By now, many organisations in Asia Pacific (Apac) are planning or have taken steps to offer hybrid work in response to their employees’ preference for such a flexible working arrangement. While there is a lot of focus on changing the organisational culture and deploying collaboration and cloud tools to enable hybrid work, cybersecurity should be an area they should be looking at too.

It goes without saying that cyber threats, such as ransomware, are on the rise and becoming more sophisticated. Experts from cybersecurity firm Mandiant have reported twice as many ransomware-involved investigations in 2020 than in 2019. Ransomware has also evolved into multifaceted extortion, where cybercriminals not only deploy ransomware encryptors across victim environments but also employ a variety of other extortion tactics to coerce victims into complying with demands.

Worryingly, Apac organisations take an average of 76 days to detect an intrusion into a network by a remote attacker, according to the FireEye Mandiant M-Trends 2021 report. They could possibly take longer to do so as they embrace hybrid work, putting them at higher risk of ransomware or other forms of cyberattacks.

Work-from-home cybersecurity risks

Despite providing employees with flexibility, remote work or work-from-home exposes the gaps in organisations’ cyber defence capabilities and creates more avenues for threat actors to exploit.

See also: Effective steps to defend against ransomware

For instance, many businesses in the region are still relying on single-factor authentication, such as passwords, to log into enterprise applications, Vivek Chudgar, vice president for APAC at Mandiant Consulting shares with The Edge Singapore.

One of the top reasons for this is that two-factor authentication (2FA) causes inconvenience to users. “But users across the organisation must find a way to live with the inconvenience security controls bring, for the sake of protecting the organisation – similar to how we have accepted that seat belts are uncomfortable but necessary for safety,” asserts Chudgar.

He adds that some organisations may be using virtual private network (VPN) split tunnelling to cope with the heavy network traffic as more employees work remotely. Putting it simply, split tunnelling allows some application or device traffic to be routed through an encrypted VPN while others have direct access to the Internet. This reduces the burden on the VPN and helps increase application speed and performance.

However, Chudgar warns that split tunnels that are not properly configured can reduce the visibility of unauthorised activities as organisations are “blind” to the traffic bypassing the VPN.

See also: Will 5G and edge computing take off in 2022?

Keeping a constant eye on the network

Given the pervasiveness of cyber threats, the question organisations are facing is not if a cyberattack will happen, but when. Having an effective and comprehensive cyber response plan in place is therefore critical to mitigate and contain the damage.

“Once cyberattackers break in, they’re in your backyard [so technically] you have the upper hand as you have many chances to spot them, especially when they make mistakes, and throw them out,” says Chudgar.

This calls for zero-trust security, wherein anything and everything trying to connect to an organisation’s systems must be verified before they are granted access.

Organisations need to adopt the zero trust model, treating networks and endpoints as untrusted. They should have a single-pane-of-glass view of their traffic and be able to correlate/ analyse data from different sources at hyperspeed to detect anomalies in their traffic quickly. Besides that, they must have the tools and ability to respond to cyber incidents.
Vivek Chudgar, vice president for APAC at Mandiant Consulting

Putting your cyber defence to the test

Since there is no single solution that can help prevent, detect, and respond to all forms of cyberattacks, security teams in Apac organisations should continually validate the security controls they deploy to optimise their cyber defences.

“Many companies of considerable size would have deployed between 30 to 50 different security solutions, but some of them might be misconfigured or provide piecemeal visibility. Security validation – which should be done at least every quarter – can help point out those gaps and provide actionable insights so that organisations can plan the next wave of security enhancements and investments,” says Chudgar.

Mandiant Security Validation, for instance, uses Mandiant threat intelligence and incident response data for adversary visibility that reveals what attackers are doing right now. With intelligence-led Security Validation, security teams can identify high-priority threats to their organisation and create a validation strategy based on the knowledge of who or what poses a threat to the business.

Additionally, Chudgar recommends Apac organisations take the Purple Team Assessment to quantifiably evaluate their security programmes against simulated attack scenarios.

He explains that with Purple Team Assessments, Mandiant experts guide an organisation’s security team through highly realistic attack scenarios. To simulate the attacks, Mandiant will create scenarios within the FireEye Verodin Security Instrumentation Platform. The scenarios are based on analysis from the latest data breaches and the most current intelligence regarding industry-relevant threat groups.

With that methodology, Mandiant can emulate the tools, tactics, and procedures of hundreds of attackers and simulate any component of the MITRE ATT&CK framework. Throughout the assessment, the organisation receives a detailed scorecard that quantifiably identifies where security operations are thriving, areas of improvement, and strategic recommendations to strengthen the security posture.

Since a report from the research firm Ponemon Institute reveals that the average cost of a data breach among companies reached US$4.24 million ($5.81 million) per incident this year, overlooking cybersecurity can be a costly mistake. Apac organisations must therefore enhance their cyber defence capabilities now to be less vulnerable to cyber threats as they embrace hybrid work.

Photo: Unsplash