Story image

Organisations in Asia uncovering potential of advanced cybersecurity services

08 May 18

Organisations in Asia are looking beyond standard cyber threat protection and starting to ask for more advanced cybersecurity services including reconnaissance and early kill chain services.

According to cybersecurity consultants Adura, those organisations are moving beyond compliance requirements to see value in threat intelligence, network AI behavior and phishing susceptibility.

Whilte traditional cybersecurity programs focus on compliance through means such as ethical hacking, staff training, or cyber audits, these rely on older frameworks that are behind the security curve.

Adura says by the time a framework is approved, a whole new set of cybersecurity challenges have emerged.

The company’s Threat Intelligence Services worked on behalf of its clients to mitigate more than 750 high-risk asset exposures on the dark web last year. Exposures included leaked confidential files, pre-emptive cyber attack intel, VIP and corporate impersonation, harvested staff system credentials, social media exposure, email forensics, and security configuration.

“Our work managing cyber incidents in the Darkweb shows that cyber threats are commonplace in today’s digital world and can have a serious impact on businesses of all sizes,” comments Adura head of Cyber Security Services, Barnaby Grosvenor.

“The sheer volume of threats and rapid change in cybersecurity and best practices makes it difficult for companies to effectively manage their cybersecurity needs. Solid cybersecurity programmes follow a prevention-led approach, continuously identifying and closing gaps in employee awareness, security management processes and skills as well as technology.”

The company helps clients work through the key pillars of any cybersecurity framework: People, process, and technology.

People

Trends such as bring-your-own-device coupled with highly variable employee awareness of cybersecurity best practices and shadow IT can open the door for cyber criminals. It is vital to educate employees about cyber threats, lowering their susceptibility to social engineering attacks and email phishing.

In phishing simulations run by Adura across its clients, 20% of staff opened phishing emails disguised as social media invites or internal organisational messages. Despite receiving training on how to spot phishing emails, finance and HR department members, two departments that manage sensitive employee information, were found to be more likely to be misled by phishing emails.

This highlights the importance of continuous and effective employee training on cybersecurity issues.

Process

Managing cybersecurity risk requires a well-rounded approach, and Adura works with companies to put in place the right processes and plans depending on customers’ size, industry and business goals.

In Adura’s experience, 99% of web servers lack at least eight critical security patches because of weaknesses in in-house cybersecurity processes, leaving businesses exposed to cyber threats. Adura helps customers reduce their risk exposure by identifying vulnerabilities, and prioritizing security updates.

Technology

As the technology landscape and cybersecurity best practices continue to evolve, companies need skilled cybersecurity personnel on hand at all times to help them assess and manage their risk profile.  Adura has found that 20% of companies in the region do not have a Chief Information Security Officer (CISO) or sufficient specialist staff.

To help ensure companies always have access to the best talent at hand, Adura offers a Virtual Chief Information Security Officer (vCISO) service. It provides the senior-level counsel and insight of a traditional CISO, without the customer needing to hire additional personnel in their IT team.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.