On the best of days, securing the networks, devices, and data of NTUC Enterprise is no easy task. The Singapore-based cooperative consists of nine business units, from food services to insurance, and serves more than 2 million customers in nearly 1,000 locations. 

When the 2020 coronavirus pandemic hit, it forced many of NTUC’s employees to work from home, often on unsecured networks and personal devices. Almost instantly, the company’s “traditional defenses like corporate firewalls disappeared,” recalls Ian Loe, chief technology officer for NE Digital, the digital unit of NTUC. 

A perfect example of remote-work security challenges occurred when an NTUC employee accidentally downloaded malware onto a laptop he was using to access corporate files by plugging in a personal USB drive. “We received a security alert right away, but the remediation was tough,” recalls Loe. “We actually had to send a cybersecurity staffer to the employee’s house on a motorbike to retrieve the computer for investigation. In the past, we could protect the network by simply cutting off the employee’s laptop access. But when an employee is working from home, we can’t take the chance of losing any data over the internet.”

Welcome to the new cybersecurity threat landscape, where 61% of organizations are increasing cybersecurity investment in the work-from-home pandemic era, according to a 2021 Gartner CIO Agenda survey. Remote workers rely on cloud computing services to do their jobs, whether it’s corresponding with co-workers, collaborating on projects, or joining video-conferencing calls with clients. And when information technology (IT) teams, now at a physical remove, are not responsive to their needs, remote workers can easily shop for their own online solutions to problems. But all that bypasses normal cybersecurity practices—and opens up a world of worry for IT.

Yet for many regions of the world, remote work is just one of many factors increasing an organization’s exposure to cybersecurity breaches. The Asia-Pacific region is no exception, where 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks report having experienced a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital asset.

Conducting a full inventory of internet-connected assets and rebooting cybersecurity policies for today’s modern remote work environment can mitigate risks. But organizations must also understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in the Asia-Pacific.

To better understand the challenges facing today’s security teams in this region, and the strategies they must embrace, MIT Technology Review Insights and Palo Alto conducted a global survey of 728 respondents, 162 from the Asia-Pacific. Their responses, along with the input of industry experts, identify specific security challenges in today’s IT landscape and provide a critical framework for safeguarding systems against a growing battalion of bad actors and fast-moving threats.

The vulnerabilities of a cloud environment

The cloud continues to play a critical role in accelerating digital transformation. And for good reason: cloud technologies offer substantial benefits, including increased flexibility, cost savings, and greater scalability. Yet, cloud environments are responsible for 79% of observed exposures, compared with 21% for on-premises assets, according to the 2021 Cortex Xpanse Attack Surface Management Threat report.

That’s a key concern, given that nearly half (43%) of Asia-Pacific organizations report that at least 51% of their operations is in the cloud.

One way cloud services can compromise an organization’s security posture is by contributing to shadow IT. Because cloud computing services can be easily bought and deployed, Loe says, “procurement power moves from a company’s traditional finance office to its engineers. With nothing more than a credit card, these engineers can buy a cloud service without anyone keeping track of the purchase.” The result, he says, is “blind spots” that can thwart IT efforts to protect a company’s attack surface— the totality of possible entry points. After all, adds Loe, “We can’t protect what we don’t know exists—that’s an extreme reality today.”

Read More


By: MIT Technology Review Insights
Title: IT security starts with knowing your assets: Asia-Pacific
Sourced From: www.technologyreview.com/2021/09/08/1034328/it-security-starts-with-knowing-your-assets-asia-pacific/
Published Date: Wed, 08 Sep 2021 12:00:00 +0000