplier of Toyota parts, have an impact on 28 production lines.

    “Throughout the years, you can see things like traffic lights could get hacked, and power plants could get knocked offline. These impacts are getting from simple ransomware to things that could cause harm. In OT, this is where malware is created, specifically to cause damages, harm or even death,” said Jonathan Chin, Business Development Manager, Cybersecurity OT at Fortinet.

    In fact, these attacks on OT infrastructures seriously harmed business operations.

    The operational technology (OT) industry in Singapore was the subject of a Fortinet study, “2022 State of Operational Technology and Cybersecurity”, which found that more than nine out of ten OT firms there were affected and that 88% of them lost data and experienced productivity-reducing operational outages.

    Additionally, 94% of organizations said that their cybersecurity activities do not have total visibility, implying they are unaware of the risks in their networks. With 64% of respondents having a high level of concern compared to other incursions, ransomware emerged as the largest concern.

    Key findings of the report also showed that security threats are rising because of OT activities’ lack of centralized visibility. Only 13% (Singapore: 12%) of respondents have consolidated visibility of all OT activities, according to the Fortinet study for the world. Only 52% of firms can also track all OT activities from the security operations center (SOC).

    At the same time, organizations’ productivity and bottom lines are dramatically affected by OT security intrusions. According to the survey, 93% (Singapore: 86%) of OT firms had at least one intrusion in the previous 12 months. Hackers, malware, and phishing emails were the top 3 intrusion types that Singaporean firms encountered.

    Interestingly, the ownership of OT security varies amongst enterprises. The Fortinet research states that OT security management falls under a variety of mostly director or manager responsibilities, ranging from the Manager of Manufacturing Operations to the Director of Plant Operations.

    Overcoming operational technology security challenges

    The Fortinet report included a guide on how businesses might boost their entire security posture and address the vulnerabilities in OT systems. Organizations can deal with their OT security challenges by:

    • Implementing Zero Trust Access to stop breaches. As more industrial systems are connected to the network, Zero Trust Access solutions ensure that anyone, any device, or any application without the right credentials and permissions is prevented from accessing crucial assets.
    • Putting in place systems that give OT operations centralized visibility. To ensure that enterprises improve their security posture, centralized, end-to-end visibility of all OT activities is essential.
    • Combining security tool suppliers for cross-environment integration. Organizations should strive to combine their OT and IT solutions across a smaller number of providers to reduce complexity and achieve consolidated visibility of all devices.
    • Implementing technology for network access control (NAC). Organizations with a NAC in place, which ensures that only authorized users may access certain systems essential for protecting digital assets, were more likely to have avoided incursions in the previous year.

    “Singapore has been investing in securing operational technology through training cybersecurity professionals and the OT Cybersecurity Competency Framework, as highlighted by Minister for Communications and Information Mrs. Josephine Teo. We believe enhanced collaboration between the public and private sectors, supported by suitable security tools investments, will better position Singapore to manage future OT cyber-attacks,” said Jess Ng, Country Head, Fortinet Singapore & Brunei.

    The post What makes operational technology organizations in Singapore vulnerable to intrusion? appeared first on Tech Wire Asia.

    ]]>