With the new year (yes, we're talking about the Chinese New Year) just around the corner, Palo Alto Networks has revealed its cybersecurity forecast. What's in store for us in the Year of the Pig? Let us find out.
Nasty business emails
It has been evident that businesses are one of the top favorite targets by cybercriminals. Theft of login details has been the most common cases, and as time progresses, attackers have grown more confident and motivated in attacking both small and large organizations by posing as partners or internal stakeholders, resulting in a massive stolen amount of USD 12 billion worldwide. Most of that due to a nasty attachment in business emails made by the hackers who seem to have found crafty ways to bypass internal checks.
That being said, it is best for businesses to assess their internal flow of information by means of implementing more comprehensive checks and approval processes, especially regarding resources. This year, measures such as two-factor or multi-factor authentication and biometrics will become more common.
Supply chain as the weakest link
Health sector is probably the most affected industry in regards to this issue, as an interconnected, global supply chain may play a vital role in sharing data en route to new efficiencies, but at the same time, poses a danger to having multiple new attack surfaces and vulnerabilities over which medical facilities have no control. Specifically, third-party connected medical devices such as X-ray and MRI machines.
That being said, CSOs will need to have a thorough overseeing task on its network traffic to ensure that sensitive information will be kept separate and secure, away from external devices and services. But aside from the hospitals, other organizations in the business sector should take a closer look to its internal security standards around the procurement of such devices and services. It is best to apply a Zero Trust mode on each third-party systems and devices that reside within the network. Just imagine that a single unsecured connected device could serve as a getaway vehicle for attackers.
Data legislation gain grounds in APAC
As the country has taken a step in prioritizing cybercrime issues in 2012 (The Data Privacy Act), Palo Alto believes that more countries will be taking similar measures starting 2019, and it is a very inevitable matter, considering that nations like Australia and Singapore have taken the first plunge as a response to urgent calls for national security and data protection of their citizens. That being said, ASEAN is taking its path to establishing its Digital Data Governance Framework as a step closer to achieving its goal to become the world's fourth-largest economy by 2030, with its 700 million active mobile connections and a foreseen solid act of transparency in and cross-border data sharing and privacy among its member states.
Businesses in the region can also rely on European Union's General Data Protection Regulation (GDPR) to serve as the baseline to assess gap since compliance and help determine their overall progress posture, as well as to minimize unnecessary personal data collection, which could help minimize risks and exposure in the process.
Cloudy skies ahead
In recent years, cloud computing has been the go-to resource for businesses looking to deliver new products and services without the need to bear some hefty initial investments in compute resources. While it helps to simplify a few areas of security, it also presents newfound challenges – one of them includes implementing a cloud computing strategy which often means of relying with third parties for the mission-critical data and systems.
While it is very important for the assets to be securely stored and only be allowed to be accessed by authorized personnel as always, enterprises must keep their security systems up-to-date as much as possible. DevOps can help speed up development, but it can be challenging to deal with, especially when everything is taking transition from the traditional IT management.
Critical infrastructure
What makes a critical infrastructure... critical? At time where everything has gone digital and automated, cross-pollination between corporate and industrial networks has made them become easier targets for cybercriminals especially when it comes to matters such as supervisory control and data acquisition (SCADA) and industrial control systems (ICS). These can be a matter of life and death for energy, water, and public transport sectors that oftentimes rely on legacy and unpatchable systems.
It was known during the World Economic Forum Global Risk Report 2018 that cyberattacks may be the conspiring factor for the disruption, coming only after natural disasters and extreme weather events. The UK's National Cybercrime Security Centre has already given a warning that a cyberattack is inevitable and it may take place at the elections.
That being said, CI owners – both public and private – will have to put in place its Zero Trust systems and ensure the segregation of access, as well as to move away from a compliance-driven approach o security. Think less of “tick and flick” and more of being “secure from the start.”