Cyber recommendations and the importance of leadership in a vulnerable cyber world
Ng Hoo Ming, Advisor & President for Cybersecurity & Governance Chapter, ASEAN Chief Information Officer Association (ACIOA), delves into common vulnerabilities in the cyber world today and how organisations can overcome them.
In today’s complex cyberspace, Ng Hoo Ming, Advisor and President for the Cybersecurity & Governance Chapter of the ASEAN Chief Information Officer Association, emphasises the importance of understanding attack sources, leadership, and sound governance. Image: Menlo Security
Digital adoption today is not a choice, but a survival instinct, says Ng Hoo Ming, Advisor and President for the Cybersecurity & Governance Chapter of the ASEAN Chief Information Officer Association (ACIOA). But alongside the adoption of more digital technologies is an increased and expanding surface area threat actors can infiltrate and exploit.
“We need to be concerned about the cybersecurity threats posed by malicious actors who are constantly lurking at our cyber front, waiting for an opportunity to exploit the weaknesses in our system for their criminal gain,” Ng says.
And it seems like some of these cyber threats have already been successful, with numerous attacks making headlines in this year alone. The Colonial Pipeline incident in May, for example, saw one of the United States’ largest oil pipelines falling victim to a ransomware attack. This resulted in a temporary shortage of fuel, forcing President Joe Biden to declare a state of emergency, and saw a sum of US$4.4 million being paid out to the attackers in the form of bitcoin.
Additionally, cyber threats are all the more prominent when taking into account today’s geopolitical landscape. “Russia’s invasion of Ukraine has drastically changed the already challenging chaotic cyber landscape,” Ng says.
He highlights how cybercriminals and hacktivist groups have been observed to take sides in the war, cautioning that this could potentially set off serious cyber security implications not only to both countries, but the global community at large.
33 countries outside of Russia and Ukraine have already been affected by cyberattacks related to the conflict, most of which are in Europe, according to data from non-profit organisation CyberPeace Institute. This includes different sectors of critical infrastructure, including transportation, public administration and the financial sector.
Understanding where attacks come from
While Ng acknowledges that many of these organisations later release incident reports on the attacks, he points out that many of the reports fail to identify the initiation point of such attacks. To this point, Ng highlights phishing as one of the most common methods hackers use to infiltrate victims’ accounts and networks.
Phishing attempts are rising, according to the international coalition Anti-Phishing Working Group. In fact, their fourth quarter 2021 Phishing Activity Trends Report found that phishing hit an all-time high in December 2021, with over 300,000 attacks recorded in the month alone.
“Phishing is the most common attack technique deployed by hackers to establish the initial bridge head into your network,” Ng says, highlighting that it is a common attack method to deliver other types of malicious programmes like ransomware.
“If we can stop it from coming into our network or isolate the phishing attack to minimise its impact, we win half of the battle,” he explains.
To prevent potential phishing attempts from entering an organisation’s network, Ng advises they follow three principles:
- Disconnect from untrusted networks if there is no business need
- If there is a business need for one-way data transfer, implement a one-way data diode, a device that limits data flow in one direction, to connect your network to an external network and vice versa
- For two-way information exchanges, design a secure two-way communication gateway to connect your network to the external network
These simple practices can mitigate more than 90 per cent of security problems a typical organisation faces today, according to Ng.
The role of leaders
Ng highlights that it is crucial for senior executives and board members of an organisation to recognise the importance of cybersecurity. “If cybersecurity matters to the chair and the board, that will trickle down and become a priority for the whole organisation,” he says.
Having cybersecurity be managed at a higher level also ensures that it is not divorced from business imperatives, while still being aligned with industry best practices and national regulatory frameworks, Ng adds. This is where the role of a Chief Information Security Officer (CISO) becomes vital.
“CISOs have to be able to sell to the board that cybersecurity is a strategic business investment and an integral part of an organisation’s core business rather than just a backend function,” Ng explains. After all, cybersecurity today can bring benefits to businesses too. For instance, Ng shares that having a strong cybersecurity posture can serve as a key differentiator over competitors, allowing organisations to better gain customers’ trust.
He suggests for an organisation’s senior leadership to pay heed to the following questions:
- Does your organisation invest enough in cybersecurity protection measures?
- Do you know the effectiveness of your security investment?
- Do you have the technical means to continuously validate the effectiveness of your security defence in a timely manner?
- Does your organisation already have a cybersecurity governance programme?
- Does the programme include a set of cybersecurity procedures and a plan to execute those procedures?
- What are the contingency plans for dealing with a cyber incident? Have you practised those plans?
- Are the people in your organisation familiar with cybersecurity?
“We need to implement cybersecurity strategies that increase costs for attackers and make it much harder for them to achieve their objectives,” Ng says. This can be done through cybersecurity governance, which lays out a framework for how organisations approach cybersecurity.
“Cybersecurity governance is an enabler for operations to carry on despite the increasing presence of cyber threats and attacks,” Ng says. He recommends that organisations ask themselves five questions to guide the development of such frameworks:
- What systems and data are critical to your organisation?
- Who has access to these systems and data?
- Who is protecting these systems and data?
- How well are these systems and data protected?
- How do we better protect these systems and data?
Organisations can also consider assessing their organisation’s cybersecurity readiness through an Index, Ng suggests. Such indexes can help organisations manage cyber risks by identifying specific capabilities in the areas of risk-based mitigation, threat detection and response, as well as recovery from any potential cyber attacks. It can also facilitate the development of systematic action plans to improve governance and procedures, he adds.
Defend your networks against potential phishing threats with the Menlo Security Isolation-powered Cloud Platform. The platform serves as an additional security layer, acting as an air gap to isolate traffic at a location far away from a user’s devices, preventing the entry of any potential cyber threats.
This platform has helped to protect critical infrastructure like the Gösgen Nuclear Power Plant, located in Switzerland. Before implementing Menlo’s Platform, IT teams had to manually update isolation protocols to prevent potential threats like malware from entering when employees were browsing the web and accessing emails. The process was time-consuming and tedious, and IT teams were constantly falling behind, leaving devices vulnerable.
With Menlo, this process became entirely automated. Since implementation in February 2019, the Power Plant has not had any instances of malicious code entering employees’ devices.