Evolution of cybersecurity – From securing the basics to security orchestration
Cybersecurity experts at PwC argue that cybersecurity concerns have become all the more critical as a result of the acceleration of digital transformation in today’s business environment.
The world experienced one of the greatest accelerations in digital transformation due to the Covid pandemic. Organisations reported they advanced to year two or three of their five-year plans at a surprising pace. However, the fast pace of digital adoption also brought new cybersecurity risks. Kok Tin Gan, PwC Cybersecurity & Privacy Partner, says that PwC recorded the highest number of cyber attacks in 2020 and that these attacks were spread across all sectors of the economy, and affected organisations ranging from small and medium-sized businesses to large enterprises.
From the over 300 techniques documented by PwC’s cyber team, we have learnt that the recurring patterns of cyber attacks include both front door break-ins, such as attacks via leaked credentials or exposed ports, and those exploiting failures of internal monitoring, such as remote access and data sharing attacks. Most attacks were due to the increase in what industry insiders call the ‘attack surface’ of organisations. This includes scenarios such as an organisation expanding remote work arrangements, allowing employees to work from home, and extending their digital footprint via cloud storage and computer services.
Ransomware remains the most common type of attack and early detection could help mitigate this risk. The majority of attacks could be prevented if companies adopt basic protection. For instance, companies should assess whether their virtual private network (VPN) solution has the proper security configuration to prevent exposure of ports, allowing brute force attacks. The other common attacks include those targeting compromised business emails due to a lack of multifactor authentication protection, as well as a large volume of phishing attacks related to the pandemic.
Attackers’ tactics are also becoming more sophisticated. There has been a rise in ‘valid accounts’ attacks in which a hacker obtains the valid credentials of employees. These types of attack are more difficult to detect since companies need to understand employee behaviour and identify any abnormal activities promptly. Companies should also pay attention to any overprivileged accounts added to domain administration groups as these can provide hackers with the opportunity to harvest employee credentials.
On the other hand, legacy systems also continue to be a concern for companies, particularly where these systems are not patched in a timely manner, exposing vulnerabilities to be exploited by attackers. IT teams should work with businesses to schedule a proper maintenance window for patching and upgrades. For legacy systems that are at risk, companies should consider network segmentation to isolate the network properly to minimise the risks.
Unique challenges of group cybersecurity functions
To combat the rise in cyber attacks, many companies are considering increasing their focus on cybersecurity. According to PwC’s 2021 Global Digital Trust Insights report, 96% of executives say they will adjust their cybersecurity strategy due to COVID-19. Half are more likely now to consider cybersecurity in every business decision, up from 25% in the survey last year. Chief security information officers (CISOs) from top group companies in the region reveal that the challenges are even greater for them as they are responsible for managing cybersecurity risks for their subsidiaries operating in heterogeneous environments with inherent diverse cyber risks.
Some of the key challenges faced by group CISOs include data privacy and security where they need to protect large amounts of customer data, and upgrades of legacy systems to keep up with the latest technology. One critical role of the group CISO is to partner with the business to align with the business strategy and risk appetite. This needs to be a two-way dialogue to understand the risks and enable the growth of the business. It is also important to transfer cybersecurity knowledge across the group, especially during the current escalation in phishing attacks, so that businesses are aware of the issues and can address them effectively. One way to help businesses manage cyber risk is to have a set of common themes and practices. For example, a common testing template can save businesses a lot of effort. At the end of the day, cybersecurity is everyone’s responsibility and businesses will need to be accountable for their own actions.
Managing cybersecurity risks at the forefront of technical innovation
In the past year, many businesses have gone digital and several virtual banks were launched in Hong Kong. Felix Kan, PwC Cybersecurity & Privacy Partner, says these organisations face a different set of challenges. One of the key differences is the widespread use of cloud-native technologies, which allow these businesses to innovate quickly but at the same time increase their attack surface. To combat more sophisticated cyber attacks, organisations have adopted different tools and practices, such as DevSecOps (see Online Links) to discover vulnerabilities and risks early on in the development cycle, a trend described as ‘shift-left’ in the industry.
To ensure business continuity and resilience, organisations need to actively identify and eliminate points of failure and ensure detective controls are in place. More advanced technologies, such as artificial intelligence and machine learning can be used to detect abnormalities and better understand customer behaviour. Beyond securing the basics, organisations should have a deep understanding of their critical systems, known as ‘crown jewels’, and know how to protect them. In addition to the typical controls, organisations can consider going the extra mile on detection and response, for example, identifying users who have the highest risks of cyber attacks. Extra training can be provided to these users to educate them about cybersecurity risks. Organisations need to be agile and flexible to combat cyber risks in the modern digital era.
Evolving role and priorities of cybersecurity
Experts in the cybersecurity industry believe the focus on cybersecurity will continue and will become more critical as companies accelerate the growth of their online presence and as increasing numbers of devices are connected across the world. There will also be an increasing focus on cyber analytics, threat hunting and intelligence. Security needs to be embedded into the development process and integrated into the business. In addition, security orchestration and automation will be key to reducing the time it takes to respond to incidents and remediate issues. With automation and robotics in place, security teams can focus more on governance than on hands-on activities.
One of the top ongoing challenges in the industry is acquiring the necessary talent. According to the PwC Global Digital Trust Insights 2021 survey, 51% of executives say they plan to add full-time cybersecurity personnel over the next year, with top roles in cloud solutions, security intelligence and data analysis. Many companies offer trainee and internship programmes in cybersecurity to groom new talent. PwC has an annual HackaDay Capture the Flag competition to nurture local talent by attracting top students to this hacking competition (see Online Links). In 2020, the fourth year of the competition, we observed the highest registration in the number of teams and students. Some 79 undergraduates from 21 teams from Hong Kong and Macau participated in the eight-hour, non-stop competition that required them to use their analytical skills, innovative techniques and creative thinking. Winners of the competition are offered Offensive Security Certified Professional certification and career opportunities with PwC.
Know your weaknesses
Armed with the insight and foresight that only experience and wisdom can provide, cybersecurity today stands at a critical, pivotal exciting time for the industry and the organisations and people it serves. ‘Visibility and speed are the critical factors in cybersecurity’, says Mr Kok. He advises organisations to “know your areas, your weaknesses and find ways to improve.’
Susan Lo, Senior Manager, Cloud & Cybersecurity
PwC DarkLab
The contact details of the PwC Partners quoted in this article are available via the following links – Kok Tin Gan: www.pwchk.com/en/contacts/k/kok-tin-gan.html, and Felix Kan: www.pwchk.com/en/contacts/f/felix-kan.html.
ONLINE LINKS
More information is available at the following website links:
