Story image

Organisations in Asia uncovering potential of advanced cybersecurity services

08 May 2018

Organisations in Asia are looking beyond standard cyber threat protection and starting to ask for more advanced cybersecurity services including reconnaissance and early kill chain services.

According to cybersecurity consultants Adura, those organisations are moving beyond compliance requirements to see value in threat intelligence, network AI behavior and phishing susceptibility.

Whilte traditional cybersecurity programs focus on compliance through means such as ethical hacking, staff training, or cyber audits, these rely on older frameworks that are behind the security curve.

Adura says by the time a framework is approved, a whole new set of cybersecurity challenges have emerged.

The company’s Threat Intelligence Services worked on behalf of its clients to mitigate more than 750 high-risk asset exposures on the dark web last year. Exposures included leaked confidential files, pre-emptive cyber attack intel, VIP and corporate impersonation, harvested staff system credentials, social media exposure, email forensics, and security configuration.

“Our work managing cyber incidents in the Darkweb shows that cyber threats are commonplace in today’s digital world and can have a serious impact on businesses of all sizes,” comments Adura head of Cyber Security Services, Barnaby Grosvenor.

“The sheer volume of threats and rapid change in cybersecurity and best practices makes it difficult for companies to effectively manage their cybersecurity needs. Solid cybersecurity programmes follow a prevention-led approach, continuously identifying and closing gaps in employee awareness, security management processes and skills as well as technology.”

The company helps clients work through the key pillars of any cybersecurity framework: People, process, and technology.

People

Trends such as bring-your-own-device coupled with highly variable employee awareness of cybersecurity best practices and shadow IT can open the door for cyber criminals. It is vital to educate employees about cyber threats, lowering their susceptibility to social engineering attacks and email phishing.

In phishing simulations run by Adura across its clients, 20% of staff opened phishing emails disguised as social media invites or internal organisational messages. Despite receiving training on how to spot phishing emails, finance and HR department members, two departments that manage sensitive employee information, were found to be more likely to be misled by phishing emails.

This highlights the importance of continuous and effective employee training on cybersecurity issues.

Process

Managing cybersecurity risk requires a well-rounded approach, and Adura works with companies to put in place the right processes and plans depending on customers’ size, industry and business goals.

In Adura’s experience, 99% of web servers lack at least eight critical security patches because of weaknesses in in-house cybersecurity processes, leaving businesses exposed to cyber threats. Adura helps customers reduce their risk exposure by identifying vulnerabilities, and prioritizing security updates.

Technology

As the technology landscape and cybersecurity best practices continue to evolve, companies need skilled cybersecurity personnel on hand at all times to help them assess and manage their risk profile.  Adura has found that 20% of companies in the region do not have a Chief Information Security Officer (CISO) or sufficient specialist staff.

To help ensure companies always have access to the best talent at hand, Adura offers a Virtual Chief Information Security Officer (vCISO) service. It provides the senior-level counsel and insight of a traditional CISO, without the customer needing to hire additional personnel in their IT team.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.