Kaspersky maps out supply chain resilience plans in APAC
The Asia-Pacific region has seen a huge digitalisation leap due to the pandemic. Given the urgency, cybersecurity measures have taken a back seat, resulting in several high profile ICT supply chain attacks last year.
Global cybersecurity company Kaspersky says the world has seen some high profile incidents recently, with cybercriminals taking advantage of the weaknesses of ICT vendors and using them as attack launchpads. The company believes this trend will continue as cybercriminals seek to monetise the threat further.
"In the last two years, there has been a new wave of attacks that exploited critical vulnerabilities in the ICT supply chain," says Kaspersky CEO, Eugene Kaspersky.
"As threat actors evolve their techniques and tactics, we should expect supply chain attacks to be a growing trend in 2022 and beyond."
Mapping out the possible solutions to strengthen the ICT supply chain resilience in the region, Kaspersky held its fourth APAC Online Policy Forum.
The forum brought together distinguished industry and policy experts, including:
- Shri Rajeev Chandrasekhar: Minister of State in the Ministry of Electronics and Information Technology and Ministry of Skill Development and Entrepreneurship, India.
- Dato' Ts. Dr. Haji Amirudin Abdul Wahab: chief executive officer of CyberSecurity Malaysia.
- Dr. Pratama Persadha: Chairman of Communication & Information System Security Research Centre, Indonesia.
"The number of attacks on those working in the supply chain has increased, heavily targeted, more vulnerable and at-risk than ever before," said Dato Amirudin, echoing Kaspersky's view.
"Supply chain attacks are difficult to handle due to malware designs that stay hidden among the infected system and a user's device. Especially in today's environment, where nations are slowly recovering from the pandemic and starting to move towards digital transformation."
He also said during the forum that the need to include awareness and education across all sectors involved in the ICT supply chain had been recognised. This included many small and medium enterprises (SMEs), which do not have the budget and assets to improve cybersecurity.
Dr Pratama Persadha, added, "Resilience is all about resistance and recovery. One way for both government and non-government stakeholders to minimise these risks is to improve cybersecurity capabilities, subsequently improving ICT supply chain resilience.
"However, this will be constrained if all relevant parties do not improve the cybersecurity of their systems. The main obstacle is the lack of understanding surrounding the importance of cybersecurity to increase ICT supply chain resilience."
He says in the end, stakeholders need to consider a significant investment in cybersecurity to improve the resilience of the ICT supply chain.
Cross border collaboration
Speakers at the forum also agreed on the need for intelligence sharing and international cooperation to secure nations, organisations, and individuals in APAC and beyond.
"The responsibility of securing the ICT supply chain and ensuring safe and trusted internet space is something the Indian government gives high priority," says Shri Rajeev Chandrasekhar.
"A core component of the strategy is cross border collaboration with all stakeholders to ensure protection and resilience of the tech space and ICT supply chain."
As an active advocate of cross border collaborations and building cybersecurity capabilities, Kaspersky has been working consistently with its partners to raise awareness and propose actionable steps for the global community in forums such as the recent Paris Call for Trust.
The cybersecurity company has also established its baseline cybersecurity standard through the Global Transparency Initiative. These include many actionable and concrete measures that the company takes to welcome others to validate and verify the trustworthiness of products, internal processes, and business operations and security in cyberspace.
Kaspersky says both government and private sectors should examine short-term and long-term strategies.
Short term solutions include improving procedures and regulations on ICT supply chain infrastructure. Kaspersky cited companies certifying supply chain partners to lessen attacks. Government regulations also play a key role in this, as in the case of critical infrastructure.
Eugene Kaspersky added, "The long term solution is to make systems immune. This means the system is being designed so that even if an ICT supply chain component is vulnerable, it cannot affect the rest of the system. Even if there is a zero-day or any other vulnerability somewhere in the supply chain, it doesn't carry over into other components in the chain."