Cyberattacks are a serious concern among IT security professionals around the world, and the Asia Pacific region is no exception. People have quickly embraced a mobile lifestyle, whether shopping, socializing or gaming. Digital transformation is enabling businesses to innovate and create efficiencies, from shopping to ride-hailing to industrial robots. Digital is changing the way governments operate and is making fast-growing cities safer and more efficient.
But the popularity of digital technologies across the region means that more people and businesses are at risk from cyberattacks.
A Growing Risk
According to the risk management firm Marsh & McLennon, it takes Asian organizations 1.7 times longer than the global median to discover a breach. Spending on information security is also lower than in North America, and most users do not receive security awareness training.
Those findings align with the observations of cybersecurity professionals surveyed at the 2018 Black Hat Asia conference. Attendees expressed a high level of concern over targeted cyberattacks and potential breaches of critical infrastructure. Sixty-two percent believed that their organizations will have to respond to a major security incident in the next 12 months.
The fallout from a cyberattack can be severe. Although data privacy laws across Asia are not as stringent as in Europe, for example, the financial implications still can be severe. A large organization in APAC could incur an economic loss of US$30 million, according to analysis from Microsoft and Frost & Sullivan. The potential economic loss across the region due to cybersecurity incidents could hit US$1.745 trillion—more than 7% of the region’s total GDP.
In a 2018 article about the SingHealth cyberattack, we see attackers successfully compromising workstations and conducting data exfiltration activities for eight days. The resulting impact was 1.5 million patient records were stolen, including health information about the Singapore prime minster.
These internal activities are difficult to detect given the multitude of IT systems and network segments to monitor. Many enterprises today have a lack of visibility and capability to derive important insights. An attack on smart healthcare systems could have significantly larger consequences than a data breach, which makes the issue of cyber-physical attacks highly pertinent to organizations in APAC.
Greater Visibility
Businesses need greater visibility into their true state of cybersecurity, so they can take specific actions to detect and combat the threat faster.
Identifying who and what connects to the network is a critical first step. Solutions like Aruba ClearPass can automatically control access to the enterprise wired and wireless networks so that only authorized users and devices can connect. With ClearPass, IT finally knows exactly what devices are connected to the enterprise network, how many there are, where they’re connecting from, and which operating system they’re running.
IT also can use ClearPass to enforce appropriate policies, regardless of user, device type or even time of day. This is critically important not only for the multitude of laptops, phones and tablets that connect to the enterprise network, but also for the exponentially growing number of sensors, security cameras and other IoT devices that could be wide open to security threats.
The next step is to protect resources dynamically and neutralize threats as quickly as possible. For instance, an outdoor security camera that starts scanning the corporate network at 3am could well indicate a compromise of the internal network. If unusual behavior is detected, network access for that device can be immediately terminated.
New Insight into Inside Attacks
Taiwan Semiconductor Manufacturing Co., Ltd (TSMC), the manufacturer of chipsets for Apple, Nvidia and Qualcomm, had to stop production for three days back in August 2018, impacting the company’s third-quarter revenue of NT$260.35 billion by 2% due to an attack by the known WannaCry.
At a time when Taiwan’s manufacturing industry is touting Industry 4.0, many manufacturers are deploying more IoT devices and attempting to connect more manufacturing equipment to the internet. The TSMC attack exposes the possible exploits and state of information security.
Today’s sophisticated attacks can evade traditional perimeter defenses, and IT often lacks visibility into these inside attacks. That’s why organizations are increasingly looking to AI-based machine learning to spot changes in user behavior that indicate these insider attacks.
Aruba IntroSpect detects compromised users’ systems or devices using supervised and unsupervised machine learning models to see telltale changes in typical IT access and usage. IntroSpect can detect targeted attacks across the kill chain, including account abuse or takeover, command and control, data exfiltration, lateral movement, privilege escalation, ransomware and much more.
When the subtle signals are aggregated and put into context over time by advanced machine learning models, the presence of an upcoming attack is confirmed and alerted. Through tightly integrated bidirectional communication, IntroSpect then triggers ClearPass to take action and terminate access.
Once the threat is under control, an analyst can then turn to IntroSpect’s big data-based incident investigation system where the entire IT history of the entity under scrutiny—down to the packet level—is available in seconds, so that decision making and remediation is cut from hours and days to minutes.
Context from the security ecosystem can be used to enhance network visibility and strengthen enforcement. ClearPass and IntroSpect integrate with hundreds of third-party solutions, including McAfee endpoint security, Palo Alto Networks firewalls, MobileIron mobile device manager and 2FA solutions like GoVerifyID.
Learn More
Learn more about securing the enterprise.
Five Ways Cybersecurity Can Break Smart Cities
