Workers maintaining social distancing as they transition back to their 'new normal' workplace.

Workers maintaining social distancing as they transition back to their ‘new normal’ workplace. Source: AFP

Cybersecurity experts on securing the ‘new normal’ APAC workplace

  • Cybersecurity experts are suggesting a ‘new normal’ of working arrangements will need a renewed focus on security from IT professionals
  • In Asia Pacific, cybersecurity concerns are more pressing than in other parts of the world
  • Organizations in APAC are still adapting to both remote working and the transition back to on-premise, causing cybersecurity concerns

As organizations begin transitioning back to their workspaces as economies restart across the Asia Pacific (APAC) region, the COVID-19 pandemic has also made its mark by helping to accelerate the adoption of work productivity and digital tools to support their work needs.

First there was a significant shift to work from home arrangements for a large segment of white-collar workers in the region, and now employees are easing back into on-premise workplaces while observing many of the ‘new normal’ office setups such as spacing work stations apart by a meter or more.

While employers strive to provide safe physical working zones free from infection, the threat of cyber infections in the workplace looms larger than ever in 2020. Prior to the global pandemic, a Cisco study was already reporting that nearly half (46%) of cybersecurity professionals in APAC were receiving over 10,000 cybersecurity alerts every day, compared to their counterparts in other parts of the world with a global average of just 35%.

And that was before cybersecurity experts like Google and KPMG revealed the explosion of coronavirus-related cyber scams targeting the public, including many staff who had not been educated in cyber hygiene awareness before accelerated work from arrangements were put into practice.

“In Singapore, Ensign found that COVID-19-themed phishing attacks started in March 2020 and by April, the frequency of attacks surged by more than 100 times. Threat actors are looking to exploit people’s eagerness to get COVID-19 related advice and information by tricking them to click on malicious attachments and links in emails,” Lee Shih Yen, the senior vice president of Ensign Labs at Singapore-based cybersecurity experts Ensign InfoSecurity told Tech Wire Asia.

The exponential explosion in COVID-related threat surfaces is especially worrisome for organizations in Asia Pacific, where data breaches and phishing and malware attacks in 2019 were causing around 23% of businesses to fall victim to expensive cyber breaches that cost them more than US$2.5 million last year compared to the global average of 15%.

“COVID-19 situation has compelled most organizations to roll out ad hoc systems and arrangements aimed at containing the virus spread while maintaining business continuity,” noted Ensign’s Lee. “However, as organizations’ priorities shift to focus on the rapid implementation and scaling of remote workforce initiatives as well as operational challenges introduced by safe distancing requirements, cybersecurity might be deprioritized. Vulnerabilities can surface as basic security, such as patching and updates, are delayed or neglected by overstrained IT teams.”

The rapid shift towards remote working processes and now to even-more-recent ‘new normal’ work arrangements both in the office and outside, might have resulted in even more cybersecurity gaps that the beleaguered IT professionals will have to take note of. “As a result, the major changes in IT infrastructure and digital environment can potentially create new attack surfaces or broadening existing ones for threat actors to exploit, especially if organizations do not adopt a secure-by-design approach,” noted Lee.

The secure-by-design approach

With a secure-by-design approach, cybersecurity experts say organizations can minimize systems vulnerabilities and reduce the attack surface through designing and building security in every phase of their digital systems’ design, development, and implementation. As organizations move to rapidly expand their remote working capabilities and infrastructure, they will be building it on a more secure digital foundation.

Ensign InfoSecurity’s SVP Lee recommends that “cybersecurity teams should be involved at every step of the process or the organizations might risk spending a lot more time and resources remediating and recovering from security incidents that could have been mitigated or more easily addressed if proper cybersecurity measures are in place.”

Protecting the hi-tech sector

Thailand, Singapore, and Malaysia were identified as the most attractive targets for hackers in APAC, with companies in Singapore and Thailand likely to suffer the most financially as a result of a cyber-breach, the Cisco study found.

And Ensign’s Singapore Threat Landscape report found that the high technology sector – including such digital companies like cloud, data center, and web hosting service providers – as the vertical most targeted in Singapore by threat actors in 2019. “The reason why threat actors are focused on high technology companies is to exploit their data center infrastructure and target the data of other organizations whose servers are being hosted there,” warned Lee.

“The high technology sector plays a vital role in Singapore technology-driven economy and it will continue to be a critical engine for our economy in the post-COVID-19 world as remote working becomes the new normal, leading to an increase in cloud adoption and data center demands. It is likely that this sector will continue to be one of the prime targets for threat actors in the year ahead.”

Lee suggests a proactive, combined approach to tackling cybersecurity issues will likely be the most effective in this ‘new normal’ working environment facing the region. “A highly effective cybersecurity strategy will always be a combination of people, process, and technology. Organizations will need to take all three elements into consideration while planning out their cybersecurity strategy and business continuity plans.”