Wake-up call required to defend APAC’s critical national infrastructure
Article by Vectra AI director of security engineering APJ Chris Fisher.
Public and private sector organisations – from government and military to banking, energy and transportation – have become digital-centric to seek economic savings, productivity gains and to create customer and citizen value.
As economies move towards digital transformation and adoption of Industry 4.0 technologies, cloud migration and adoption are no longer a question but a given. The focus now has to expand on understanding the risks involved after deployment and how new cyber-threats can be mitigated for critical national infrastructure (CNI).
Cyber-attacks across the Asia Pacific region have grown in sophistication and prevalence, in part due to increased digitalisation but also geopolitical disruptions caused by the ongoing COVID-19 pandemic. Earlier this year, an unnamed Southeast Asian government became the target of a new cyber-espionage weapon in a long-running campaign targeting official agencies and businesses across the region.
And it’s not just governments on the front line. For example, when the ICT systems of Eastern Health in Melbourne were attacked in March, the organisation was quick to confirm that patients were not at risk. But the incident resulted in significant disruption — including the cancellation of elective surgeries and stress on staff and patients. In New Zealand, the Waikato District Health Board (WDHB) experienced a significant cyber-attack that crippled the WDHB’s 680 computer services and caused massive disruption to patient care.
According to Deloitte, critical infrastructure operators in APAC are being targeted increasingly by cyber-espionage and sophisticated attacks with the potential for severe disruption to essential services such as energy and water supply. Rapid digital transformation has led to a much broader attack surface, testing the resilience of the region’s infrastructure.
Even more recently, the Tokyo Olympics 2020 was beset by a data breach that compromised personal credentials such as usernames and passwords to access affiliated websites aimed at volunteers and ticket holders.
New findings in a Vectra PaaS & IaaS security survey report have underlined how the cloud has changed everything we know about security. One hundred per cent of the companies surveyed have experienced a security incident but continue to expand their cloud service footprint, deploying new AWS services weekly.
The expansion of cloud services has naturally led to increased risk, and the report uncovered some startling blind spots: 30% of organisations surveyed have no formal sign-off before pushing to production, and 40% of respondents say they do not have a DevSecOps workflow.
Unfortunately, not every country in the region is well-equipped to bolster cybersecurity capabilities. So the question remains: how best can they be supported to lay the foundation to do so?
A collaborative approach to regional cyber-defence
Singapore and Australia are leading examples of countries that are capacity building and investing in boosting cybersecurity beyond their shores. For example, Singapore’s Cyber Security Agency (CSA) launched the ASEAN-Singapore Cybersecurity Centre of Excellence, a $30 million investment over five years to offer policy and technical programmes for its participants.
Earlier this year, Australia launched the International Cyber and Critical Technology Engagement Strategy; this programme pledges over A$37 million towards a coordinated approach for Australia and the Indo-Pacific region to address cyberspace and critical technology issues.
The private sector has further championed these efforts. For example, Microsoft has brought together 15 policymakers from seven APAC markets to form a cybersecurity executive council to share threat intelligence and resources. This initiative recognises the higher frequency of malware and ransomware attacks in the region compared to global averages and the vulnerabilities of emerging economies, such as Indonesia, India and Sri Lanka.
Given the increasing APAC cyber-threat landscape, the disruption or loss of service to critical services has the potential to have severe impacts on lives and the economy and erode trust in a government or business. It is therefore an absolute priority for effective defences to be widely administered and implemented.
Recognising the risks and finding a solution
The benefits of greater speed and agility that comes with the cloud have enabled faster delivery of applications and numerous other benefits. But these advantages must be balanced against security risks that arise from cloud deployments.
Risk exponentially increases as more people are granted access to a cloud environment. Although there is an increase in investment in security operations, the challenges of securing the cloud are expected to continue due to sheer size, scale, and continuous change.
The vectors of all security incidents have remained the same: the speed at which the attackers can now pivot through an organisation’s network has dramatically increased. As a result, current prevention tools are no longer enough to mitigate risk.
There is a need for solutions that provide security holistically across regions. Increasing cybersecurity threats, when combined with a rapidly evolving cloud environment, is creating a perfect storm that is highlighting significant skills gaps.
Constantly evolving critical national infrastructure threats means around-the-clock effort to bolster enterprise cybersecurity. Yet, typically, most organisations lack the cybersecurity expertise required to mitigate sophisticated threats, placing enormous strain on what is potentially an already limited resource.
Securing the cloud with confidence is nearly impossible due to its ever-changing nature. To address this, companies should minimise the attack vectors malicious actors can take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting access to their entire infrastructure as much as possible.
Securing CNI infrastructure with effective incident response
CNI organisations must be ready and able to defend against a wide range of threats that attempt to steal from, disrupt, damage, or deny their operations. Attackers are increasingly targeting operational technology and industrial control systems in ransomware attacks, and this is where vendors with true cybersecurity expertise drive value.
Each CNI site or situation is unique, and visibility and agility are the building blocks of effective incident response. CNI security teams must adopt an assumed-compromised mindset and focus on early automated detections with context to make fast and informed decisions.