Cybersecurity : A hot issue in a business world facing digital disruption

Wariya Khamchana

In a world of rapid change and volatility, fueled by digital technologies and business models, anyone can become a victim of cyberattack.

Various cyberattack terms that used to be perplexing – phishing, virus, malware, ransomware, crypto-mining and distributed denial-of-service (DDoS) attack – have now become familiar. Constant development of new technologies to boost complexity and efficiency also worsens the damage done.

Cybercriminals often target humans as the weakest and most error-prone factor in digital systems, while the most common motives are financial or political gain and personal conflicts.

Digital Disruption boosts cybersecurity risks Kaspersky’s Southeast Asia general manager Yeo Siang Tiong notes cyberthreats are getting more complicated and severe as businesses undergo digital transformation to build their online presence.

On the other hand, the rising usage of digital services – especially online banking and payment – directly translates to a higher number of people vulnerable to cyberattacks in the form of phishing aimed at stealing passwords and financial and personal information.

Trend Micro co-founder and CEO Eva Chen said cybercriminals also target key infrastructures, especially governmental organisations, as well as those in finance and banking, production and healthcare. Meanwhile cloud technology usage also could pose a greater risk to various organisations.

Such vulnerabilities stem from flawed setting and loopholes that remain unaddressed. Another noteworthy threat is cyberattacks against “Cyber-Physical Systems (CPS)”, as CPS is a key foundation for many applications, services and technology developments, including the Internet of Things (IoT), embedded systems, control systems, cloud computing and data analytics, she noted.

80% of organisations ‘not yet ready’

Bluebik Group Plc, a digital transformation consultancy, warns that many organisations view the digital world in only one dimension – as an opportunity to expand their business generate new income – while forgetting the hidden risks. This has left many unaware of the importance of cybersecurity.

The World Economic Forum said recently that nearly 80 per cent of organisations keen on expanding into the digital world do not have sufficient measures to handle cyberattacks.

As the COVID-driven global economic recession has also led to a rise in cybercrimes – be it phishing emails to steal users’ information, ransomware targeting business information systems, or online shopping fraud – cybersecurity should be high on the agenda.

Meanwhile, with a large number of businesses moving operating systems onto digital platforms, the scope of attacks is no longer limited to data but also covers main operating systems. This means the damage can be severe to the point of forcing business suspension, resulting in losses both financially and in terms of consumer confidence. The more severe the damage, the bigger the bill for system restoration.

Organisations thus need to minimise risks via a good grip on 3 key aspects – human resources, processes and technologies – in order to address weak links and ensure their business operations run smoothly. Efficient and cost-saving security-enhancing tools include cloud computing services, automated systems, artificial intelligence (AI) service platforms, machine-learning services, and advanced cybersecurity analytics. All are credited with the ability to quickly contain threats and restore data.

Covid-19 crisis spawns acceleration of cyber adversaries

A recent report by IBM Security X-Force said bad personal security habits, consumers’ lax approach to security, and rapid digital transformation by businesses are boosting opportunities for hackers to carry out cyberattacks. During the coronavirus pandemic, cybercriminals appeared to focus their attacks on businesses involved in the efforts to combat the virus, such as hospitals, medical equipment and pharmaceutical manufacturers, as well as energy companies powering the Covid-19 supply chain. The attacks especially targeted those that could not afford downtime as this would disrupt medical efforts or critical supply chains.

Hence, businesses were urged to adopt a “zero-trust” security policy – which assumed the individual or the network in use could be hacked, hence the need to verify everything including the user’s connection and information before granting necessary access to its system. Similarly, the latest “Global Threat Intelligence Report” from NTT urged organisations undergoing digital transformation to be extra cautious and apply best practices to prevent cyberattacks. The warning was aimed particularly at key industries deploying remote working. It was also noted that while various industries were trying hard to maintain service standards during the Covid disruption, cybersecurity standards were still often a lower priority.

‘Zero trust’ is the answer

Microsoft (Thailand) Ltd’s solution specialist manager Saruj Thipsena said the Cloud economy’s acceleration towards digital transformation and working-environment changes had made organisations the unwitting targets of malicious attacks, while certain damaging attack techniques had also been sharpened to became even more dangerous.

Targets were also no longer limited to large organisations, banks or financial institutes but also included those in the fields of education, retail, medicine or energy. Hence, the proactive “zero-trust” security concept had become more important than ever.

3 items on checklist regarding data protection law

There is also the challenge of internet laws including international rules such as the European Union’s GDPR (General Data Protection Regulation) and domestic counterparts such as Thailand’s PDPA (Personal Data Protection Act).

Microsoft (Thailand) Ltd’s national technology officer Ome Sivadith notes that organisations handling information up to legal par must have a checklist comprising 3 steps:

1. “Know Your Data”: to know all about the organisation’s information.

2. “Manage Your Data”: to be in absolute control of data access and usage.

3. “Protect Your Data”: to minimise risks and provide sufficient protection for data against threats.

Each step requires security technologies, among which the cloud is front and centre.

“All organisations must achieve the same goal of keeping personal data storage and processing up to legal standards and strengthening their information security, as these two matters are correlated.”