Preparing Your Organisation Against Cyber Attacks

5/5 (3)

5/5 (3)

Last week, the Australia Government announced that they have been monitoring persistent and increasing volumes of cyber-attacks by a foreign state-based actor on both government and private sector businesses. The Australian Cyber Security Centre (ACSC) reported that most of the attacks make use of existing open-source tools and packages, which ACSC has dubbed as “copy-paste compromises”. The attackers are also using other methods to exploit such as spear phishing, sending malicious files and using various websites to harvest passwords and more, to exploit systems.
Cybercrime has been escalating in other parts of the world as well. The World Health Organisation (WHO) witnessed a dramatic increase in cyber-attacks directed with scammers impersonating WHO personnel’s official emails targeting the public. The National Cyber Security Centre (NCSC) in the UK alerted the country’s educational institutions and scientific facilities on increased cyber-attacks attempting to steal research associated with the coronavirus. Earlier this month, the Singapore Computer Emergency Response Team (SingCERT) issued an advisory on potential phishing campaigns targeting six countries, including Singapore that exploit government support initiatives for businesses and individuals in the wake of the COVID-19 crisis.
Such announcements are a timely reminder to government agencies and private organisations to implement the right cybersecurity measures against the backdrop of an increased attack surface. These cyber attacks can have business impacts such as theft of business data and destruction or impairment to financial data, creating extended business interruptions. The ramifications can be far-reaching including financial and reputational loss, compliance breaches and potentially even legal action.

A Rise in Spear-Phishing

In Australia, we’re seeing attackers targeting internet-facing infrastructure relating to vulnerabilities in Citrix, Windows IIS web server, Microsoft Sharepoint, and Telerik UI.
Where these attacks fail, they are moving to spear-phishing attacks. Spear phishing is most commonly an email or SMS scam targeted towards a specific individual or organisation but can be delivered to a target via any number of electronic communication mediums. In the spear-phishing emails, the attacker attaches files or includes links to a variety of destinations that include:

  • Credential harvesting sites. These genuine-looking but fake web sites prompt targets to enter username and password. Once the gullible target provides the credentials, these are then stored in the attackers’ database and are used to launch credential-based attacks against the organisation’s IT infrastructure and applications.
  • Malicious files. These file attachments to emails look legitimate but once downloaded, they execute a malicious malware on the target device. Common file types are .doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .jpeg, .gif, .mpg, .mp4, .wav
  • OAuth Token Theft. OAuth is commonly used on the internet to authenticate a user to a wide variety of other platforms. This attack technique uses OAuth tokens generated by a platform and shares with other platforms. An example of this is a website that asks users to authenticate using their Facebook or Google accounts in order to use its own services. Faulty implementation of OAuth renders such integration to cyber-attacks.
  • Link Shimming. The technique includes using email tracking services to launch an attack. The attackers send fake emails with valid looking links and images inside, using email tracking services. Once the user receives the email, it tracks the actions related to opening the email and clicking on the links. Such tracking services can reveal when the email was opened, location data, device used, links clicked, and IP addresses used. The links once clicked-on, can in- turn, lead to malicious software being stealthily downloaded on the target system and/or luring the user for credential harvesting.

How do you safeguard against Cyber-Attacks?

The most common vectors for such cyber-attacks are lack of user awareness AND/OR exploitable internet-facing systems and applications. Unpatched or out-of-support internet-facing systems, application or system misconfiguration, inadequate or poorly maintained device security controls and weak threat detection and response programs, compound the threat to your organisation.
Governments across the world are coming up with advisories and guidelines to spread cybersecurity awareness and prevent threats and attacks. ACSC’s Australian Signals Directorates ‘Essential 8’ are effective mitigations for a large majority of present-day attacks. There were also guidelines published earlier this year, specifically with the COVID-19 crisis in mind. The Cyber Security Agency in Singapore (CSA) promotes the ‘Go Safe Online’ campaign that provides regular guidance and best practices on cybersecurity measures.
Ecosystm’s ongoing “Digital Priorities in the New Normal” study evaluates the impact of the COVID-19 pandemic on organisations, and how digital priorities are being initiated or aligned to adapt to the New Normal that has emerged. 41% of organisations in Asia Pacific re-evaluated cybersecurity risks and measures, in the wake of the pandemic. Identity & Access Management (IDAM), Data Security and Threat Analytics & Intelligence saw increased investments in many organisations in the region (Figure 1).Investments in Cybersecurity
However, technology implementation has to be backed by a rigorous process that constantly evaluates the organisation’s risk positions. The following preventive measures will help you address the risks to your organisation:

  • Conduct regular user awareness training on common cyber threats
  • Conduct regular phishing tests to check user awareness level
  • Patch the internet-facing products as recommended by their vendors
  • Establish baseline security standards for applications and systems
  • Apply multi-factor authentication to access critical applications and systems – especially internet-facing and SaaS products widely used in the organisation like O365
  • Follow regular vulnerability scanning and remediation regimes
  • Conduct regular penetration testing on internet-facing applications and systems
  • Apply security settings on endpoints and internet gateways that disallow download and execution of files from unfamiliar sources
  • Maintain an active threat detection and response program that provides for intrusion detection, integrity checks, user and system behaviour monitoring and tools to maintain visibility of potential attacks and incidents – e.g Security Information & Event Monitoring (SIEM) tools
  • Consider managed services such as Managed Threat Detection and Response delivered via security operations (SOC)
  • Maintain a robust incident management program that is reviewed and tested at least annually
  • Maintain a comprehensive backup regime – especially for critical data – including offsite/offline backups, and regular testing of backups for data integrity
  • Restrict and monitor the usage of administrative credentials

 


Get more insights on the adoption of key Cybersecurity solutions and investments through our “Market Insights and Vendor Selection” research module which is live and ongoing on the Ecosystm platform.
Get Started


1
Tech Spotlight for May – Cybersecurity

5/5 (2)

5/5 (2)

In his blog, The Cybercrime Pandemic, Ecosystm Principal Advisor, Andrew Milroy says, “Remote working has reached unprecedented levels as organisations try hard to keep going. This is massively expanding the attack surface for cybercriminals, weakening security and leading to a cybercrime pandemic. Hacking activity and phishing, inspired by the COVID-19 crisis, are growing rapidly.” Remote working has seen an increase in adoption of cloud applications and collaborative tools, and organisations and governments are having to re-think their risk management programs.

We are seeing the market respond to this need and May saw initiatives from governments and enterprises on strengthening risk management practices and standards. Tech vendors have also stepped up their game, strengthening their Cybersecurity offerings.

Market Consolidation through M&As Continues

The Cybersecurity market is extremely fragmented and is ripe for consolidation. The last couple of years has seen some consolidation of the market, especially through acquisitions by larger platform players (wishing to provide an end-to-end solution) and private equity firms (who have a better view of the Cybersecurity start-up ecosystem). Cybersecurity providers continue to acquire niche providers to strengthen their end-to-end offering and respond to market requirements.

As organisations cope with remote working, network security, threat identification and identity and access management are becoming important. CyberArk acquired Identity as a Service provider Idaptive to work on an AI-based identity solution. The acquisition expands its identity management offerings across hybrid and multi-cloud environments. Quick Heal invested in Singapore-based Ray, a start-up specialising in next-gen wireless and network technology. This would benefit Quick Heal in building a safe, secure, and seamless digital experience for users. This investment also shows Quick Heal’s strategy of investing in disruptive technologies to maintain its market presence and to develop a full-fledged integrated solution beneficial for its users.

Another interesting deal was Venafi acquiring Jetstack.  Jetstack’s open-source Kubernetes certificate manager controller – cert-manager – with a thriving developer community of over 200 contributors, has been used by many global organisations as the go-to tool for using certificates in the Kubernetes space. The community has provided feedback through design discussion, user experience reports, code and documentation contributions as well as serving as a source for free community support. The partnership will see Venafi’s Machine Identity Protection having cloud-native capabilities.   The deal came a day after VMware announced its intent to acquire Octarine to extend VMware’s Intrinsic Security Capabilities for Containers and Kubernetes and integrate Octarine’s technology to VMware’s Carbon Black, a security company which VMware bought last year.

Cybersecurity vendors are not the only ones that are acquiring niche Cybersecurity providers. In the wake of a rapid increase in user base and a surge in traffic, that exposed it to cyber-attacks (including the ‘zoombombing’ incidents), Zoom acquired secure messaging service Keybase, a secure messaging and file-sharing service to enhance their security and to build end-to-end encryption capability to strengthen their overall security posture.

Governments actively working on their Cyber Standards

Governments are forging ahead with digital transformation, providing better citizen services and better protection of citizen data.  This has been especially important in the way they have had to manage the COVID-19 crisis – introducing restrictions fast, keeping citizens in the loop and often accessing citizens’ health and location data to contain the disaster. Various security guidelines and initiatives were announced by governments across the globe, to ensure that citizen data was being managed and used securely and to instil trust in citizens so that they would be willing to share their data.

Singapore, following its Smart Nation initiative, introduced a set of enhanced data security measures for public sector. There have been a few high-profile data breaches (especially in the public healthcare sector) in the last couple of years and the Government rolled out a common security framework for public agencies and their officials making them all accountable to a common code of practice. Measures include clarifying the roles and responsibilities of public officers involved in managing data security, and mandating that top public sector leadership be accountable for creating a strong organisational data security regime. The Government has also empowered citizens to raise a flag against unauthorised data disclosures through a simple incident report form available on Singapore’s Smart Nation Website.

Australia is also ramping up measures to protect the public sector and the country’s data against threats and breaches by issuing guidelines to Australia’s critical infrastructure providers from cyber-attacks. The Australian Cyber Security Centre (ACSC) especially aims key employees working in services such as power and water distribution networks, and transport and communications grids. In the US agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) have issued guidelines on safeguarding the country’s critical infrastructure. Similarly, UK’s National Cyber Security Centre (NCSC) issued cybersecurity best practices for Industrial Control Systems (ICS).

Cyber Awareness emerges as the need of the hour

While governments will continue to strengthen their Cybersecurity standards, the truth is Cybersecurity breaches often happen because of employee actions – sometimes deliberate, but often out of unawareness of the risks. As remote working becomes a norm for more organisations, there is a need for greater awareness amongst employees and Cybersecurity caution should become part of the organisational culture.

Comtech received a US$8.4 million in additional orders from the US Federal Government for a Joint Cyber Analysis Course. The company has been providing cyber-training to government agencies in the communications sector. Another public-private partnership to raise awareness on Cybersecurity announced in May was the MoU between Europol’s European Cybercrime Centre (EC3) and Capgemini Netherlands. With this MoU, Capgemini and Europol are collaborating on activities such as the development of cyber simulation exercises, capacity building, and prevention and awareness campaigns. They are also partnered on a No More Ransomware project by National High Tech Crime Unit of the Netherlands’ Police, Kaspersky and McAfee to help victims fight against ransomware threats.

The Industry continues to gear up for the Future

Technology providers, including Cybersecurity vendors, continue to evolve their offerings and several innovations were reported in May. Futuristic initiatives such as these show that technology vendors are aware of the acute need to build AI-based cyber solutions to stay ahead of cybercriminals.

Samsung introduced a new secure element (SE) Cybersecurity chip to protect mobile devices against security threats. The chip received an Evaluation Assurance Level (EAL) 6+ certification from CC EAL – a technology security evaluation agency which certifies IT products security on a scale of EAL0 to EAL7. Further applications of the chip could include securing e-passports, crypto hardware wallets and mobile devices based on standalone hardware-level security. Samsung also introduced a new smartphone in which Samsung is using a chipset from SK Telecom with quantum-crypto technology. This involves Quantum Random Number Generator (QRNG) to enhance the security of applications and services instead of using normal random number generators. The technology uses LED and CMOS sensor to capture quantum randomness and produce unpredictable strings and patterns which are difficult to hack. This is in line with what we are seeing in the findings of an Ecosystm business pulse study to gauge how organisations are prioritising their IT investments to adapt to the New Normal. 36% of organisations in the Asia Pacific region invested significantly in Mobile Security is a response to the COVID-19 crisis.

The same study reveals that nearly 40% of organisations in the region have also increased investments in Threat Analysis & Intelligence. At the Southern Methodist University in Texas, engineers at Darwin Deason Institute for Cybersecurity have created a software to detect and prevent ransomware threats before they can occur. Their detection method known as sensor-based ransomware detection can even spot new ransomware attacks and terminates the encryption process without relying on the signature of past infections. The university has filed a patent for this technique with the US Patent and Trademark Office.

Microsoft and Intel are working on a project called STAMINA (static malware-as-image network analysis). The project involves a new deep learning approach that converts malware into grayscale images to scan the text and structural patterns specific to malware. This works by converting a file’s binary form into a stream of raw pixel data (1D) which is later converted into a photo (2D) to feed into image analysis algorithms based on a pre-trained deep neural network to scan and classify images as clean or infected.

 


More data on organisations’ Cybersecurity priorities and investments is available here ?
Get Started


1
Mobile for the Contactless Economy: Transcending Process Disruption

5/5 (2)

5/5 (2)

The next phase of a post-COVID world will be one of reduced physical contact, tighter regulations, and new habits and hygiene practices. This will translate into significant process changes which will be deeply enabled by mobile technology. All mobile form factors will be more integrated into how we interact.  Interactional changes will be found in our homes, offices, public spaces and services.

In this blog post I address two fundamental questions as a technologist on the underpinnings of this shift:

  • How can enterprises find ways of rebuilding and cementing trusted relationships using mobile technology?
  • How does our infrastructural foundations support mobile technology for contactless transactions? (privacy, two-factor authentication, data quality and so on)

Situational shift to mobile

Given the rapid shifts in the last six months in how we can interact with each other, enterprises will have to be agile and flexible in process design going forward to optimize opportunities for customer engagements.

We will continue to have further disruptions on how we live and work in the next 12 to 18 months and potentially beyond. Some of the shifts towards mobile have been expected for a while, yet this crisis has pushed the timeline ahead as to how we engage.

Use cases in the “new normal”

Here are some use case examples in this next phase of business where mobile enables the transaction between consumer and environment:

Education. The reskilling and training certification that will be necessary to address unemployment, will be on Mobile First. Because of bandwidth, learner attention span, and form factor, there will be retooling of educational programs to be bite-sized and more media oriented.

Retail. Retail and delivery businesses shifting to remote first, with drop-off points that use mobile for contactless signatory and payment.

Healthcare. Telemedicine primarily by mobile devices (phone, laptop, phablet). Personal medical data sharing over mobile will require enhanced data encryption and two-factor authentication, which needs addressing via encryption and authentication.

Entrepreneurship. More side hustles that are mobile-based and mobile administered. Any authorization and transaction-oriented activities will be driven by mobile.

Government. Requests for document renewal or identity authentication for approval or submission of materials, with one-touch request.

Supply chain. Visibility and tracking of inbound and outbound materials.  One-click reordering, and contactless payment verification.

Workplace. Contactless engagement with mobile as authentication of actions (coffee machine payment, copier usage, keyless office, meeting room allocation).

Facilities management. Hygiene controls with personnel health detail tracking (who cleans what room when).  Deep cleaning management tools for audit trails, liability.

Role of mobile in creating engagement

Building trust

As we filter through the level of rubbish coming at us via social media, websites and our email, most of us are looking for a trusted information source. Our mobile is our window to the world, and many are applying appropriate filtration to make that world a bit more manageable.

The reason that people did previously download an app was partly based on what information had to be handed over in terms of permissions. The app builder needs to build a trusted relationship on benefit, not on what can be leveraged from the consumer.

To build that trust and create a closer engagement – albeit driven by situational need vs. consumer want – app developers need to consider these consumer needs:

  • Level of trust in quality of information provided (e.g. weather info vs something more critical)
  • Trust in app data usage and functionality (does it work?)
  • Privacy of data being used and being held (statements and auditability)
  • Location of data (on whose device: client or server)
  • Speed and reaction time (Is there edge computing or the use of IoT to help push mobile information quickly?)
  • Loss of data or loss of device and the impact on app access (More than lost passwords, lost processes and lost data)

Technological foundations for mobile usage

Network and bandwidth

We have all experienced bandwidth issues in the last few months, either sharing bandwidth with loved ones in lockdown to peak periods of video conferencing activity across geographic regions. Entertainment content providers such as Netflix and Disney+ were asked to lower the quality of the data streaming.

But then what online activity will take priority? Will we start to see pricing differentials for guarantees of availability? What about subscription models with platinum, gold and silver memberships (as in frequent flyer programmes) as to the network bandwidth you or your activity is allocated? Will things be done over VPN not only for privacy but for priority? I also see VPN as a possible solution towards issues like Zoom bombing and other intrusions to daily business operations.

We come to the role of a pandemic in 5G investment, which is similar to the role of investment in R&D during an economic downturn. Clearly, the world needs better bandwidth with more agility and future-proofed for functionality. You cannot drive a fast car on a bumpy road with potholes.

But for countries losing thousands of citizens to a virus with critical infrastructure at risk, where is the priority of a better telecom infrastructure? My colleague Shamir Amanullah wrote a report prior to the pandemic about the Race for 5G in Southeast Asia which is a good barometer for other regions. There is a good CNBC article from Todd Wassermann on the US situation, and a rather excellent survey on consumer sentiment on 5G from February 2020 by Politico.

Role of data quality and its security

Going back to my previous statement about rubbish and social media, the validation and quality of data exchange is part of the value proposition of using mobile technology.

What aspects of our current IT infrastructure create that ‘data value add’?

IoT and Edge Computing. Most of us are not going to be comfortable in crowds going forward. If I can reserve a space, or I can use a sensor to see how full an environment currently is, it will impact my decision to go somewhere. The faster that real-time information is processed and available, the better the outcome.

Blockchain technology is functioning enough to address the challenge of how to secure the data and prevent malicious cyber-attacks. This includes medical data hacking, supply chain theft, and other data-oriented safety issues on hygiene and product providence that we are experiencing now.

Final thoughts

At Ecosystm, we highlight how and where enterprises plan to invest and adopt technology while adding insights and expertise on to the use cases and trends. We are also able to reflect upon the agility of the same enterprises to make that technology investment count towards the next phase of their business model. In a post-COVID situation we see inventive ways enterprises are using technology. This is not only for societal benefit, but to make a difference in the marketplace. And mobile plays a key role in this next phase of engagements.

2
The New Wave of Enterprise Mobility

5/5 (3)

5/5 (3)

Enterprise mobility was a key area of focus for organisations for many years in the late 2000s  and early 2010s. Many businesses invested significant amounts of money and time in helping their employees access the information they needed while on the go – until the consumer smartphone era drove our attention away from our employees. Now we are focused on providing the best mobile apps, websites and experiences possible.

The constant evolution of the capabilities of smartphones, along with the drive to offer an ever-improving customer experience (CX) has kept our attention firmly on our customers. However, smart businesses now understand that in order to offer a great CX, they need to keep their employees happy. And giving them access to the technology that delivers the right information at the right time is a key factor in achieving better employee experience.

“Investment in enterprise mobility tools and platforms is forecast to increase significantly over the next few years. And the COVID-19 pandemic may even see some of that spend accelerated as businesses look to better support their remote and work-from-home employees,” says Tim Sheedy, Ecosystm Principal Advisor.

What to Expect from this New Wave of Enterprise Mobility

 

#1 Growth of UEM Adoption

Sheedy adds,“Today, many businesses are empowering their employees by providing the best end-user computing experience that will drive the best outcome. This often sees them looking beyond a single device (phone, PC etc) towards the entire experience – including the application, interface, management and security of the experience.”

A robust unified endpoint management (UEM) solution provides IT teams with a transparent and traceable overview of all endpoints within the network as well as the power to manage all connected devices from a single platform. It maps out the network setup and structure by carrying out a complete inventory of all network devices, configurations, installed software, and the drivers for endpoint subsystems. Ecosystm research finds that more than 60% of global organisations have either adopted UEM or are evaluating it (Figure 1).

This trend will only go up with the rise in the number of devices organisations have to manage remotely. The workplace of the future will become exponentially digital and tech vendors will further strengthen their portfolio to offer UEM solutions.

#2 Greater C-Level Visibility in Mobility

In his report, The Enterprise Mobile Landscape in 2020, Sheedy notes that enterprise mobility decision, including the choice of devices supported often have C-level involvement (Figure 2). “A large government agency in Australia has had the Director General intervene in their mobility decisions to stamp his personal preference on decisions, and a CIO at a large bank makes sure that Apple devices are always preferred – even when it makes little business sense to do so!”

Choice of mobile devices is personal and most organisations have realised that. Less than a third of global organisations issue corporate devices and only 6% continue to believe that they can manage by only supporting corporate devices. However, nearly no organisation has gone fully BYOD either.

Apart from mobile device choice, mobility solutions also have to take into consideration the huge amounts of traffic it has to support. When organisations adopt a Mobile First Strategy it is an acknowledgement that it will involve multiple stakeholders, right from the inception of the vision. This is clearly a technology area where user experience and uptake is of importance. So, the mobility strategy should have senior level overview and input so that it can be a company-wide policy.

#3 There will be renewed interest in Mobile Security

Ecosystm research finds that the global adoption rate of mobile device management (MDM) solutions is about 44%, while only about 17% of organisations indicate the adoption of a Mobile Security solution focused on identity management, multilayered security and threat analysis.

Organisations are aware that mobility initiatives increase their risk profile (Figure 3). An enterprise mobility solution that allows people to work on their device  and OS of choice and from where they choose to, will become increasingly important in the current milieu. But the threats to organisation are equally real.

More than half of the organisations are concerned about compliance with corporate or regulatory standards in implementing mobility solutions. This is a good indication that the Mobile First strategy implementations have a strong compliance angle to them, both internally and for external agencies.

However, as Sheedy notes, it is still a challenge for the IT team. “Organisations provide one or two more operating systems that the IT team needs to manage, patch and secure. The mobile applications provide more entry points for would-be hackers and others to use and threaten the business. The devices and applications provide another set of user interface that need to be managed and governed to ensure regulatory compliance. They can also gather highly personal data (such as the location of customers when they are using – or not using – the application) so this data needs to be secured and governed.” As adoption matures, organisations will need to invest in niche Mobile Security solutions to combat their security concerns.

#4 Mobility will Drive SaaS Adoption

What organisations want most from their mobility solutions is cloud capabilities. One of the main reasons why organisations look for cloud capabilities is because mobile workloads tend to be unpredictable and cloud solutions are best equipped to handle the unexpected spikes. Most organisations also consider cloud solutions for a seamless integration with back-end systems and because a mobile workforce needs to make real-time decisions based on real-time data. Given the disparity of the data sources in a typical organisation, hosting on a neutral platform becomes more attractive. Also as organisations become more conscious about mobile security, cloud options also give them better traceability on remote device and data access.

However, conversely mobility will also drive the adoption of SaaS enterprise solutions and tools. Many businesses have mobilised their email, eCommerce platforms and unified communications and collaboration tools. But beyond that, organisations are not really empowering their employees to work on their mobile devices (Figure 4). This will have to – and will change – fast.

In his report, Make Remote Working Successful, Sheedy notes, “It goes without saying that your employees’ productivity levels will improve if they have access to the applications they need. And while many organisations already have enabled universal (or near-universal) application access from PCs and laptop computers, many of these applications should also be available from smartphones and tablets. This will allow your employees to work when they are on the move – not just when they are at home.”

 

It is time for organisations to re-evaluate their enterprise mobility if they have to remain productive in these difficult times, and beyond. Sheedy says, “Ultimately, our employee’s reliance on great mobile and targeted end-user computing experiences is increasing – and 5G services will only accelerate the transition away from traditional telephony, communications services and desktop applications. Businesses will need to continue to mobilise their enterprise systems to make them easier to use. Employees have now experienced great mobile apps and systems – and most enterprise mobility systems don’t stand up in that comparison.”

 


For more insights from our Mobility Research, click below
Get Access


2