How to better protect Southeast Asia’s critical infrastructure against cybercrime

Leo Lynch

Vice President, Asia Pacific, Arcserve

Critical infrastructure is vital for the proper functioning of our society and economy. It is almost impossible to imagine life without a robust network of hospitals, airports, power utilities, and schools. While many people may take these services for granted, cyber attackers understand how dependent we are on them.

Last year, it was reported that critical infrastructure organisations in Southeast Asia were targeted in an intelligence-gathering campaign that continued for several months. They include a water company, a power company, a communications company, and a defense organisation.

Critical infrastructure is vulnerable precisely because it is so important. These essential services can significantly disrupt public life when shut down for even a day or two. The bad guys know there is a lot at stake if they disrupt these systems. They know they have a solid chance to make a quick profit because the costs and labour associated with manually recovering from ransomware are so high that the victims often pay the ransom to maintain service continuity.

A problem that is getting worse

The reality is that critical infrastructure, operated by federal, state, and local agencies, is getting hit by increasingly frequent ransomware attacks. In Singapore, a specialist medical clinic came under a significant ransomware attack last year, which affected its clinic server and clinic management system with over 73,000 patients. In 2020, multiple hospitals in Thailand became victims of an attack that brought down their computer systems and data.

It is safe to say we can expect more of the same. Why? Because while ransomware has evolved and attacks have accelerated, spending on critical infrastructure modernisation has failed to keep pace. The public sector broadly relies on tried-and-true technologies that worked in the past but are getting long in the tooth. Indeed, many agencies continue to use outdated hardware, software, and networks vulnerable to today’s persistent threats.

Add to this the rapid shift to virtual operations in the wake of the COVID-19 pandemic. Organisations create, share, and access data from remote locations on less secure networks, and hackers have pounced.

There is even a new trend called ransomware as a service (RaaS). This subscription-based model enables virtually anyone to use already-developed ransomware tools to launch attacks. The developers of the malware line their pockets by taking a percentage of each ransom payment received.

Overall, the cybercrime problem is now immense, with the cost of ransomware incidents worldwide expected to exceed $265 billion by 2031, according to Cybersecurity Ventures

3-2-1-1 data-protection provides defence

All government agencies must improve their efforts to identify, deter, protect against, detect, and respond to these actions and actors. So, what can the public sector do to defend itself and our critical infrastructure?

One of the first steps it should take is to adopt the 3-2-1-1 data-protection strategy. The 3-2-1-1 strategy directs that you have three backup copies of your data on two different media, such as disk and tape, with 1 of those copies located offsite for disaster recovery. The final one in this equation is immutable object storage.

Immutable object storage safeguards information continuously by taking snapshots of it every 90 seconds. Even if disaster strikes, you can quickly recover your data. Immutable snapshots are read-only versions of metadata for data and files. These snapshots provide point-in-time data recovery. Snapshots enable you to roll back to a previous file state in downtime, natural disaster, or ransomware attack. Immutable snapshots cannot be altered, overwritten, or deleted, so they safeguard data integrity from loss due to human error, hardware failure, or ransomware attack.

With immutable snapshots, schools could better safeguard student, faculty, and business records and protect data from accidental deletion or cyber theft. Healthcare organisations, for their part, could ensure the smooth and uninterrupted delivery of services and operations—even during a disaster or ransomware attack.

Critical infrastructure providers have never been tested the way they are being tested today. Being prepared in advance can ensure IT infrastructures are kept up and running with the right cybersecurity strategy and ultimately withstand the worst that cybercriminals can throw at it.