All governments and organisations today need to be aware that they are fully at risk from cyber-attacks, as demonstrated by recent high profile media reports of breaches in critical infrastructures – such as Colonial Pipeline – to large multinational organisations.
According to a recent Ponemon Institute survey, 44 per cent of organisations experienced a third-party data breach in the last 12 months that resulted in the misuse of sensitive or confidential information. 63 per cent of organisations say that remote access is their weakest attack surface.
Cybersecurity professionals must learn to flexibly adapt when new challenges arise in a scenario wherein 2021, cybersecurity experts claim there are 10 types of hackers ranging from white hat, black hat, grey hat, script kiddies to activists and malicious insiders.
The current consensus among white hat hackers and cybersecurity specialists is to advise the government and organisations to pivot from detection to prevention strategies, which will be affected by reducing the attack surface and preventing known and unknown attacks. These days, no organisation can trust luck to avoid attacks. It is just a matter of when and how to mitigate and recover from a successful attack.
Coming together at the CYDES 2021 conference, these experts discussed the areas in which organisations are most vulnerable. They also shared the latest cyber tools and strategies to help organisations adapt.
Interestingly, experts from Telekom Malaysia Berhad (TM) identified the malware as the cyberthreat that has consistently prevailed over decades and been weaponised in attacks, primarily those involving critical infrastructure.
What is the current challenge?
During the past three years, malware has become increasingly sophisticated, a step above previous versions, explained Raja Azrina Raja Othman, Chief Information Security Officer at TM. The energy sector, a key aspect of a country’s critical national infrastructure, saw significant malware used for attackers’ persistence in compromised systems, she shared.
One example of this occurred in 2017 when malware was introduced into an oil refinery in Saudi Arabia. The malicious programmes were designed to shut down safety systems, increasing the likelihood of a catastrophic explosion, wrote Wired.
“Amongst security practitioners, we understand traditional malware defences have proven ineffective,” said Raja Azrina. Protection mechanisms should continue to evolve. For example, the way that organisations protect access points such as laptops “are changing and will continue to change.”
Moving to the Cloud without proper protections in place constitutes another challenge, Raja Azrina pointed out. She has seen organisations “that migrate without sufficient planning”, exposing valuable data to vulnerabilities.
Email servers present another attack surface for hackers to introduce viruses and malware. This has led to the loss of critical data and “can culminate in ransomware attacks,” she said.
Another example, a scam email sent to a Sydney hedge fund that contained a fake Zoom invitation. When users clicked on it, a malicious software programme was secretly implanted into the system, leading to losses of more than US$580,000, reported Australian Financial Review.
Implementing Zero Trust and data residency
Sometimes called ‘perimeterless’ security, a zero-trust security model is not a new approach to the design and implementation of IT systems – originally coined by a Forrester analyst in the early 1990s. However, it is rapidly becoming a favoured recommendation to counter vulnerabilities arising from the use of third party solutions in today’s complex IT information architecture.
“Perimeter defences and network segmentation remain highly relevant,” explained Raja Azrina. Segmentation helps to restrict access from one system to another, reducing the attack surface that hackers can target, and containing breaches as they occur.
Zero Trust is indeed a valuable approach. This model authenticates users each time they access an organisation’s network, systems or applications, blocking unauthorised users.
TM’s enterprise and public sector business arm, TM ONE, provides Zero Trust systems to help secure networks. Such a provision implements strong identity requirements to ensure networks are more ‘watertight’ against malicious intruders.
Furthermore, Raja Azrina highlighted data residency as a top concern when securing the Cloud. Different jurisdictions apply different laws to data, which can lead to legal complications arising when data is stored overseas.
One benefit of keeping data close to home is that organisations have easy access to their data centre. This is one of the reasons why TM ONE has built its Cloud centres in Malaysia, she explained.
Prevention is the best product protection and TM ONE provides additional cyber safeguards via two tools that are available amongst its wide cyber security product portfolio.
First, a firewall creates a set of rules for websites to block malicious attempts to access information. TM ONE provides threat management by combining firewalls, anti-virus and anti-intrusion systems at the entry points to networks, according to its website.
Second, TM ONE helps to encrypt data transmitted across the internet, only allowing the sender and receiver to decrypt and view the data. Introducing this system would give citizens a trust point when accessing the site, maintaining the reputation of an organisation’s cybersecurity.
Another takeaway is that cybersecurity must be viewed as a marathon and not a sprint. Organisations must be able to sustain protections to keep ahead of evolving threats.
Malware has recently proven to be a significant threat to public sector institutions and critical national infrastructures. A more robust and strategic approach of adopting Zero Trust, storing data locally, and the use of proactive security tools are essential in today’s rapidly changing environment.