The battle against cyber threats is set to intensify as we move into 2022.

Just this year alone, Akamai’s threat research team analysed over 300TB of new attack data daily and saw record-breaking highs in distributed denial of service (DDoS), credential abuse, and application-layer attacks.

We can expect those figures to increase if organisations and end-users alike do not take cybersecurity seriously as our world becomes more connected. “The bad actor of 2022 does not look like a bad actor anymore – the line between what is real and what is fake will become impossible to decipher. With people no longer able to differentiate and data co-mingled on devices, everyone – especially consumers – will be attack vectors,” says Steven Gan, country manager for Southeast Asia at Qualys.

Trends such as the rise of the API (application programming interface) economy and cryptocurrency could also introduce vulnerabilities and fuel cybercrimes, respectively.

APIs are necessary for organisations to be more connected and collaborate with others. “However, the lack of security at the API level creates an entryway for cybercriminals to carry out identity theft, fraud, and unauthorised data collection,” notes Ian Lim, field chief security officer, Asia Pacific, Palo Alto Networks.

See also: <a class='gtm_see_also_1_inread' style='text-decoration: underline;' href='/digitaledge/focus/putting-consumer-safety-forefront-every-retailers-agenda?utm_source=website&utm_medium=article&utm_campaign=ONPAGESEO'>Putting consumer safety at the forefront of every retailer's agenda</a>

He adds that the meteoric rise of bitcoin will create a well-funded adversary. “It is no secret that cryptocurrency fuels the ransomware economy, and its continued appreciation will only spell good news for cybercriminals. Cybercriminals who have received ransom payments in cryptocurrency will have more funds and resources to launch bigger attacks on businesses and critical infrastructure. These funds can also be used to anonymously incentivise malicious insiders.”

Since we can’t escape from cyber threats, here are five things organisations in Asia Pacific (APAC) can do to defend against and respond to them, according to industry leaders.

1. Ensure IoT devices and connections are secure

More APAC businesses will adopt technologies like edge computing and Internet of Things (IoT) to enhance their operations, serve their customers better and support hybrid work arrangements. However, this widens the attack surface available to cybercriminals. “[As such,] secure connectivity will be critical in this new reality, to enable today’s digital interactions and power new, engaging digital experiences in the future,” says Narinder Kapoor, senior vice president and managing director for APAC at Hewlett Packard Enterprise.

See also: <a class='gtm_see_also_2_inread' style='text-decoration: underline;' href='/digitaledge/focus/scaling-asias-infrastructure-drive-sustainability-agenda?utm_source=website&utm_medium=article&utm_campaign=ONPAGESEO'>Scaling up Asia's infrastructure to drive up sustainability agenda</a>

Keeping up with the vulnerabilities introduced by IoT devices will continue to be challenging as there has not been enough emphasis on security in fundamental IoT device designs, according to Mandiant. Organisations must therefore take the initiative to update their devices as soon as fixes for newly discovered IoT vulnerabilities are released.

As adoption of IoT and hybrid work will result in massive amounts of data being generated at the edge, APAC companies should look at ways to better manage and protect those data.

“Data at the edge will also require the same enterprise-class protection as in the data centre, but cost and space constraints can get in the way. To overcome this, organisations will need to adopt optimised data protection solutions that can be deployed at the edge, send backup data directly to the cloud, and be managed centrally through a single data protection platform,” says Andy Ng, vice president and managing director for Asia South and Pacific Region at Veritas Technologies.

For organisations looking for ease of maintenance and flexibility, he adds, they can utilise Storage-as-a-Service to address their data security and protection requirements while including options for resilient backup and recovery.

Besides that, he advises businesses to adopt good data management hygiene by creating a policy for information sharing, especially for sensitive information, as well as train all employees on the policies and tools being deployed, to reduce accidental policy breaches.

3. Adopt zero trust security

To stay ahead of the latest tech trends, <a class='gtm_see_also_3_inread' style='text-decoration: underline;' href='/digitaledge/focus/putting-consumer-safety-forefront-every-retailers-agenda?utm_source=website&utm_medium=article&utm_campaign=ONPAGESEO'>click here for DigitalEdge Section</a>

Faced with a wider attack surface, adopting zero trust security will be crucial to minimising the chances of falling prey to cyber attacks.

Parimal Pandya, vice president of Sales and managing director for Asia Pacific at Akamai, comments: “Businesses across multiple industries must now contend with an increasing number of access points to their network - be it through third-party providers, IoT devices, or a hybrid workforce. [A zero trust approach will help] ensure only the right people have access to the network at any given time, and that critical data is protected while they innovate digitally.”

The good news is that a recent Cloudflare survey found that 86% of the APAC respondents had a good understanding of zero trust. “With the tangible benefits that zero trust can bring – better protection against data breaches, more secure third party data access and a more seamless employee experience just to name a few – it’s no wonder that 75% of respondents seek to adopt Zero Trust with more than half planning to do so in 2022,” says Fernando Serto, tech evangelist for APJC at Cloudflare.

To achieve zero trust, Palo Alto Networks’ Lim advises organisations to focus on building capabilities that allow them to apply consistent controls to limit trust violations, and analyse and correlate digital interactions to flag anomalous behaviour. They should also equip their security operations centre (SOC) to investigate and respond to suspicious digital interactions in the cloud, remote and on-premise environments.

“This is easier said than done because most organisations have disparate point security solutions that are expensive, hard to use, and lack visibility, correlation and integration. Organisations should look at a platform approach that provides comprehensive visibility, high-fidelity correlation, integrated controls and automated response. In addition to better security, a platform approach will also drive down administrative costs and deliver a better ROI,” he says.

4. Don’t skip vendor security assessment when using third-party solutions

As exemplified in the SolarWinds breach or Kaseya supply chain attack, cybercriminals need to breach just one vendor in the supply chain to compromise that vendor’s customers and gain access to their critical data. “These attacks will also continue to happen as long as digital supply chains remain vulnerable,” says Parvinder Walia, president of Asia Pacific and Japan at ESET.

He continues: “This is why it is equally important to perform vendor risk management to understand the potential risks when using third-party products or services. For instance, storing customer databases on a cloud-based customer relationship management (CRM) platform means that the data is accessible remotely via the internet, which may be a risk."

Peter Rydzynski, principal threat analyst at IronNet, adds: “The rise in software supply chain threats (such as recent exploitation of the Log4j vulnerability) will heighten the need to ensure coding is carefully constructed and meticulously monitored as a primary focus of extensive security follow-ups.”

5. Get expert help from managed service providers (MSPs)

APAC organisations should also consider turning to MSPs to enhance their cyber defence. MSPs can help businesses close the gaps that exist in their cybersecurity controls and skills, as well as free their IT teams for other tasks.

Bob Petrocelli, chief technology officer, Datto, says: “Culturally, APAC has been more traditional and slower to adopt a managed services model for IT, which means they are burdened with the investment and management of internal IT teams.”

“[In 2022,] they need to refocus on business operations and leverage the effective model of MSPs to outsource their technology in order to stay in step with the latest technologies to secure their business from cyber attacks.”

Photo: <a href="https://unsplash.com/photos/5N75xeV9x9Q">Unsplash</a>

Five cybersecurity priorities for APAC businesses in 2022

Related Stories

Highlights

China's shock Covid shift adds fuel to world-beating stock rally

Related Stories

Putting consumer safety at the forefront of every retailer's agenda

ShopBack leverages Forter to grow securely

It doesn't pay to pay a ransom: Cybereason study