Organisations in Asia are looking beyond standard cyber threat protection and starting to ask for more advanced cybersecurity services including reconnaissance and early kill chain services.

According to cybersecurity consultants Adura, those organisations are moving beyond compliance requirements to see value in threat intelligence, network AI behavior and phishing susceptibility.

Whilte traditional cybersecurity programs focus on compliance through means such as ethical hacking, staff training, or cyber audits, these rely on older frameworks that are behind the security curve.

Adura says by the time a framework is approved, a whole new set of cybersecurity challenges have emerged.

The company's Threat Intelligence Services worked on behalf of its clients to mitigate more than 750 high-risk asset exposures on the dark web last year. Exposures included leaked confidential files, pre-emptive cyber attack intel, VIP and corporate impersonation, harvested staff system credentials, social media exposure, email forensics, and security configuration.

“Our work managing cyber incidents in the Darkweb shows that cyber threats are commonplace in today's digital world and can have a serious impact on businesses of all sizes,” comments Adura head of Cyber Security Services, Barnaby Grosvenor.

“The sheer volume of threats and rapid change in cybersecurity and best practices makes it difficult for companies to effectively manage their cybersecurity needs. Solid cybersecurity programmes follow a prevention-led approach, continuously identifying and closing gaps in employee awareness, security management processes and skills as well as technology.

The company helps clients work through the key pillars of any cybersecurity framework: People, process, and technology.

People

Trends such as bring-your-own-device coupled with highly variable employee awareness of cybersecurity best practices and shadow IT can open the door for cyber criminals. It is vital to educate employees about cyber threats, lowering their susceptibility to social engineering attacks and email phishing.

In phishing simulations run by Adura across its clients, 20% of staff opened phishing emails disguised as social media invites or internal organisational messages. Despite receiving training on how to spot phishing emails, finance and HR department members, two departments that manage sensitive employee information, were found to be more likely to be misled by phishing emails.

This highlights the importance of continuous and effective employee training on cybersecurity issues.

Process

Managing cybersecurity risk requires a well-rounded approach, and Adura works with companies to put in place the right processes and plans depending on customers' size, industry and business goals.

In Adura's experience, 99% of web servers lack at least eight critical security patches because of weaknesses in in-house cybersecurity processes, leaving businesses exposed to cyber threats. Adura helps customers reduce their risk exposure by identifying vulnerabilities, and prioritizing security updates.

Technology

As the technology landscape and cybersecurity best practices continue to evolve, companies need skilled cybersecurity personnel on hand at all times to help them assess and manage their risk profile.  Adura has found that 20% of companies in the region do not have a Chief Information Security Officer (CISO) or sufficient specialist staff.

To help ensure companies always have access to the best talent at hand, Adura offers a Virtual Chief Information Security Officer (vCISO) service. It provides the senior-level counsel and insight of a traditional CISO, without the customer needing to hire additional personnel in their IT team.