Three ways to strengthen cybersecurity resilience in APAC

woman speaking in front of a team

Vivek Ravindran By Vivek Ravindran, Business Group Lead for Modern Work in APAC

Organizations across the Asia-Pacific region rapidly transformed to adapt to new business conditions during the pandemic. Remote work became a default for many workers, enabling businesses to continue despite lockdowns across the region. But if businesses adapted to the realities of the pandemic, so did cybercriminals. And as we transition to hybrid work, businesses will need new strategies to ensure their security.

Frost & Sullivan estimates that by 2030 there will be a complex global network of 200 billion devices. That’s about 20 connected devices per person. It’s a dramatic expansion of the number of endpoints cybercriminals can exploit. At the same time, our online identities – made up of all the data that apps and services collect – continue to be the most exploited area of vulnerability.

Cybersecurity has often been viewed through a competitive rather than a collaborative lens. Organizations have focused on building their digital environments for competitive advantage, often without considering how others in the industry might approach the same challenges.

An increasingly sophisticated threat landscape requires a new and more comprehensive approach to cybersecurity. Conventional measures that center on isolated perimeter-based firewall systems, antivirus solutions and tactical response are no longer adequate. Organizations need to adopt a Zero Trust approach to security with automation and multiple layers of defense built in.

This new approach also means partnering across industries and stronger collaboration between the public and private sectors. There needs to be a cohesive, collaborative approach to data protection and cyberdefense across organizations.

At Microsoft, we work with governments and organizations across the region to foster collective resilience through consultation on cyberstrategy best practices, threat intelligence sharing, and implementation of Zero Trust based security architecture. We use AI and human expertise to deliver an integrated, automated threat response with effective data governance and privacy management.

Here are some recommendations that may be helpful as organizations look to strengthen their resilience:

1. Building security plans around a Zero Trust approach

The complexity of the modern business environment means that our workforce is mobile and expects to be able to work from anywhere, using applications that live outside of traditional corporate network protections. As the number of remotely connected devices and edge endpoints increases, the attack surface cybercriminals can exploit increases too. Therefore, the “assume breach” mindset of Zero Trust needs to be a business imperative.

Microsoft’s cybersecurity ethos is built on the principles of Zero Trust, and our continuous endeavor is to help organizations adapt to this changing environment by adopting a Zero Trust approach to cybersecurity. A Zero Trust approach extends throughout an organization’s entire digital estate, giving users only the access that they need, while explicitly verifying and constantly monitoring.

Government agencies across APAC are also geared to address security at every level. Dato’ Ts. Dr. Amirudin Abdul Wahab, Chief Executive Officer, Cybersecurity Malaysia, recently said, “Protecting Malaysia requires a team effort, empowering people, creating guiding policies and enabling with technology. Cybersecurity cannot be seen as just an information technology function but must have an elevated role in enterprises.”

Businesses of all sizes can get started on the Zero Trust journey by taking steps to secure identities. As our recent Cyber Signals report explains, identities are a key security battleground, and the risk to compromised credentials can be mitigated through activation of multifactor authentication (MFA) and passwordless authentication. Microsoft’s passwordless authentication relies on a user’s biometrics, serving as a secure alternative while improving security and safeguarding user privacy, and doing away with complex password requirements altogether.

2. Automating Organizational Response using Threat Intelligence

The most effective defense strategies are quick at responding to continuous changes, while leaving room for constant improvement and iterative growth as the attack landscape evolves.

Group Captain Amorn Chomchoey, the Deputy Secretary-General of National Cyber ​​Security Agency of Thailand says: “COVID-19 showed us that prevention provides better outcomes than reactive treatment, which is the same for cybersecurity. Awareness of threats is the best vaccination to provide protection and cyber-resiliency.”

One way to get ahead of emerging threats is through automation. Automating analytics enables the identification of a wide variety of threats, enabling adaptive response protocols that are easy to implement. This helps organizations streamline their risk assessment processes and provide realistic benchmarks for testing and evaluation.

To counter cyberattacks and guard against urgent threats, Microsoft Threat Intelligence amasses billions of signals to provide a holistic view of an organization’s security ecosystem. Customers can receive relevant, contextual threat intelligence that is built into products like Microsoft 365, Windows, and Azure.

Moreover, Microsoft’s ransomware protection prevents identities from being compromised, ensuring that client devices are healthy, while data is backed up securely and remains available even if a system is compromised.

AI-driven adaptive protection can automatically switch to the most aggressive mode, which blocks ransomware payloads and prevents important files and data from being encrypted – preventing cybercriminals from successfully executing the attack.

3. Stronger collaboration between the public and private sector

To achieve a robust and secure digital environment, the public and private sectors should collaborate and synchronize their cyberdefense strategies. Governments and global standards organizations should consider introducing a standardized cybersecurity framework for the private sector. Stakeholders of security functions can also provide key insights, identify national cybersecurity risks, and work with governmental agencies to encourage the private sector to increase investment in digital infrastructure.

David Koh, the Chief Executive of the Cyber Security Agency of Singapore, says, “Creating the consensus, collaboration, and capabilities we need is integral to keeping the digital domain secure and to maintaining an open and interoperable cyberenvironment. The Singapore Cybersecurity Strategy 2021 uses these core principles and concepts to secure the nation against constantly evolving digital threats.”

With 8,500 security defenders protecting data, devices, identities, platforms, and clouds, Microsoft has the right team and infrastructure to thwart advanced cyberattacks and stop threat actors.

In addition, Microsoft’s Digital Crime Unit (DCU) fights cybercrime by disrupting malicious infrastructure used by criminals. The DCU makes referrals to law enforcement, engages in civil legal actions on behalf of customers, and implements technical measures in partnership with our product and service teams.

The Future of Technological Workplace Security  

As more businesses and organizations turn to hybrid work, Microsoft is bolstering user trust in technology by helping to protect the digital ecosystem. But to truly make technology more secure, we need a comprehensive approach and better collaboration across the region.

“Our lives are intertwined with technology, creating great potential but also risk. The whole nation needs to work together to stamp out cybercrime with capacity building, by improving awareness and sharing knowledge to help protect everyone,” says Mary Rose E. Magsaysay, Director of Cybercrime Investigation and Coordination in the Philippines.

At Microsoft, we work with organizations of all sizes to empower them with the best tools for their needs. To better protect critical information, government agencies and private companies can work together to create significant efficiencies in yielding better security for all and partner together for a safer world.

Related Posts