Cyber Security Awareness: Take the Bull by the Horns

By Ryan James Murray

Amazon Web Services recently published the results of a survey spanning six countries in Asia, identifying an acute shortage of digitally skilled workers. The report suggests that 30% more workers across Asia will require these new skills annually until 2025 for economies to remain competitive. Something clearly needs to change.

As we charge towards the Fourth Industrial Revolution and emerging technologies take centre stage, knowing how to safeguard them will be crucial. The realization that almost half of corporate data in APAC is stored online highlights the increasing digitalization across every industry. The arrival of 5G combined with businesses embracing automation and big data means that every employee will need to have a much greater awareness of digital security.

Protect the Data

Asian governments are leading the way toward digitalization; the Philippines has launched Smart Nation initiatives and the Japanese government now allows digital signatures instead of hankos. GDPR in Europe and CCPA in the US highlights a trend in increasing attention towards data security. It is only a matter of time before Asia also implements a similar solution to protect corporate and customer data moving forward.

Organizations across every industry are challenged with anonymizing data to protect the real identities in datasets. Data in software testing and everything from modern medical research to personalized recommendations should have all personally identifiable information removed.

However, a recent study found that anonymizing data is an illusion. The smaller the population, the easier it became to re-identify people in de-identified datasets.

Businesses should be revisiting their deidentification practices to satisfy the anonymisation standards of modern data.The increased targeting of end-users regionally is a worrying trend for businesses of all sizes too. Kaspersky announced that it blocked 2.9 million phishing attempts aimed at SEA SMEs in 2020, a 20% increase from the previous year.

Don’t underestimate Cybersecurity Awareness

News that Verizon found 94% of malware is sent through email should act as a significant wake-up call for business leaders. Every employee must be able to identify phishing emails and understand the importance of strong passwords with 2FA to protect their accounts.

Many industries will be implementing new technologies for the first time and will be blissfully unaware of the dangers. It’s a numbers game for cyber-criminals who often target operating systems and the latest software to infect as many users as possible so they can make more money.

There is also an increase in firmware cyber-attacks that can bypass a computer’s operating system and malware detection software. Although many IT teams will regularly patch operating systems with the latest updates, the firmware is often neglected. Another myth is that hackers will only target big organizations. The reality is that no business is too small to register on the radar of cyber-attackers. The bad guys are armed with a wide range of tools to look for vulnerabilities on anything with an online connection.

The attacks come in many forms, such as phishing scams, malware, SQL injections, ransomware, and denial-of-service attacks. These tools will be used to attack networks, operating systems, and even the firmware on every computer. Security patches must be regularly updated across all areas to minimize vulnerabilities. Users also need to be more vigilant around periodically changing passwords and be educated on why it is so important.

Even within developing economies with lower-tech penetration rates and less exposure to the latest innovations, workers for MNCs must be conversant in digital security. There is increasing concern that a lack of skills could reduce a country’s competitiveness if it lacks the local talent needed or gains a bad reputation for cybersecurity.

It all Starts with Your Employees

Employee cybersecurity awareness needs a different approach than an annual ticking box exercise or a year-round program. All employees need to be properly trained on the importance of secure passwords. They should instinctively question the security of Wi-Fi networks before connecting and use VPNs where possible.

Businesses also need to work with teams to ensure they know how to identify sophisticated phishing attacks. Many unwittingly increased the risk of breaches by transferring company data on consumer accounts such as Dropbox or other non-authorized platforms. Raising awareness and confirming exactly where sensitive data can and should be accessed can help businesses adopt a more proactive than reactive cybersecurity approach.

Training all workers at the most basic level will go a long way towards reducing the prevalence of the most basic vulnerabilities. But this is only one part of the solution. Companies must also invest in more sophisticated cybersecurity measures. They need to adopt secure software and hardware from the outset rather than an afterthought when the purchase has been completed.

The Danger Doesn’t always Come from Outside

Teams are no longer just working from their home. The rise of hybrid working means that employees now expect to have the ability to work from anywhere and everywhere. Multi-cloud storage, privileged access management, and a zero-trust architecture will be critical investments to ensure that organizations remain protected. Emerging technologies such as homomorphic encryption will also play a crucial role in preventing new waves of attacks and bot fraud.

Businesses can no longer automatically trust everything on their internal network and only suspect external traffic. Some of the biggest threats will come from employees and the default browser installed on every device. Getting the balance between embracing new tech and training every employee around their cybersecurity responsibilities will reveal how resilient your infrastructure really is.

The good news is that investing in more sophisticated cybersecurity measures and working with your teams to reduce the prevalence of the most basic vulnerabilities will ensure you are on the right path.

By Ryan James Murray is Director (APAC), at HUMAN