Cybersecurity company Sophos has recently released its Active Adversary Report for Tech Leaders 2023. The report highlights a few important findings about cyberattacks in the first half of 2023 as follows:
1) Decrease on Dwell Time
Dwell time is basically the attack detection speed of a computer security network. It is calculated based on the time from the start of a cyberattack to when it’s detected. Sophos found that the time it takes to detect a cyberattack has decreased. In 2022, it took an average of 15 days to detect an attack, but in 2023, this time has been reduced to just 8 days. For ransomware attacks, it’s even shorter, at 5 days.
2) Attacks on Active Directory
Active Directory (AD) is a crucial part of a company’s computer network. According to Sophos, attackers now take less than a day (approximately 16 hours) to breach and gain control of AD. This is a concerning trend because having control of AD gives attackers significant power over the company’s systems and data.
3) Ransomware Attacks
Ransomware attacks were the most common type investigated in the report, making up 69% of cases. Most ransomware attacks occurred outside of regular working hours, with 81% of them launching their final damaging actions outside of business hours.
4) Detection Timing
Interestingly, the report shows that the number of attacks detected increases as the week progresses, with a notable spike in ransomware attacks on Fridays and Saturdays.
5) Security Tools
The report mentions that while there have been improvements in security tools and technologies, attackers are still finding ways to infiltrate networks. The key to better security is not just having the right tools but also actively monitoring for threats.
In conclusion, this report serves as a reminder that cyberattacks are evolving, and businesses need to stay vigilant and invest in both advanced security tools and continuous monitoring to protect their data and systems.
You can find more detailed information in the full article on the Sophos’ website.
Navigating the online world while safeguarding personal information has become increasingly challenging. Mozilla’s response – Firefox Relay – has just received an upgrade that promises enhanced privacy protection in the digital realm.
In a bid to fortify online privacy, Mozilla has seamlessly integrated the Firefox Relay feature into the Firefox experience itself. Formerly an add-on, Relay acts as a protective barrier for users’ email addresses, shielding them from unsolicited marketing emails and potential data breaches. With this integration, users can conveniently utilize the Relay feature to safeguard their personal email addresses while navigating the web.
Acquiring this enhanced layer of online privacy is simple. Users need only possess a Firefox account to access the built-in Relay feature, available for free within the browser. Mozilla aims to make this feature available to millions of users over the upcoming weeks.
This integration lines up with Mozilla’s commitment to elevating the user experience by prioritizing privacy. The company introduced Firefox Relay functionalities earlier this year, allowing users to seamlessly interact with the tool through their toolbar, generate fresh email masks, and reuse existing ones. Notably, Relay ensures protection against web trackers, a significant step in preserving sensitive data.
For those unacquainted with Firefox Relay, it offers practical solutions for various online scenarios. Users can generate temporary email aliases to safeguard personal emails, benefiting from the service’s email filtering that eliminates trackers before forwarding messages to the primary email ID. Whether it’s crafting transient emails or maintaining confidentiality on public platforms, Firefox Relay empowers users to embrace a more secure online experience, now more conveniently accessible than ever.
Acronis has published its Mid-Year Cyberthreats Report, revealing concerning trends in the cybersecurity landscape. The report highlights a 464% increase in email-based phishing attacks in the first half of 2023 compared to the previous year.
Cybercriminals are increasingly using generative artificial intelligence (AI) systems like ChatGPT to craft malicious content and conduct cyberattacks. Acronis states that ransomware remains a dominant threat to small and medium-sized businesses. This is mainly due to attackers leveraging AI-created malware to avoid detection by traditional antiviruses.
The cyberattack landscape is evolving
In the report, Acronis also emphasizes the increasing sophistication of cyberattacks. These attacks utilize AI and existing ransomware code to penetrate victims’ systems and extract valuable data, making detection more challenging. Cybercriminals use public AI models to find source code vulnerabilities and develop attacks (including deep fakes).
Additionally, the study shows that phishing is the primary method cybercriminals use to steal login credentials. The use of large language model-based AI platforms has enabled cybercriminals to create, automate, and scale new attacks more efficiently. The report reveals a growing number of data stealers who exploit stolen credentials to gain unauthorized access to sensitive information.
Breaches demonstrate major security concerns
Acronis points out some major security concerns that contribute to successful breaches, including a lack of strong security solutions to detect zero-day vulnerabilities, delayed updates of vulnerable software, and inadequate protection for Linux servers. Moreover, some organizations fail to follow proper data backup protocols, which can lead to severe consequences during attacks.
Acronis encourages companies to take a proactive stance in cyber protection. A comprehensive cybersecurity posture requires a multi-layered solution that combines various security measures. This includes anti-malware, email security, vulnerability assessments, backup capabilities and more. The report also includes steps that companies can take to increase their cyber protection:
If you are interested to read the full Acronis Mid-Year Cyberthreats Report 2023, click here.
A recently discovered vulnerability in Intel chips, named “Downfall,” has the potential to expose millions of users to cybersecurity threats. Cybersecurity researcher Daniel Moghimi, who is associated with the University of California and Google, discovered the major vulnerability. The vulnerability affects a large number of Intel chips produced over the last decade.
The vulnerability centres around the ability of malicious programmes to access data belonging to other applications. Therefore, it poses significant risks to user privacy and security. At the core of “Downfall” is the exploitation of the “register buffer” feature present in modern processors. With it, processors are able to optimise certain operations for faster execution.
What Is a Register Buffer?
Imagine a computer processor as a super-fast brain that helps your computer think and do tasks quickly. This brain needs to remember things temporarily while it is working, just like you might jot down a few things on a sticky note while solving a puzzle. The “register buffer” is like that sticky note – it is a temporary data storage place in the processor where it keeps important information for a short time to help with tasks. Sometimes, the processor may also keep sensitive information like passwords in the register buffer.
So here is the catch: if a hacker finds a way to look inside this register buffer, they might see your password or other sensitive information they’re not supposed to have access to. So, the “Downfall” vulnerability is like discovering a hidden crack in the wall next to the shelf where the processor keeps its sticky note. If someone figures out how to use that crack to take a peek at the content of the sticky note, they could get their hands on sensitive information such as your online bank password and more.
The Potential Impact of Downfall
As you can see, the impact of this vulnerability is far-reaching, particularly for the cloud computing industry. Many servers are using similar setups built on Intel and AMD processors to run workloads, it stands to reason that since the vulnerability affects a swatch of processors, these cloud setups and the businesses that use them could be at risk of a major breach. If these servers are susceptible to Downfall, hackers could have a field day, stealing sensitive information from high-profile organisations worldwide.
According to Intel exploiting this flaw is not exactly a walk in the park. While Intel acknowledged the issue, they mentioned the discovery of “Downfall” happened under very specific conditions – not exactly what hackers encounter in the real world. Newer Intel chips, including Alder Lake, Raptor Lake, and Sapphire Rapids, are reportedly not susceptible to this vulnerability. You may check for the full list of affected devices here.
Preventing Vulnerability and Mitigation Strategy
Intel has released a microcode fix to patch up this vulnerability. While Intel claims that most workloads will not slow down, some specific activities such as heavy data processing might be affected. So, the trade-off here is between keeping your data safe and not compromising device performance.
The discovery of the Downfall vulnerability in Intel chips is a significant concern for cybersecurity. It showcases the delicate balance between performance optimisation and security, highlighting the need for continuous vigilance and adaptation in the rapidly evolving tech landscape.
Researchers at ETH Zurich have identified a series of vulnerabilities in AMD’s CPUs. The vulnerabilities have been identified in CPUs with the Zen 3 and Zen 4 architecture in particular and are present across the board in both desktop and laptop CPUs and APUs with the architecture.
The vulnerability, identified now as “Inception”, takes advantage of speculative execution, a technique where a computer predicts and performs operations it anticipates needing in the future. Using an attack method called Training in Transient Execution (TTE), the affected CPUs can be manipulated to believe that they have seen a certain set of instructions before even if it has never happened before.
In the simplest of terms, the exploit acts exactly like how Leonardo DiCaprio and his team did in the movie “Inception”. Similar to how they were able to plant an idea to retrieve information, the vulnerability in AMD CPUs can do the same thing.
In fact, XDA Developers described that “Inception” takes its name from the movie of the same title, where the central concept involves implanting an idea in someone’s dream. In the exploit context, researchers metaphorically implant an “idea” into the CPU during its “dream-like” state, causing it to execute incorrect instructions. This manipulation of the CPU’s control flow is the core mechanism exploited by Inception.
Exploiting A Kernel Memory Breach
The vulnerability poses a serious security threat as “Inception” is an end-to-end exploit that can covertly leak sensitive information from Zen 3 and Zen 4 processors. The exploit can access confidential kernel memory, including sensitive files like “/etc/shadow” on Linux systems. This file holds hashed user account passwords, typically safeguarded and accessible only to the root user.
According to XDA Developers, with a leakage rate of up to 39 bytes per second, Inception has the capability to retrieve these passwords within 40 minutes.
Exploitation of Speculative Execution
The workings of Inception draw parallels to a similar exploit named Zenbleed. ETH Zurich researchers leveraged the TTE technique to craft an attack capable of infiltrating AMD Zen CPUs. This involves manipulating speculative execution to carry out actions that may not be immediately necessary, a strategy often used to optimise processing.
A central component in this attack is the Branch Target Buffer (BTB) and the Return Stack Buffer (RSB). Inception disrupts branch prediction during the transient window by introducing fresh predictions into the branch predictor. This action creates more powerful transient windows, which can then be exploited to overflow the Return Stack Buffer. Ultimately, this allows Inception to take control of the CPU.
Preventing Exploitation and Mitigation Strategy
AMD has acknowledged the vulnerability in a recent bulletin. The company has released a µcode patch for the affected processors which can be applied via a BIOS update.
According to XDA Developers, like Intel’s “Spectre” vulnerability, effective mitigation strategies remain challenging. One proposed mitigation approach involves flushing the branch predictor during context switches. However, this could inflict significant performance degradation.
If you are using one of the following processors, it would be best to check for a BIOS update.
Desktop CPUs & APUs:
3rd & 4th Gen AMD EPYC CPUs
Ryzen 5000 & 4000 Series Desktop Processors (including CPUs like Ryzen 5 5600G or Ryzen 7 4700G APUs)
Ryzen 7000 Series Desktop Processors
Ryzen Threadripper PRO 5000WX Series Processors
Mobile CPUs:
Ryzen 5000 Series Mobile Processors
Ryzen 6000 Series Processors (with Radeon Graphics)
Ryzen 7035 Series Processors (with Radeon Graphics)
Ryzen 7030 Series Processors (with Radeon Graphics)
Ryzen 7040 Series Processors (with Radeon Graphics)
Cybersecurity is a big talking point today. It is not a new thing; it really has been a concern since the digital age. There are always going to be perpetrators out in the wild who try to cheat, game systems, and even do harm to others for their own benefit. The most recent security threat, and still is one of the biggest threats to cybersecurity, is ransomware.
The thing is, while there are numerous talks about how cyber security should be implemented in corporations and company devices, we often forget that the cyber-first world encourages users to also use their own personal devices for work and at work – your smartphones for example. Where your organization’s issued devices are locked down and secured, your own devices are not. Where Your organization implements security measures on their own back-end digital infrastructure, your own devices are often left untouched. Where your company protects itself, you are left unprotected. So, what do you do?
You get yourself a protection plan of yourself of course. You get yourself Kaspersky’s latest and most comprehensive protection program. For 2023 Kaspersky introduces products that are more streamlined than ever and more comprehensive for all kinds of budget. With updated UI, the Kaspersky protection suites are also made to be more intuitive than ever while offering the most comprehensive protection and control back to users. Their latest suites also offer protection for Windows, Mac, Android, and even iOS.
Kaspersky Standard, or Plus, or Premium
The product naming scheme has become even more simplified than before too. Now you pick between the Standard, Plus, and Premium protection plans that offer different coverage and protection layers. Of course, they come with different price points too.
With the Standard package starting at MYR 70/year (1 device), you get the full might of Kaspersky’s antivirus program that will also detect and remove viruses or malware even before you get your Kaspersky security suite. On top of that, you get real-time protection against the latest known threats to your devices. Kaspersky standard also comes with Safe Browsing and Anti-Phishing suites alongside Firewall and Network Monitor to further protect yourself from malicious websites, downloads, extensions, and even applications. Unlike older cybersecurity suites that tend to slow your PC down, the new Kaspersky security suite offers Quick Startup, PC Speed-up, and Disk Cleanup Tools to ensure that your PC is always working optimally. If you game on your devices too, Kaspersky offers a Game and Do Not Disturb modes to ensure that your devices work to offer the best performance for your games while ensuring that you are not disturbed in an intense battle.
The Plus suite from MYR 96/year (1 device) onward adds an unlimited VPN subscription and Premium Password Manager to the mix. You also have access to Data Leak Checker that monitors the internet and dark web for compromised personal data while offering steps to ensure that your data is always protected. The plan also offers users the ability to monitor their home network and the devices that are connected to the network.
The Premium plan offers the full might of what Kaspersky can offer you for MYR 139/year (1 device) onward. On top of everything you get from the Standard and Plus plans, you also get Kaspersky’s identity protection suite and premium technical support that can even help you install your Kaspersky application for you, if it is too much of a hassle for yourself to do. They also offer the occasional PC health checks done by a professional if you need. In terms of identity protection, they offer something they call an Identity Protection Wallet that stores copies of your sensitive data including identification documents and even licenses in an encrypted format. There is also a one-year free subscription of Kaspsersky Safe Kids suite to further protect your family.
Price and Availability
Kaspersky’s Standard, Plus, and Premium protection plan is now available for MYR 70/year onward (Standard, 1 device) all the way to MYR 195/year (Premium, 5 devices). You can get them from Kaspersky’s website or authorized retailers across the nation. If you choose to get your Kaspersky protection suite now from their website, you are entitled to a 17% introductory discount for your 1-year subscription.
Hacks, lost accounts and compromised emails may be a thing of the past with companies moving towards a “passwordless future”. Google is the latest to bring this future to the present with its introduction of “Passkeys”, a new way to log in to your Google accounts moving forward.
“Passkeys” will use biometrics like facial recognition and fingerprints to log in to your accounts. How? Well, it will use your smartphone. Yes, this also means that you’ll be able to use your screen lock PIN to log in to your Google account. However, it also makes your password obsolete. So, you won’t need to have that notebook or that codenamed document on your PC with all your passwords recorded. According to Google, these passkeys resist online attacks like phishing and are more secure than SMS one-time codes.
That said, Google isn’t forcing all users to immediately migrate over to using passkeys. Instead, users will be able to opt-in to using Passkeys in addition to their password and two-factor authentication (2FA) by going to g.co/passkeys. For companies using Google Workspaces, administrators will soon be able to activate passkeys for their end users.
Setting up passkeys for your Google account is pretty straightforward. You can either use the g.co/passkeys link or look under your account’s security settings. You will now see a new setting called passkeys. There you will be given the option to activate passkeys for your account. It will automatically turn your most recently used Android devices into passkeys. So, you may want to clean up the list of devices with access to your account. Once you activate the feature, you’ll be prompted on your phone or Windows device when you sign in to verify your identity.
Are you excited for a “passwordless future”? Sound off in the comments below.
Cybersecurity company ESET released its latest APT Activity Report, shedding light on coordinated threats to cybersecurity across the globe for 2022. Advanced Persistent Threats or APT, are broadly defined as targeted cyberattacks by either a single person or a coordinated team over a long period of time. Typically the objective is to obtain sensitive data from the target, which includes intellectual property, sensitive information such as financial details, a website takeover or even sabotage. The report compiles data from the period from September to December 2022 analyzed by ESET researchers.
ESET reports on APT threats for the end of 2022.
Ukraine targeted by new malware from Russian-APT Sandworm
During this period, the most notable cyberattack campaigns observed were perpetrated by Russian-aligned APTs targeting Ukraine. The most prominent was an attack by the APT group Sandworm in October targetting an energy sector company in Ukraine. Sandworm used a previously unknown wiper for the attack, a malware that deletes all the files on affected hard drives. ESET has named this wiper, NikoWiper, and it was found to be based on SDelete, Microsoft’s command line for secure file deletion.
Cyberattacks on Ukrainian energy sector linked to Russian-aligned APT Sandworm. Image source: Bleeping Computer
The Sandworm attack against the Ukrainian energy company in October 2022 coincided with the same period of the Russian military attacks. Russian forces launched missile strikes targeted at energy infrastructure too, suggesting some form of coordination and shared objectives. While ESET does not have evidence for this coordination, ESET’s report has noted that APT groups have been known to be operated by a nation-state or state-sponsored threat actors.
More ransomware attacks and spearphising campaigns
ESET reports that Sandworm also used ransomware in the same attack, with the final objective appearing to be data loss or destruction. In this case, ransomware will be used to lock the files in company computers but Sandworm will not offer the decryption key for a ransom, as in a typical ransomware attack. More ransomware attacks were observed in this period, with the Prestige ransomware, associated with Russian-based threat actor IRIDIUM, deployed against logistics companies in Poland and Ukraine. Also in October, ESET discovered and reported on Twitter, a new ransomware in Ukraine written in .NET they named RansomBoggs. Other Russian APTs such as Callisto and Gamaredon were conducting spear-phishing campaigns in Ukraine. These are email or communication-based scams intended to steal credentials or other sensitive information.
Chinese-based APTs Goblin Panda and Mustang Panda beginning to target European countries. Image source: SOCradar
Chinese-based APTs Target EU and Other Global Cyber Threats
Cyber threats were reported in other parts of the world as well. Chinese-based APT Goblin Panda, which typically targets the United States, have recently begun targeting European countries, a similar trend seen in another Chinese-APT, Mustang Panda. A Goblin Panda backdoor was found in a government organisation in the European Union, named TurboSlate by ESET. Similarly in Switzerland, ESET detected a Korplug loader used by Mustang Panda in an energy and engineering organisation. In Iran, the APT POLONIUM has targeted both Iranian companies and their foreign subsidiaries while the APT MuddyWater had likely compromised a security service provider. Cryptocurrency firms have more bad luck as North-Korean APTs were detected to target these firms and crypto exchanges globally with old exploits.
For full details on ESETs findings, the APT Activity Report for T3 2022 can be found on WeLiveSecurity here.
The unprecedented disruption the world faced during the past two years forced governments to rewrite the rulebook on how they serve their citizens. During the COVID-19 pandemic, public sector organizations across Asia Pacific and Japan (APJ) had to act quickly to find digital solutions to everyday challenges to keep citizens safe and productive. Enabled by cloud technology, digitized government agencies became better equipped to offer citizen, educational, and healthcare services, which helped improve and even save lives.
As we emerge from the crisis, the experience, momentum, and lessons learned have heightened potential for leaders to drive digitization as a priority to deliver their national agendas. Public sector organizations across APJ are pivoting from the pandemic and looking ahead to how digital transformation enabled by cloud can help to seize opportunities to deliver faster, more innovative, and modernized citizen services.
Scaling Digitization for Public Sector Organizations
According to a Gartner survey in 2021, digitally advanced government organizations realize more benefits of modernization, including higher efficiency, cost reductions, greater workforce productivity, compliance, and transparency. Research by Amazon Web Services (AWS) Cloud Economics shows that AWS customers in ASEAN – across commercial and public sectors – who migrated to AWS are seeing an acceleration in innovation, with an approximate 29% reduction in time-to-market for new features and applications, about 41% increase in employee efficiency, and an improvement of about 37% in operational resiliency through less downtime of services.
In the last year, AWS has signed six government cloud services agreements across APJ to boost digitization, supporting these governments with our network of local partners as they move their customers and themselves to the cloud, including Malaysia, and Thailand in ASEAN. These initiatives help governments save lives, provide critical citizen services, and support learner outcomes – ultimately changing the way society engages, educates, and does business for good. They also enable opportunities for local businesses on the AWS Partner Network to work closely with public sector customers to solve some of the biggest community challenges.
Enabling Security, Resilience, and Continuity through the Cloud
Aside from accelerating the speed and scale of digitization, leveraging the cloud also ensures security, resilience, and continuity. This creates a safe and reliable environment for students to learn, employees to work remotely, and citizens to access government services and healthcare.
In Indonesia, when the Bali Provincial Government launched its Smart Island initiative to transform the Indonesian island into a digital province, the Communication, Information, and Statistics Agency of Bali (Diskominfos) migrated its data to AWS cloud from an on-premises infrastructure. Launching an attendance system using machine learning technology, it enabled 19,820 public service employees to sign in to the office virtually, saving almost 69% in monthly costs for its attendance system. Many of Bali’s other critical applications are also built using AWS solutions, including a traditional village census system, a health facility oxygen monitoring system, and an asset management system.
By digitally transforming on the cloud, the public sector can rapidly scale services to meet spikes in demand, wind-down operations to reduce costs, and innovate widely using the latest cloud technology.
More Digital Skills Needed to Support Digitization
As the digitization momentum accelerates, governments across APJ will also need to prioritize digital skills training for their workforce in order to unlock the cloud’s full potential. The recent “Building Skills for the Changing Workforce” report produced by AWS and AlphaBeta shows that Australia, India, Indonesia, Japan, New Zealand, Singapore, and South Korea will need to train an estimated 86 million more workers in digital skills collectively over the next year to keep pace with technological advancements – equivalent to 14% of their current total workforce. The report also noted that three of the five most demanded digital skills by 2025 will be cloud-related.
In Thailand, the Ministry of Digital Economy and Society is collaborating with AWS to train more than 1,200 public sector employees with cloud skills, so they can implement cloud technologies at scale, make better data-driven business decisions, and innovate new services to drive improved outcomes for citizens. In Indonesia, its Information and Communication Technology Training and Development Center (BPPTIK Kominfo) worked with AWS to get its employees up to speed on cloud knowledge, in support of Indonesia’s goal of creating a pool of about 9 million digital professionals by 2030 as part of its national digital information agenda. And in Malaysia, AWS has worked to provide cloud training for the Malaysian Administration Modernization and Management Planning Unit (MAMPU) to help accelerate their cloud use and fulfil mission-critical needs. This is in addition to the training of over 3.5 million users across Asia Pacific since 2018.
Looking ahead, we will need to move beyond business as usual to close the skills gap and create conditions for successful digitization. Governments, educators, and industries across APJ will need to collaborate more closely than ever to give all individuals the opportunity to build and deepen their digital skills that will support digitization momentum now and in the future.
Closer Collaboration Needed to Unlock the Potential of APJ
As societies and communities across APJ continue to evolve, organizations of all kinds – from governments to industries to non-profits – will need to come together to solve some of the biggest issues we are facing, from helping marginalized communities to addressing climate change.
This is why AWS launched Cloud Innovation Centers (CIC), to serve as a platform for public and private sector organizations to collaborate, solve challenges, and test new ideas with AWS’s technology expertise. In Singapore, AWS is partnering with East Coast Town Council and Accenture on a six-month pilot to deploy cloud-powered sustainability solutions in municipal estate management, to support Singapore’s move towards its net zero carbon emissions goal by 2040.
We encourage collaborations between governments, industry, and cloud services providers to enable long-term scaling of digital programs. The momentum has been established, so let’s continue to ride the wave and work together to keep digitization at the forefront of the region’s push for progress as we pivot from pandemic to prosperity.
Cloud technology has been an integral component in paving the way for organizations across industries to undergo digital transformation. Globally, 50% of organizations are adopting a cloud-native approach to support both employees and customers, and the number of connected devices is expected to climb to 55.9 billion by 2025.
In Malaysia, we’ve also seen swift progress in cloud adoption – with the most recent milestone being the upgrade of the Malaysian Government’s Public Sector Data Centre (PDSA) into a hybrid cloud service called MyGovCloud. The pace of cloud adoption is expected to accelerate following the government’s decision to provide conditional approval to Microsoft, Google, Amazon, and Telekom Malaysia to build and manage hyperscale data centres and cloud services in Malaysia.
With cloud-based systems becoming a key component of organizations’ operations and infrastructures, malicious actors have been turning to the cloud, taking advantage of weaknesses in cloud security to perform various malicious activities — leading to new complexity regarding effective attack surface risk management.
Why Malaysian Businesses Need Better Risk Management
The shift to the cloud and dramatic increase in connectivity gives malicious actors new and often unmanaged attack vectors to target.
As revealed in Trend Micro’s semi-yearly Cyber Risk Index (CRI) report, 67% of organizations in Malaysia report they are likely to be breached in the next 12 months – indicating a dire need for local organizations to be better prepared in managing cyber risks.
To better reduce the risk of cyberattacks, enterprises must first understand how cyberattackers are exploiting the cloud for their own benefit and bridge security gaps by proactively anticipating data breaches.
One of the most common ways that organizations put themselves in a vulnerable position to be attacked is through misconfigurations of the cloud. While misconfigurations might seem straightforward and avoidable, they are the most significant risk to cloud environments – making up 65 to 70% of all security challenges in the cloud. This is especially true for organizations that have been pushed to migrate quickly to the cloud since remote work became the new norm.
Malicious actors are also turning to low-effort by high-impact attack strategies in gaining access to cloud applications and services. On top of exploiting new vulnerabilities in an enterprise’s network, cyberattackers will persistently exploit known vulnerabilities from past years as many enterprises still lack the ability to get full visibility on environments that are left unpatched.
How Malaysian Businesses can Stay Prepared
Since criminals can execute their attacks more effectively, they can also target a larger number of organizations, potentially leading to an increase in overall attacks. Organizations now have much less time to detect and respond to these incidents, and this will be expounded as the business model of cybercriminals matures further.
With that in mind, enterprises must strengthen their security posture foundations to defend against evolving cyberthreats. Among the key cybersecurity strategies to adopt include:
Automating everything
We live in a world where skills shortages and commercial demands have combined to expose organizations to escalating levels of cyber risk. In the cloud, it leads to misconfigurations and the risk of knock-on data breaches, as well as unpatched assets which are exposed to the latest exploits. The bad news is that cybercriminals and nation states are getting better at scanning for systems which may be vulnerable in this way.
Better digital attack surface management starts with the right tooling. Solutions such as Trend Micro Cloud One enable and automates platform-agnostic cloud security administration and cloud threat detection and response, which can help security teams improve the efficiency of threat investigation and response, as well as reduce the risk of a security breach.
Empowering employees with resources and tools to ensure cloud operational excellence
Many enterprises are already well on their way in the world of cloud, with more and more security teams using cloud infrastructure services and developing cloud-native applications. However, this can often be a steep learning curve for cloud architects and developers – leaving gaps in protection, compliance, and visibility.
To improve the situation, organizations need to provide resources to employees to ensure that the cloud service configurations adhere to industry best practices and compliance standards. One such way is to use tools that automatically scan cloud services against best practices, relieving teams from having to manually check for misconfigurations.
Adopt a Shared Responsibility Model
Clouds aren’t secure or insecure, they’re as secure as you make them. Instead of “who is more secure – AWS, Azure, or Google Cloud?” ask “what have I done to make all of my clouds as secure as I need them?”
Security in the cloud works using the Shared Responsibility Model – which dictates who is responsible for any operational task in the cloud and security is simply a subset of those tasks. Security self-service for the cloud is fully here in all its forms, and understanding this model is critical to success in the cloud.
While increased cloud adoption allows organizations to be more agile, scalable, and cost-efficient, the benefits of using cloud services and technologies are no longer just reaped by legitimate companies, but also cybercriminals who keep up with the trend. As criminals accelerate attacks and expand their capabilities, businesses must adopt a solid cybersecurity strategy to stay a step ahead.
