These Four Areas Will Dominate the Cybersecurity Agenda for APAC in 2020
Companies can’t defend themselves against every single thing that can go wrong, because bad actors will continue to invent new ways to get inside the network. We also know that no matter how large a budget you allocate to enhancing your cybersecurity in 2020, you will continue to suffer from the cybersecurity talent shortage.
According to an International Information System Security Certification Consortium (ISC2) study from 2018, the Asia-Pacific region is experiencing the greatest talent shortage at 2.14 million, which is partially attributable to its growing economies and new cybersecurity and data privacy regulations throughout the region. Sixty three percent of respondents said their organisations have a shortage of IT staff dedicated to cybersecurity, and nearly 60 percent say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
To reduce the risks associated with this shortage in IT talent, enterprises in the Asia Pacific region will need to rigorously consider the weakest points in their systems and build a comprehensive security programme that includes network segmentation, network visibility and multifactor authentication. Organisations will also need to assess and catalogue the data they hold and where, then decide on the controls they want to put on it. This “defence in depth” or “security in layers” approach will continue to be the best for security. Along with creating a strong security programme, we anticipate that four areas will dominate the cybersecurity agenda for enterprises in 2020.
1. Multi-factor Authentication Will Be Key to Controlling Access
Bad actors have breached many organisations of all sizes, exposing passwords that provide a good statistical model to facilitate further attacks on companies or individuals. This will be a big cybersecurity threat for Asia Pacific companies in 2020 seeking to protect the integrity of their data without multi-factor authentication. Multi-factor authentication continues to be one of the most important things enterprises should pay attention to, due to compliance regulations and the additional layer of protection it provides beyond passwords. Some of the large cloud service providers are taking the protection a step further with a hardware token. This level of protection is recommended for high value accounts in your organisation.
2. Cloud Consciousness Helps Organisations Protect Data
2019 has seen too many cases of enterprises that have moved their data to the cloud, failed to adopt standardised controls and have accidentally left the gate open to malign intruders. According to a study by Cisco, many security teams in the Asia Pacific region are also unaware of the number of vendors or products that exist in their environment. The Philippines and Malaysia lead the region with the highest percentages of organisations that do not know how many products they use, while Vietnam has the highest percentage that do not know how many vendors they use.
Cloud storage providers, such as Amazon, are improving how they interact with customers - by helping them identify any weaknesses in the configuration of S3 buckets, for example. However, it is likely that failures in compliance and certifications will continue to lead to cyber breaches in 2020.
Neither moving to the cloud, nor staying away from the cloud, will necessarily help companies with their data security. In 2020, enterprises will be better off moving to the cloud in a secure and conscious fashion, making clear decisions about what data they are sending to the cloud and what they want to do with it, rather than just moving information wholesale. Companies should make very conscious decisions about what controls they will be using and what protection is offered by the upstream cloud service provider.
3. The Uncontrolled Provision of Data to Outside Contractors Will Lead to Major Breaches
Third-party risk will continue to be a potential weakness in enterprise cybersecurity practice. Businesses need to consider exactly what data they are providing and what level of control is needed to ensure the integrity of that data. For example, the employee personnel information typically shared with an HR contractor is much more sensitive than data relating to a marketing campaign. Companies must do their due diligence around this issue tp ensure that the relevant data security configurations are correct and leakproof.
4. The Proliferation of Iot Devices on Enterprise Networks Creates Uncontrolled Risk
2020 will see the continuation of the IoT trend that has been developing for the past four or five years. The problem is that these devices have become much more powerful, without getting any smarter. The first IoT devices were relatively simple, and although they did offer intruders a way into networks, the damage was limited. More recently; however, IoT devices have become a lot more powerful. They are expected to do a great deal more, and are more deeply integrated into enterprise networks. This means that if a bad actor is able to take control of the device the havoc that can result is extensive, and security around IoT devices is not keeping pace with the advances in their power and reach.