This is a guest post by Kerry Singleton, managing director for cyber security at Cisco Asia-Pacific, Japan and China
In recent weeks, we’ve seen a number of significant cybersecurity threats emerge. Microsoft’s revelation that its Exchange servers had been compromised has raised concerns across users around the world. Meanwhile, leaks of audio files from hot-shot social media start-up Clubhouse has reminded everyone that those wanting to hack data will use any opportunity to do so.
Here in Asia, we have our own home-grown threat to deal with: ObliqueRAT. We first alerted the world to the malware targeting organizations across South Asia in February 2020 but in recent days, we’ve seen those behind the attack change tack.
In previous attacks, the malware was delivered via Microsoft Office documents. This time around, the payload is not contained in documents but in ‘adversary-controlled’ websites which infect machines when users visit. This change in tactic perfectly illustrates the challenge we all face as threat actors quickly and effectively change their techniques to evade detection.
Keeping pace with new security threats has become even more critical now that so many organisations have put in place remote working in response to the pandemic. Not only are we more reliant than ever on technology but a distributed workforce broadens what we call the ‘attack surface’ in cyber security and can often make rolling out new procedures and policies extremely difficult.
So, aside from ensuring you keep operating system and applications updated with the latest security patches, what else can you do to combat these threats? Firstly, you really do need to make sure that you have a tried and trusted crisis management plan ready to roll out that enables you to keep the organization running and communicate the situation with the relevant stakeholders if the worst happens. That plan needs to be updated at least quarterly to ensure it is relevant to the evolving nature of your business, and the threat environment.
As a business, you also need to step up monitoring for any unusual signs on your network. Every person in your IT team needs to be hyper-vigilant and recognise that anything unusual – even mundane-looking, end-user issues – could be a sign of intrusion. There are several monitoring tools today that can be used to provide automated visibility across your network and applications. As organisations adopt increasingly hybrid IT models running on both on-premises and cloud-based networks and involving multiple solutions, an integrated approach to cyber security will help ensure that you are able to protect, detect, respond to and remediate any threats within your environment.
This hyper-vigilance needs to be extended across the entire workforce so that you have multiple “pairs of eyes” looking for potential issues while also keeping up everyone’s guard to ensure a simple slip-up does not put your organization at risk.
Finally, I would also say that there has never been a better time to start your journey to a zero-trust cyber security strategy. This involves building an architecture which continuously ensures that only trusted users and devices may enter the network from any location. I know we all have a lot on our plates coping with a distributed workforce and a potential return to office strategy but, as we have seen over just the last three weeks, the threat has never been greater and we have an opportunity today to ensure that our data, users and applications are secure.