An excellent example of remote-work security challenges came when an NTUC employee accidentally downloaded malware on a laptop he was using to access corporate files by plugging it into a personal USB drive. “We immediately received a security alert, but the solution was tough,” Lowe recalls. “We had to send cyber security staff on a motorbike to the employee’s house to get a computer for investigation. In the past, we could secure a network by cutting off an employee’s laptop access. But when an employee works from home, we can’t take the opportunity to lose any data on the internet.
According to the Gartner CIO Agenda Survey of 2021, 61% of organizations are increasing cybersecurity investments in the work-from-home epidemic era, welcome to the new cybersecurity threat landscape. Remote workers rely on cloud computing services to do their jobs, whether they’re collaborating with coworkers, collaborating on projects, or engaging in video-conferencing calls with clients. And while information technology (IT) teams, now on physical solutions, do not respond to their needs, remote workers can easily shop for their own solutions to problems online. But it bypasses all common cybersecurity practices – and opens up a world of concern for IT.
Yet for many regions of the world, remote work is one of the many factors that increase an organization’s exposure to cybersecurity breaches. The Asia-Pacific region is no exception, with 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks report experiencing cybersecurity attacks from unknown, managed or poorly managed digital assets.
For today’s modern remote work environment the risk can be reduced by rebooting the complete inventory of Internet-connected assets and cybersecurity policy. But organizations must also understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in the Asia-Pacific.
To better understand today’s security teams in the field and strategies to adapt to them, MIT Technology Review Insights and Palo Alto conducted a global survey of 728,162 from Asia-Pacific. Their responses, with input from industry experts, identify specific security challenges in today’s IT landscape and provide a critical framework for protecting systems against a growing battalion of bad actors and fast-moving threats.
Weaknesses in the cloud environment
The cloud continues to play a crucial role in accelerating digital transformation. And for good reason: Cloud technologies offer significant benefits, including increased flexibility, cost savings, and increased scalability. So far, the cloud environment is responsible for 79% of the observed exposure, compared to 21% for on-premise assets, according to the 2021 Cortex Expansion Attack Surface Management Threat Report.
Nearly half (43%) of Asia-Pacific organizations report that at least 51% of their operations are in the cloud, which is a major concern.
One way cloud services can compromise an organization’s security posture is to contribute to shadow IT. Because cloud computing services can be easily purchased and deployed, Lowe says, “Procurement power goes from the company’s traditional finance office to its engineers. Nothing but credit cards, these engineers can buy cloud services without having to keep track of purchases. The result, they say, is “blind spots” that could thwart the company’s IT efforts to secure the attack surface – the completeness of potential entry points. Finally, Lowe added, “We cannot protect what we do not have – it is an extreme reality today.”
Biocon’s fiery government agrees. “Without the bureaucracy associated with acquiring IT capabilities, shadow IT can run tremendously,” says Sarkar, the group’s chief information security officer (CISO) at an Indian pharmaceutical company. “Unless an organization really plans for digital resilience, the unplanned and uncontrolled growth of digital assets can avoid the centralized governance required for information security.”
The exponential growth of interconnected devices also challenges organizations to secure their cloud infrastructure. “A lot of people don’t know that Internet-of-Things devices like sensors are actually computers, and they’re so powerful that they could be used to launch bots and other types of attacks.” He cited the example of SmartLux and other mobile applications that allow employees to open and close doors – and allow hackers to gain unauthorized access to corporate networks.
While cloud services and interconnected devices raise global cybersecurity issues, Asia-Pacific organizations face additional challenges. Lowe, for example, points to the varying degrees of cybersecurity maturity among countries in the region. “We have countries like Singapore, Japan and Korea that rank high in terms of cyber maturity,” he says. “But we also include Laos, Cambodia and Myanmar, which are at the lowest end of maturity. In fact, some government officials in these areas still use a free Gmail account for official communication. Some vulnerable countries have already used it as a launchpad for attacks on neighbors, Law says.
Another factor that set some Asia-Pacific countries apart from other regions of the world was their unwillingness to move quickly to remote work in the early months of the epidemic. According to Ken Lightwall, vice president of Cortex, Palo Alto’s threat detection platform division, the organizations lagging behind in their digital transformation efforts, “had to prioritize first and foremost business continuity,” allowing cybersecurity to take the back seat. Unfortunately, he adds, “Many of these companies are still not caught up in doing business safely and consistently. Only now, in 2021, are they starting to prioritize security again.”
Download the full report.
Find out what organizations in other parts of the world are doing to understand and counter today’s cyber threats.
This content was created by MIT Technology Review’s custom content arm, Insights. It was not written by the editorial staff of MIT Technology Review.