Lack of cloud expertise, controls leave APAC firms vulnerable in remote work

The global pandemic has sent 92% of organisations scurrying to adopt new technologies in order to facilitate remote work, but businesses in Asia-Pacific often come up short on cloud expertise and endpoint controls. Such common oversights can leave these companies vulnerable to cyberattacks. 

Amongst global companies that brought in new technologies to adapt to a new remote workplace, 63% turned to enterprise collaboration tools such as Zoom, Cisco Systems' Webex, and Microsoft Teams. Another 52.1% adopted privacy tools including VPNs and encryption, while 46.9% brought in endpoint cybersecurity tools including antivirus, patch management, and vulnerability assessments, according to Acronis' Cyber Readiness Report.

Conducted over June and July this year, the survey polled 3,400 IT managers and remote workers across 17 countries, including France, Germany, the UK, and four Asia-Pacific markets, comprising 200 respondents each from Singapore, India, Japan, and Australia.

Global pandemic opening up can of security worms

Global pandemic opening up can of security worms

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.

Read More

Across the globe, 35% saw more new devices connecting to their corporate network in the past three months, while 36% reported the same number.

Amidst the increased adoption of collaboration tools, 39% said they encountered a videoconferencing attack in the past three months. Some 31% reported at least one cyber attack a day, the survey revealed. Half were targeted at least once a week, while 9% recorded at least one cyber attack every hour.

Respondents in India saw nearly twice as many attacks as any other country, followed by the US and the UAE. 

Malware attacks were identified by 22% of respondents worldwide and remained a significant issue for some countries, including Singapore, India, South Africa, UAE, and Bulgaria, where each reported nearly twice as many malware attacks as the global average. 

With employees switching to home-based work, organisations were finding it tough to manage their ICT infrastructure to support a remote workforce. Some 54.7% pointed to enabling and instructing employees on remote work as a top ICT challenge, while 49.7% cited securing remote workers as a challenge. Another 44.4% found it challenging to ensure the availability of corporate applications and networks. 

Acronis noted that these three top ICT challenges ranked significantly higher in some markets, particularly in Singapore, India, and UAE, compared to the global average figures.

Despite the increased need now to facilitate a remote workforce, organisations in Asia-Pacific still were not engaging adequate expertise in cloud technology to manage this new environment, noted Acronis CISO Kevin Reed. They also continued to deployed weak authentication and still lacked endpoint security controls, Reed told ZDNet in an email interview. 

"Unmanaged, unprotected devices get connected to the internal network and with 'defence in depth' strategy not being implemented, it's easy to compromise the whole organisation," he said.

For instance, he noted that the absence of in-built videoconferencing protection tools were amongst the key reasons companies were falling victim to videoconferencing attacks. 

With the adoption of such tools "too abrupt" due to the onslaught of the COVID-19 pandemic, he said users ignored basic security features that were available on platforms such as Zoom. Features such as password protection, waiting rooms, and authenticated access were left unactivated, he added.

Reed urged organisations to plug security loopholes left open by remote workers or unsecured home networks by implementing automated policy applications. 

"[Security] policies should not rely only on employees' cooperation," he said. "They should be automatically enforced whenever possible. Not only does it reduces the risk of employees violating them willingly, it also protects the company from genuine [human] mistakes."

According to a July survey by Trend Micro, more than half of employees in Singapore had their company's cybersecurity policies in mind whilst working remotely amidst the COVID-19 outbreak, but several still broke the rules anyway. Some 38% admitted to connecting to public Wi-Fi networks without using their corporate VPN application, while 37% uploaded corporate data on to non-work applications.

Another study by CrowdStrike in June revealed that 45% respondents across four Asia-Pacific markets -- Singapore, India, Australia, and Japan -- said their organisation did not provide employees with additional training on dealing with cybersecurity risks associated with working from home. In addition, 54% believed their organisations were more likely to experience a serious cyberattack during the COVID-19 pandemic than they would before the outbreak. 

RELATED COVERAGE



tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im