By Eric Lam, Director of Enterprise Cybersecurity Group, Microsoft Asia.
The rapid expansion of innovative cloud services, coupled with the meteoric explosion of connected devices and ubiquitous connectivity, is creating tremendous economic and social opportunity for consumers, governments, and businesses.
At the same time, this convergence of technological developments is opening new avenues of attack for malicious actors while the deluge of confidential data being transmitted across networks and stored digitally are making organizations increasingly lucrative targets for cybercriminals.
The Evolving, Elusive Nature of Cyberthreats
Today, many organizations and governments are struggling to deal with the growing sophistication and prevalence of cyberattacks as well as the opportunistic, evolving nature of cybercrimes. According to our latest Security Intelligence Report (SIR) Volume 24, as organizations become more proficient in dealing with ransomware, attackers are increasingly returning to the stealthier mode of operation they have employed in the past. They are seeking to stay under the radar to perform new forms of attacks.
For example, with the rise of cryptocurrency value, we are seeing the emergence of cryptocurrency mining malware which uses the infected devices’ compute power to mine for the cryptocurrency. This trend is especially prevalent in Asia Pacific where cryptocurrency mining malware encounter rate is 17 percent higher than the global average. And as the value of cryptocurrency rises, so does the encounter rate.
Cryptocurrency mining malware can cause severe device performance degradation while granting cybercriminals backdoor access to the system. This approach also allows them to leverage the processing power of hundreds of thousands of computers. Even when a minor infection is discovered, the anonymous nature of cryptocurrency complicates efforts to track down the responsible parties.
Other than defending against countless, constantly evolving malware variations, organizations also need to protect themselves from increasingly insidious delivery methods. Besides social engineering techniques, another popular method that cybercriminals are using is drive-by-downloads, which infects unsuspecting users when they visit a compromised website. Users can be infected with malware simply by visiting a website, even without attempting to download anything. Based on our SIR, Asia Pacific suffers from 22 percent more drive-by download attacks than the rest of the world.
What makes drive-by downloads that much harder to guard against is that they can be hosted on legitimate websites as attackers gain access to legitimate sites through intrusion or by posting malicious code to a poorly secured web form. More advanced drive-by download campaigns can also install ransomware or even cryptocurrency mining malware.
The Need to Build Greater Cyber Resiliency and Security Readiness in Asia Pacific
According to the SIR, Japan, Australia and New Zealand have the lowest malware encounter rates in Asia Pacific. These countries tend to have mature cybersecurity infrastructures and well-established programs for protecting critical infrastructure and communicating with their citizens about basic cybersecurity best practices. On the other hand, Indonesia, Philippines and Vietnam had the highest malware encounter rates in the region, highlighting the correlation of infection rates with technology maturity and security readiness within a market.
One of the ways to raise security readiness across industries and cyber resiliency within an organization is through security baselines, which are a foundational set of policies, outcomes, practices, and controls intended to help organizations manage cybersecurity risk and build trust in their digital initiatives.
Security baselines are particularly useful in improving cybersecurity because they can cover a range of risks that are applicable across a variety of environments. While cyberthreats constantly evolve, most risks faced by governments and enterprises are similar, so security baselines can address a significant majority of cyber risks across organizations.
There are dozens of ongoing regional and national initiatives that aim to help enterprises and government entities manage cybersecurity risks by developing or evolving their security baselines. Encouraging, enabling and requiring organizations, especially critical infrastructure providers, to better manage cyber risks is a sensible government priority given the tremendous damage that cyberattacks can wreak in today’s hyper-connected digital world.
Developing Effective Security Baselines
The approaches that organizations take in developing, evolving, and implementing security baselines will have far-reaching impacts. Effective approaches will not only strengthen their security posture but also support innovation, productivity, and economic opportunity. However, less effective approaches will create heavy operational and compliance costs for both businesses and governments without realizing the intended and much-needed security benefits.
That is why a balanced, comprehensive cybersecurity risk management approach that assesses and manages cybersecurity risk in the context of overall enterprise risk management is critical. Organizations that are developing or evolving security baselines can promote and foster a holistic approach by considering the following best practices:
- Facilitate informed decision-making by establishing a “common language��—a shared way of understanding and using terms and concepts. This enables stakeholders to communicate in a meaningful way about risk, resulting in more informed decisions on prioritizing resources and creating continuity in security strategy, planning, and investments.
- Manage risk efficiently through a risk-based set of baseline practices, grounded in an organization’s risk and threat landscape. This allows organizations to focus on security strategies and practices that are likely to have the greatest positive impact.
[Organizations can refer to the ‘Guidance’ section of the SIR to find learn more about cybersecurity measures that can help them bolster their prevention, detection and response capabilities.]
- Enable innovation by establishing security baselines that are outcomes-focused, articulating what organizations should aim to achieve, rather than how organizations should implement security. This provides organizations with the flexibility to regularly update their security baseline to reflect the changing technology and threat environments.
- Leap forward by leveraging industry best practices and guidelines. Rather than building out a set of risk management practices from scratch, utilizing tried and tested methods, such as the NIST Cybersecurity Framework, provides organizations with a valuable starting point.
The consequences of cybercrimes are not just economic costs, they also erode individual privacy and diminish trust in online services. A robust and holistic security baseline that organizations can reference and assimilate will allow both public institutions and private companies to accelerate the adoption of cloud-based innovation and maximize the benefits of promising new technologies such as artificial intelligence. Equally important, it will endow individuals with the trust and confidence they need to make the most of technology and participate meaningfully in the digital economy.