How to mitigate the rising cyber incidents in Asia?
- The majority of occurrences in Q2 2022 that started with remote service access, or the exploitation of common vulnerabilities and exposures (CVE) resulted in a ransomware attack.
- Healthcare surpassed professional services as the industry area that has been targeted the most, accounting for 21% of all incidents observed, up from only 11% in Q1 2022.
The COVID-19 pandemic has spurred technology advancement while also exposing unpreparedness and cyber security vulnerabilities. Major cyber incidents have happened over the last decade, placing businesses from many different industries (such as financial services and manufacturing sectors) in difficult situations when it comes to defending against them.
In the region where Japan, Australia, and India were the most targeted markets for attacks, ZDNet reports that the industrial and financial services industries took the heaviest hit, accounting for about 60% of cybersecurity incidents.
The cybersecurity industry will continue to face new obstacles as cyberattacks develop and grow more sophisticated, and they will need to work on new technology to combat these attacks. They need to focus their efforts on figuring out how to protect this digital environment from cyber-attacks.
Tech Wire Asia had the opportunity to speak with Paul Jackson, regional managing director for Kroll’s Cyber Risk in the APAC region, about Kroll’s support to its APAC clients in preventing cyber incidents and developing and enhancing their overall cyber resilience in response to the growing demand for cyber requirements in the region.
The emerging cyber incidents
In the ever-changing threat landscape, to stay on top and prevent an organization from being a victim of cyber-attacks, having the ability to detect, triage threats and respond with speed is critical.
From Kroll’s latest Q2 2022 threat landscape report, they observed a 90% increase QoQ in the number of healthcare organizations targeted. It was ransomware that fueled this uptick against healthcare as attacks increased this quarter, becoming the top threat once again, followed closely by email compromise.
Historically, healthcare is an attractive target to ransomware groups! Disruption of critical networks impacting life-saving services may force those organizations to pay ransom demands. This is intensified by the double extortion tactic, where threatening to publish confidential information, such as highly sensitive health information, can further intimidate victims.
“While phishing continued to be the vector used for initial access, Kroll sees a vast increase in external remote services (such as VPNs and remote desktop protocols (RDP) environments) being compromised, up 700%. This indicates that attackers are focusing their attention on the remote environments many of us now rely on,” said Jackson.
The majority of incidents in Q2 2022, beginning with access via remote services or common vulnerabilities and exposures (CVE) exploitation, led to a ransomware attack. This reinforces the importance of protecting and monitoring these services.
In terms of industry sectors that have been targeted the most, healthcare overtook professional services as the top in Q2, accounting for 21% of all cases observed, compared to only 11% in Q1 2022. Followed by professional services (12%) and financial services (12%). Manufacturing, which was one of the most targeted industry sectors in the first quarter dropped to 5th in Q2 to 5%.
Kroll’s approach to mitigating cyber threats
As the cybersecurity landscape becomes more complex than ever in APAC, Kroll is growing its presence by hiring ever more local expertise in this region. To provide more services such as incident analysis, MDR monitoring, cyber security vulnerability assessments, penetration testing, cyber due diligence, virtual Chief Information Security Officer (vCISO) and data protection advisory for organizations, Kroll has recently expanded their operations into the Philippines and established a state-of-art cyber security operations center (SOC).
Speaking of SOCs, having one offers businesses numerous advantages, such as continuous network monitoring, centralized visibility, lower expenses for cybersecurity, and improved collaboration. As a result, Kroll takes all measures necessary to protect a business from cyberattacks seriously.
In that sense, Jackson pointed out that Kroll Responder, the managed detection and response (MDR) service run by the SOC team, can proactively monitor, detect, and respond to threats virtually anywhere by fusing Kroll’s incident response expertise with frontline threat intelligence from over 3,200 incidents handled per year.
“From understanding our client’s IT infrastructure environment, Kroll builds a customized (and highly advanced) detection layer incorporating the threat intelligence gathered throughout the year to identify and determine malicious activities and contain the attack from spreading while guiding our customers during the incident,” he explained.
Cyber requirements Kroll gets from APAC clients
Understanding that cyber threats are ever-evolving, Kroll sees demands for cyber requirements to mitigate cyber incidents. Kroll understands that to mitigate cyber incidents before it happens, the best approach would be to consistently monitor the organization’s cyber security health, assess and examine your cyber incident response plan/playbook and keep the incident response team prepared for any incidents.
As a result, they are witnessing an increase in demand for services like incident response retainers, MDR services, tabletop exercises, penetration testing, and vCISO. These services can assist enterprises in a number of ways with their business operations, including:
- Managed detection and response (MDR) services: It helps clients detect, investigate, respond, contain, and eradicate threats before the threats cause damage;
- Tabletop exercise: A simulation exercise to test the organization’s resiliency and crisis communication strategies for appropriateness and relevance without being exposed to a real risk;
- Penetration testing: It simulates attacks on an organization to identify gaps in the organization’s security;
- Virtual chief information security officer (vCIS) advisory services: Act as an organization’s chief information security officer to create/ accelerate the organization’s data security initiatives, inform management and validate existing programs for the board with unique perspectives on regulatory, technology and operational cyber impacts.
Kroll recognizes the significance of cybersecurity for organizations in order to protect their business operations in light of client demand. With operational stability and business resiliency high on the list of concerns for many corporations, businesses across the world will have to take a strategic approach to planning response when cyber incidents take place. It is no longer a question of “If”, but “When” it will happen.
“Having an incident response plan can save businesses precious time and resources when they are in an incident scenario and will ultimately build resilience against cyber threats,” said Jackson. “Although regulatory requirements in the APAC region are less mature than in the US and EU, we foresee authorities in this region will progress and increase maturity in the coming years.”
- Stylish move: data fabric gives enterprises the edge over siloed alternatives
- The chip glut is here and semiconductor players are bracing themselves
- India ushers in the 5G era — Reliance promises nationwide coverage by 2023
- Alibaba Cloud picks Kuala Lumpur as customer service centre for regional services
- Here’s why IBM feels hybrid cloud is key to unlocking digital transformation opportunities