The growing ranks of the remote and hybrid workforce have increased the risk of security breaches, expanding the attack surface and increasing the risk of security breaches and insider threats, said Jess Ng, Fortinet’s country head for Singapore and Brunei.
She noted that with employees accessing company networks from diverse locations and devices, organisations face an expanded attack surface, with some employees requiring over 25 connections to third-party cloud applications.
According to the 2023 Fortinet-IDC Asia Pacific Security Operations (SecOps) survey, over 30 per cent of devices in Singapore are unmanaged, further heightening the risk of security breaches.
Unfortunately, this increased connectivity has led to a rise in insider threat cybersecurity incidents, with 78 per cent of respondents in the Asia-Pacific survey acknowledging that remote work has led to an increase in insider threats.
Moreover, phishing attacks remain the top concern in Asia-Pacific, with 50 per cent of organisations ranking it as their primary cyber threat.
Remote work environments are conducive to phishing attacks, as cyber criminals exploit employee distractions and vulnerabilities to lure them into clicking malicious links or disclosing sensitive information.
Ransomware incidents have doubled across the region, driven by a surge in phishing and malware, alongside social engineering attacks, insider threats, and zero-day exploits. Some 62 per cent of organisations reported at least a twofold increase in ransomware attacks in 2023, compared to 2022.
Besides phishing and ransomware, the threat landscape in the Asia-Pacific varies by country, and includes unpatched vulnerabilities, identity theft, and Internet of Things- (IOT) based attacks.
The sophistication of cybercrime groups poses additional challenges, with adversaries targeting critical infrastructures, such as healthcare and financial services. The rise of Cybercrime-as-a-Service (CaaS) operations and generative AI has made it easier for attackers to execute more sophisticated and stealthy attacks, said Ng.
“These tools enable adversaries to evade robust security controls and become more agile, making each tactic in the attack cycle more efficient,” said Ng.
To navigate this evolving cybersecurity landscape, organisations need to adopt a multi-layered approach to cybersecurity, encompassing technology, people, and processes.
“Connecting threat intelligence systems with the broader security architecture enhances visibility and enables automated threat response. On the human front, regular training programs are crucial to mitigate threats like phishing by educating employees on identifying cyberattack attempts,” added Ng.
Furthermore, organisations need comprehensive incident response and disaster recovery strategies to reduce recovery time should an attack occur.
Another issue is that organisations (three out of four in Asia-Pacific), are not conducting regular risk assessments, which hampers timely threat detection.
“Risk management is not a one-time activity but an ongoing process, especially as the network and threat landscapes evolve rapidly. With organisations digitalising at a swift pace and increasing their adoption of emerging technologies, the attack surface for threat actors expands,” explains Ng.
Organisations need to validate alerts much faster than the 15 minutes reported by 74 per cent of cybersecurity teams in the SecOps survey, as this can prevent threats from escalating into major incidents.
Additionally, for 60 per cent of organisations, at least 25 per cent of their alerts are false positives, which means enhancing monitoring and detection capabilities is essential to allow security teams to focus on genuine threats.
The Fortinet survey found that an average of one SecOps professional for every 200 employees in the Asia-Pacific, each of whom manages about 40 alerts daily.
The professionals have about 12 minutes to address each alert within an 8-hour workday, highlighting the need for efficient processes, automation, and prioritisation.
According to Ng, AI-driven automation is key to addressing these challenges. It can enable consistent and comprehensive risk assessments across all systems and assets, and analyse behavioural indicators, to detect advanced threats more accurately and deliver effective responses more swiftly, she said.
“AI-driven orchestration can combine internal and external data to provide a complete picture of threat activities across the entire network,” she noted.
“This enables IT teams to investigate the root causes of certain issues and identify the most effective methods to combat different types of attacks,” she added.