Bolstering cybersecurity calls for an ecosystem effort: Cisco

Cybersecurity is not just protecting a company itself, it extends also to the company's suppliers, customers and partners.

Today, there are more targets for cyberattacks than ever before because more customers, partners and suppliers are connected to an organisation’s systems.
 
 “This incredibly interconnected world provides immense benefits. But because of how interconnected we are, everyone and everything is an insider, and humans are a top target for malicious actors,” says Cisco’s executive vice president and GM for security and collaboration Jeetu Patel at a Cisco Live event in Las Vegas in June.
 
He adds: “It's not [enough to] just protect ourselves. We have to protect the entire entirety of the ecosystem, or we will not be protected as a society.”
 
This can be illustrated by the supply chain attack that hit software developer SolarWinds in 2020, wherein the hackers inserted a malicious code into the SolarWinds Orion IT performance monitoring system instead of directly attacking SolarWinds networks.

The compromised versions of Orion were then unwittingly distributed by SolarWinds to its customers as an update or a patch.
 
As an IT monitoring system, SolarWinds Orion has privileged access to IT systems to obtain log and system performance data, and is used by more than 30,000 public and private organisations to manage their IT resources.
 
SolarWinds’ customers were not the only ones affected. Because the hack exposed the inner workings of Orion users, the hackers could potentially gain access to the data and networks of their customers and partners as well -- enabling affected victims to grow exponentially from there.
 
Tim Brown, vice president of Security at SolarWinds, tells The Edge Singapore the attack was “one of the most sophisticated cyberattacks in history”, explaining that the hackers inserted malicious code in the software build environment in a way that had never been done before.
 
In response to the attack, Brown says the company has taken the lessons from the attack to create its Secure by Design initiative, which includes immediate steps to strengthen and protect its network by implementing additional security practices.
 
These practices, he says, include improving its software build process to make it more secure and adopting zero trust and least privilege access, among other steps.

But these solutions may be prohibitively expensive to implement, especially for small and medium businesses (SMBs), which may not have the financial muscle to deploy a comprehensive cybersecurity solution.

Helping SMBs to improve their cybersecurity readiness

SMBs' concerns are valid, according to Cisco’s Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense study.

The survey reveals that two in three (67%) SMBs in Singapore are more concerned about cybersecurity today than they were 12 months ago.

40% of local SMBs also suffered a cyber incident in the last 12 months, with 51% saying that these cyber incidents cost their business US$500,000 or more.

Cisco says that the top reason highlighted as the cause of these incidents was cybersecurity solutions not being adequate to detect or prevent the attack.

These attacks have a tangible impact on SMBs – from disruption in operations and loss of revenue to a negative impact on the organisation’s reputation.

As such, on May 5, Cisco launched a new assessment tool for Singapore SMBs to better understand their overall security posture.

The new online assessment tool assesses the “cybersecurity readiness” of each organisation through the lens of “zero trust,” the concept that all attempts to access an organisation’s network architecture are not granted until trust can be verified.

Cisco explains its approach as such: “When a user accesses an application using a device, both the user and device are verified, with that trust continuously monitored. This helps secure the organization’s applications and environments, from any user, device, and location.”

The tool assesses an organisation’s level of maturity in six areas of “zero trust”, namely, user identity, device, networks, applications, data, and security operations.

Once an organisation enters details of its security capabilities and policies, the tool assesses the overall security posture of the organisation based on industry and sector benchmarks.

In addition, the organisation also gets a bespoke report that indicates its level of maturity, challenges and opportunities in each of the six areas of zero trust.

Where applicable, it also offers tailored recommendations on the technologies and solutions that can help strengthen the organisation’s overall security posture and preparedness in a hybrid work environment.

While this is not the all and end all for SMBs, Andy Lee, managing director for Cisco Singapore and Brunei, says this is a “first step [for SMBs to get a] better understanding of their cybersecurity preparedness, and the opportunities and gaps that require attention”.

See Also:

• Click here to stay updated with the Latest Business & Investment News in Singapore

• Digital wallet fraud on the rise in Singapore: LexisNexis

• Myths and realities of air gaps

• The long-term strategy to win the fight against ransomware

• Read more stories about where the money flows, and analysis of the biggest market stories from Singapore and around the World

• Get in-depth insights from our expert contributors, and dive into financial and economic trends

• Follow the market issue situation with our daily updates

• Or want more Lifestyle and Passion stories? Click here