APAC organisations suffering threat fatigue
Since COVID-19 began having a substantial impact on working practices, companies like Cisco have noticed an increased “uptake” of “security products”.
Steve Moros, director of cybersecurity for Cisco Australia and New Zealand (A/NZ) told CIO Tech Asia organisations have realised how vulnerable their data and security is now that many employees are working from home. They are now having to take steps to ensure they are collaborating without compromise.
According to Moros protecting an organisation from threats that leverage current themes relies on the same strong security infrastructure foundation, that organisations hopefully already have in place.
“A key lesson is to ensure your organisation’s existing protections and capabilities function effectively, at a time in which we are increasingly working remotely,” he said. “It is also important to ensure users are aware of the threats; how to identify them and that your organisation has implemented security best practices; and absolutely vital in adopting a holistic approach to cybersecurity to ensure the necessary protection.”
However Moros believes the “region is suffering from is cybersecurity fatigue”.
“Organisations are receiving thousands of alerts in this space every single day,” he said. “Which means some businesses have virtually given up on proactively defending against threats, due to the rapid evolution of attacks.”
He believes hackers are no longer just targeting IT infrastructure, but have started to attack operational infrastructure, intensifying the challenge for companies.
“According to The Annual Cisco 2019 Asia Pacific Chief Information Security Officer (CISO) Benchmark Study, 25 per cent of respondents have already experienced an attack on their operational infrastructure (versus 21 per cent globally) at the start of 2019, and 73 per cent expect this trend to increase throughout 2020 (versus 64 per cent globally),” said Moros.
Moros said security shouldn’t be an “opt” in, but something that should “be there from the outset”.
“We aren’t too surprised to see this uptake for our services as organisations are aware that we don’t compromise when it comes to keeping our customers safe and secure online,” he said. “There are a number of steps that organisations can take to make sure themselves and their employees are protected.”
CIOs need to understand the importance of educating employees and anyone using the internet to conduct business from home; as well, tips for staying secure online because cyber risk comes from a lack of appropriate technology solutions and human behaviour
“There’s absolutely no doubt that educating employees on how to stay secure online is fundamental to equipping workforces with both the confidence and know-how to work from home in a secure and productive manner,” Moros said. “With employees moving to working from home, there is often not the suitable level of protection without the company VPNs, therefore putting more emphasis on individuals to be smart online – the majority of cyber breaches are still as a result of human error or compromised user credentials.”
According to Moros there is a need to drive people to act as if they are in the office when it comes to online security and behaviour. For example, locking their computer when away from their desk and only using a laptop for corporate use. Otherwise, they are massively putting themselves and their organisations at risk.
“While many collaboration tools today aim to offer a certain level of encryption, this is far from enough to protect a company, its assets, data, and employee privacy,” he said. “In this new normal, proper cyber hygiene training, user education, as well as a holistic approach to security for those implementing the technology needs to be considered.”
According to Moros, businesses face several challenges, especially in this current climate.
“Visibility, massive complexity changes and limited budget and resources are the key pain points that we find with our customers, and it’s important for vendors such as ourselves to alleviate these as best we can,” he said. “A small business, for example, may not have the sufficient IT expertise in-house to drive security solutions with its workforce.
Moros said Cisco has stepped up to support businesses, to make full use of the relevant cyber security technology.
“We have been providing free security remote working solutions, which we have recently announced an extension to, which includes Cisco Advanced Malware Protection for Endpoints,” he said. “This technology prevents breaches and blocks malware at the point of entry as well as detects, contains and remediates advanced threats if they evade the frontline of defence.”
All Cisco customers also have access to Cisco TALOS threat intelligence service, which defends customers against known and emerging and discovers vulnerabilities in common software cyber threats by altering them as they happen so they can be aware and monitor their systems.