The Threat of Cybersecurity in Asia

Jess Ng and Jonas Walker

Country Manager of Singapore and Brunei and Director of Threat Intelligence, FortiGuard Labs APAC

The upcoming state of cybersecurity. One question that arises is what the differences are between this year’s predictions compared to next year. Additionally, there is a need to consider what security solutions organizations should adopt to address the increase in attacks. Another question is whether ransomware and malware attacks will be increasing in 2023. Finally, it is important to think about how local organizations can protect themselves from cyberattacks. Overall, organizations should prioritize a holistic approach to cybersecurity, be prepared to respond to all types of cyber attacks, and stay vigilant in implementing robust security measures. It is crucial to understand the specific needs of each organization and evaluate the level of priority given to cybersecurity. Compliance is seen as a major motivator for organizations to prioritize cybersecurity, and they should adopt comprehensive security measures that can defend against a wide range of cyber threats.

CIO World Asia Spoke with Jess Ng, Country Manager of Singapore and Brunei, Fortinet about the cyber security business landscape and Jonas Walker, Director of Threat Intelligence, FortiGuard Labs APAC about the threat landscape of cybersecurity.

Difference Between Cybersecurity in Singapore and Brunei

The importance of cybersecurity is undeniable in today’s digital age, and it has now become a business issue rather than a technological one. However, the extent to which companies prioritize cybersecurity varies depending on the industry and the type of organization. Both regions, regardless of their differences, recognize the importance of cybersecurity, but Brunei companies may require more time for decision-making when adopting cybersecurity technologies. While some industries may prioritize cybersecurity due to the sensitivity of the data they handle, others may not be as concerned. Therefore, it is essential to evaluate the specific needs of each organization to determine the level of priority given to cybersecurity.

2023 Cybersecurity Predictions

As technology continues to advance, cyber attackers are becoming increasingly sophisticated and aggressive in their tactics. Wiper and ransomware attacks are on the rise, posing significant threats to organizations. The industry’s move towards software and interconnectedness has given rise to operational technology (OT) attacks and attacks on critical infrastructure, creating even more significant security challenges. In addition to merely requesting ransom, cyber attackers may also set a timer to destroy data in organizations that refuse to pay. Sabotage has become a new motive for cyber attackers, with more attacks intended to disrupt organizations rather than for monetary gains. As such, it is crucial for organizations to stay vigilant and implement robust security measures to protect against cyber threats.

What Organizations Should do After Being Attacked

In recent years, many organizations have turned to cyber insurance as a way of mitigating the impact of cyber attacks instead of addressing the core problem. However, this approach may make them more vulnerable to future attacks. Cyber attackers are aware that organizations with cyber insurance are more likely to pay a ransom, and this information may be shared among attackers, increasing the likelihood of future attacks. Furthermore, once a weakness has been identified and exploited in an organization’s system, it is likely that attackers will continue to use similar entry points to access the environment, making it easier for them to launch future attacks. With cyber attackers becoming increasingly sophisticated and aggressive, it is imperative that organizations prioritize addressing the root causes of cyber vulnerabilities and implement robust security measures to mitigate future attacks.

Security Solutions Organizations Should Adopt

The technology landscape has undergone significant changes in recent times, with more organizations adopting multi-cloud and edge technologies. To respond to threats quickly, organizations should consider adopting a broad and integrated platform strategy for their cybersecurity solutions. The traditional approach of adopting point solutions and best-of-hybrid solutions is no longer feasible. Instead, organizations need to implement comprehensive security measures that can defend against a wide range of cyber threats. In this regard, understanding the kind of information attackers are looking for on the internet is crucial. One effective solution is to discover the personal information attackers are after, such as credentials. By identifying these vulnerabilities, organizations can better protect themselves against cyber attacks and ensure the safety and security of their data.

The Increase of Ransomware and Malware in 2023

Jess and Jonas both recognize the importance of cybersecurity in today’s digital landscape. Jess emphasizes that organizations need to adopt a holistic approach to cybersecurity, acknowledging that it’s only a matter of time before they suffer a cyber attack. According to Fortinet’s global survey, 67% of organizations report having experienced a ransomware attack. Therefore, Jess suggests that organizations need to realize that cyber threats are here to stay and should take steps to protect themselves proactively.

On the other hand, Jonas points out that in the past, many companies were unaware that they had been hacked. However, with the rise of ransomware attacks and increased media coverage of cybersecurity incidents, companies are becoming more aware of cybersecurity threats. Although the volume of threats seems to be slowing down, there is an increase in the number of variants that mutate, similar to the mutation of the Covid-19 virus. Jonas also emphasizes the need for organizations to prepare for all types of cyber attacks, not just ransomware. Organizations must have an incident reporting plan and be ready to respond to any cyber attack quickly and effectively.

Cybersecurity Protection Beyond Compliance

Compliance has become a significant motivator for organizations to strengthen their cybersecurity infrastructure. Many organizations adopt cybersecurity technologies primarily to comply with government bodies and regulators. However, each country has its own set of regulations and compliance tools, and compliance requirements can vary widely. For example, in Singapore, the central bank (MAS) has very strict regulations for the banking industry. The seriousness with which compliance is taken in Singapore results in organizations taking a more proactive approach to cybersecurity measures. Compliance, therefore, plays a crucial role in ensuring that organizations stay vigilant and prioritize cybersecurity in their business operations.