Battling cyber threats along the Digital Silk Road
Battling cyber threats along the Digital Silk Road
This was first published in The Business Times on 25 March 2021
Daryl Pereira, Partner, Head of Cyber, Advisory, KPMG in Singapore
Eddie Toh, Partner, Head of Forensic Technology, Asia Pacific, Advisory, KPMG in Singapore
The dangers that once lurked on the ancient Silk Road provide an apposite, if anachronistic, analogy for the present-day cybersecurity threat landscape. Silk Road travellers often fell prey to opportunistic attacks from criminals and bandits who sought to plunder as much as possible with minimum damage and risk to themselves. As Singapore advances along the Digital Silk Road towards a Smart Nation, organisations and individuals face an array of new threats from cybercriminals. Like the raiders on the old Silk Road, malicious actors are deploying a variety of tactics to seize control of devices, access personal data, and, in severe cases, disrupt services.
The pandemic has accelerated the adoption of digital technology —a shift that has engendered discussions on the need to significantly enhance cybersecurity. Companies face a complex balancing act between the need to rapidly digitise and address growing concerns on security, privacy, and ethics, while managing cost pressures. As technology opens a plethora of new possibilities, three clear themes are taking shape in cybersecurity today:
1. Securing the cloud, the crucible of the Digital Economy
Cloud solutions have gone mainstream, unlocking new opportunities not only to enhance productivity and efficiency, but also to find new ways to meet customer expectations. While the pandemic has amplified the push to cloud, many organisations had already begun their digitalisation journey prior to the pandemic. The move to digitalise business operations supported by a remote labour force has resulted in two key changes:
First, the new normal of remote working has been a veritable game changer for cybersecurity. This shift has significantly increased security challenges, including insider threats, shadow IT, effective access management, and maintaining secure communication. Second, as businesses direct funds towards expanding their digital footprint, cyber risk increases. However, this has often been without the commensurate increased investment needed in cyber security. While major cloud service providers offer a powerful suite of cyber defences and security controls, they can prove ineffective unless they are tuned to the organisation’s threat landscape and security processes.
A three-pronged strategy could help organisations protect themselves and their employees. First, organisations should conduct thorough cyber due diligence before adopting any new technologies or digitalising their business. This will include testing the technical security of the new platform or technology solution, as well as reviewing the security governance, management oversight and third-party risks that arise from engaging with the vendor providing the digital platform or new technology. A key concern will be assessing the controls to guard the ‘crown jewels’ or critical information assets (i.e. critical data, software or hardware) that are accessible to third parties.
Second, they should set up a remote working and cloud security strategy and architecture that focusses on getting the right processes and technologies, from traffic detection to user behaviour analysis software. This approach will help organisations avoid silo solutions that might need to be reviewed later.
Third, organisations must raise the level of awareness among employees about cyber risks and threats. Employees working from home should be educated on the unique challenges brought about by remote work, and steps that must be taken to enhance cybersecurity in the home office. The organisation’s business and IT functions should also be trained to recognise, understand, and handle security incidents.
2. Investing in the future: automation and machine learning
Organisations need to automate the security function as much as possible to improve their ability to manage the rapidly evolving cyber threat landscape, especially as adversaries are also adopting automated solutions to scale and commoditise their attacks.
The new post-COVID reality has further underlined the value of data which, if well organised and made easily accessible, can be extracted and analysed for vital security monitoring and threat identification, including reducing labour-intensive processes. Embracing artificial intelligence (AI)/machine learning (ML) to help detect and respond to emerging cyber threat vectors can greatly improve the ability of organisations to swiftly contain cyber-attacks, or even to identify indicators of compromise before they come under a full-blown cyber-attack.
In the early stages of cyber maturity, organisations may not be equipped to adopt AI and ML for threat insight analysis, but they can still lay the foundations by determining the right cyber architecture and tools for their individual use cases.
3. Reimagining approach to resilience efforts
There is growing recognition for the role of security in enterprise resilience. However, technologies have reshaped business realities and key assumptions on business continuity have been challenged in the turbulent aftermath of the pandemic.
Against this backdrop of rapid evolution, organisations will need to refresh resilience and recovery planning activities while aligning cybersecurity goals to their business priorities. Aside from the usual Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) testing, organisations should conduct exercises that drill and test their capability to detect, respond and recover in case of a cyber-attack. Two such exercises include ‘cyber crisis management exercises’ to simulate C-suite and management-level decision making during a cyber-attack, and ‘Red Teaming’ to simulate a technical security attack and test the response of the organisation’s IT Security team. Cyber resilience needs to encompass the entire enterprise, and requires the strategic alignment of incident responses, business continuity, and disaster recovery planning.
In recent years, the government has stepped up efforts to combat cyber threats and protect Singapore’s digital infrastructure. Recognising the need for action, the country’s ‘Safer Cyberspace Masterplan’ aims to raise the level of cyber maturity across Singapore.
As cyber threats evolve in complexity and scale, we will have to summon our collective resolve to foster a culture of transparency and collaboration to build a highly trained cybersecurity workforce, secure our technology infrastructure and harness digital innovation to tackle this growing menace.