In the wake of the digital revolution, security continues to be a top area of focus for organizations when it comes to delivering consistent, high-quality services. According to a report by IDC, spending on cybersecurity solutions in the Asia-Pacific region is expected to reach USD 57.6 billion by 2026. As cyber threats rapidly evolve, businesses are acknowledging the link between cybersecurity and traditional business goals.
In Singapore, phishing was the second-most reported scam type in the first half of 2022, according to the Singapore Police Force, with 2,301 cases and a total of SGD 7.8 million in losses. Meanwhile, fraud-related attacks were the most common type of cybersecurity incident in Malaysia in 2022 with 4,741 cases, according to the Malaysia Computer Emergency Response Team.
Here’s how ASEAN organisations can shore up cybersecurity defences with a digital twin according to Neo4j
These numbers do not bode well for the year ahead, signalling that attackers will continue to ramp up their efforts to steal sensitive information from companies. Additionally, real-time data feeds are constantly detecting the presence of new security breaches across the cyber landscape. We have reached a point where cybersecurity agendas can quickly become dated, as they no longer reflect current tactics and technological developments.
What motivates hackers?
To malicious attackers, web browsers have become lucrative targets, because they are where users’ personal, sensitive information is available, including usernames, passwords, job details, and credit card numbers.
For organizations to stay secure, they need to get ahead of the security curve and make sure their resources are consistently protected from unauthorized access. As a result, organizations will not only maintain their customers’ trust but also avoid noncompliance which would lead to legal penalties.
How organizations can ensure safe online operations
In order to effectively manage cyber risk, organizations must pay attention to six key areas: vulnerability checks through quantitative risk analysis, analysis of cloud architecture and security measures, password management and multi-factor authentication (MFA), mobile device management (MDM), resilient encryption protocols, and commonsense strategies. With these initiatives, organizations can stay ahead of impending security threats that would otherwise disrupt their operations and severely halt service delivery.
1. Vulnerability checks through quantitative risk analysis
In the transformed tech ecosystem, cybersecurity is vital. To ensure that their organization is secure, risk analysis experts should conduct a quantitative assessment of their organization’s vulnerabilities, including patch management practices. They should also develop metrics and dashboards to facilitate regularly reporting the identified vulnerabilities to the CISO. Quantitative risk analysis provides a comprehensive and structured approach to vulnerability checks, enabling organizations to understand their level of exposure and take proactive steps to mitigate risks before they materialize. By leveraging data and metrics, organizations can make informed decisions that optimize their security posture and ensure business continuity.
2. Analysis of cloud architecture and security measures
The vast amount of data stored in the cloud, combined with the ease of remote access, make the cloud a prime target for cyberattackers. Cloud security measures are therefore an essential aspect of cloud architecture and must be carefully planned, analyzed, and implemented to safeguard data and resources. This allows organizations to enjoy the benefits of cloud computing while minimizing the risks.
Implementing cloud architecture involves choosing a reputable cloud service provider that has robust security measures in place and following best practices for configuring and using cloud services securely. By taking a comprehensive approach to cloud security, organizations can ensure the protection of their data and the continued success of their cloud computing initiatives.
3. Password management and MFA
Having strong passwords can act as a strong defence against cyberattacks. Additionally, to ensure that employees can log in to their workstations easily without compromising security, organizations need to implement password management solutions that can automate the authentication process. This way, users will not feel overwhelmed by having to remember so many different passwords.
However, passwords alone are not enough to secure access to critical resources. Passwords should be supported with MFA, which provides a second layer of identity verification that users need to go through. While it is a sound strategy, organizations need to ensure that the measures they choose to render their networks impenetrable do not interfere with worker productivity.
Risk-based MFA allows organizations to enforce dynamic access policies based on certain conditions, including the user’s location, IP address, and the number of failed login attempts. An access attempt that the security controls deem suspicious will be blocked until the user completes the secondary authentication process.
BYOD policies empower employees to fulfil their tasks using the means and tools that are at their disposal. This has allowed for increased productivity but has also led to the convergence of personal and corporate data within the network. MDM is the best way to minimize the attack surface by configuring encryption as well as hardware and software restrictions on devices. MDM also helps security teams detect security faults, such as compliance violations, inactive devices, blocked applications and jailbroken or rooted devices—all in real time.
5. Resilient encryption protocols
Encryption protocols are another essential security feature, acting as the final barrier in case a hacker gains access to the system. There are many types of encryption that organizations can use to secure data at rest or in transit. One such example is file system encryption, which allows companies to restrict access to either selected sensitive files or all the files located anywhere across the network.
6. Commonsense strategies
Lastly, users also need to take extra precautions by applying commonsense measures. These include clearing or archiving messages from email inboxes, disclosing personal information only to trusted sites, and not storing credentials in easily accessible plaintext files.
Making future-proof cybersecurity the default
In the face of an ever-evolving threat landscape, fortune favours those who take a proactive stance in fortifying their networks. The onus is on business decision-makers to work with security teams to devise measures and policies that will keep critical files and operations secure. At the same time, business decision-makers also need to assume that hackers are already targeting their operations and take steps to minimize the organization’s attack surface.
Organizations that harness the cybersecurity strategies described above will be well-positioned to retain their operational resiliency and customer base. Ultimately, these strategies can mean the difference between an organization pulling ahead of the rest or struggling with technical and legal problems in the long run.
This article titled “Hacking the hackers: Proven methods to keep your online operations safe” was contributed by Arun Kumar, Regional Director at ManageEngine
About the author
Arun Kumar is a regional director at ManageEngine, the enterprise IT management division of Zoho Corporation. He has been working with ManageEngine since 2003. In his current role, he leads all channel and partner-related initiatives for the company in both the United Kingdom (UK) and Asia Pacific (APAC) markets.