Edmund How, Founder, ONESECURE
The need for accessible, preventive cybersecurity solutions is on many businesses’ minds. A solid defence strategy to counter trends is also the topic of numerous brainstorming sessions. To discover insight solutions for our readers, CIO World Asia spoke with Edmund How, Founder of ONESECURE, a leading managed security service provider. Edmund discussed adopting an outside-in approach, trends and evolution unique to ASEAN, and experiencing a defacement attack.
ASEAN Cybersecurity Trends
There is still a group of business leaders including CIOs that have this “It won’t happen to me” mentality. Many still believe that western companies are more attractive as targets than ASEAN businesses. However, the frequency of cyberattacks, especially phishing, will surely increase as ASEAN makes giant steps towards digitalization to participate in the global digital economy. According to Interpol’s report, more than 80,000 phishing attacks occurred during the first 9 months of 2020 in ASEAN. This is largely due to the increase in digitisation during the pandemic, which will continue as hybrid work becomes the norm across sectors and organisations
Trend Evolution 5 Years On
There is a shortage of cybersecurity talents in this region and the demand for Managed Security Services will definitely pick up in the next 5 years. The time taken to get a fresh graduate ready to contribute to cybersecurity work takes about 6 months to a year. The education institutions are starting to realise this challenge and started to implement part-study, part-work programmes so that graduates can be ready for the workforce upon graduation. However, it will take years before changes from this measure can be witnessed to meet the demand for cybersecurity professionals. Therefore, the demand for managed security services will continue to grow, and providers have to continuously innovate to help tide through this period of talent shortage. With outsourced Managed Security Service Providers like ONESECURE, organisations are bolstered with an additional team of developers who are dedicated solely to helping the team manage their cybersecurity needs more effectively in real-time.
The demand for managed security services will continue to grow, and providers have to continuously innovate to help tide through this period of talent shortage.
Edmund How, Founder, ONESECURE
Countering Defacement And Domain Phishing Threats
A combination of proper user education, regular phishing simulation testing and 24x7x365 monitoring will ensure that any threats are detected early. Educating users to detect oblivious phishing attempts is the first line of defence, followed by regular phishing simulation to highlight any gaps. There are targeted phishing attacks that are difficult for users to detect. ONESECURE developed a Web Spoofing Detection service to detect any of these targeted phishing attacks before they can cause damage.
An Outside-In Defence Strategy
Thinking like an attacker always gives the defender an edge. Keeping informed of common new threats via the news for instance, understanding its relevance to organisations and evaluating the risks posed are becoming key threat defenders. However, these are labour intensive work that many organisations do not have the resources to execute, and therefore Managed Security Service Providers (MSSPs) like ONESECURE takes over the laborious task of information gathering and analysing for businesses.
Experiencing A Defacement Attack
ONESECURE has detected multiple defacement incidents that were caused by human errors or third-party providers. One of ONESECURE customers had a significant financial loss due to a targeted phishing attack where the attacker spoofed the victims’ web identity. The attacker registered very similar domains to send emails to the various account departments and managed to trick the accounts into depositing hundreds of thousands of dollars to the attacker’s account. The domains were so cleverly spoofed that the account departments didn’t notice the discrepancy at all.
Phishing attacks can happen to anyone. The blend of social identities an individual possesses (employee by day, consumer by night), gives threat actors numerous avenues for launching attacks. Lessons and strategies gleaned from businesses are applicable to consumers too.