Building Cyber Resilience in Today’s Ever-Changing Digital Landscape

In today’s digitally driven world, no one is truly safe from the inevitable cyber threats spreading swiftly across the globe. The concerning normalization of data breaches and cybercrimes has become increasingly apparent with reports from CNN showing that various US Federal agencies have consistently highlighted cyber criminals’ opportunistic exploitation of system vulnerabilities.

The Asia-Pacific (APAC) region faces an escalating threat landscape too. Channel News Asia revealed that Singapore received up to 32 million attacks through the exploitation of e-commerce payment transactions using automated bots, ranking the country higher than APAC on average when it comes to digital fraud attacks.

To illustrate this on a local scale, a cybersecurity company, Surfshark, reported that Malaysia was ranked as the 8th most breached country in Q3 2023 with 494,699 leaked accounts. With this evidence, it signifies as a crucial reminder for us to take this matter seriously.

There’s a pressing need for improvement in cybersecurity practices. Fortinet’s 2023 State of Operational Technology and Cybersecurity Report reveals a shift in cybercriminal tactics towards a more targeted approach. According to the report, CISOs will soon be overseeing Operational Technology (OT) cybersecurity and 44% of the 570 OT professionals surveyed worldwide recognized the need for improvement in their cybersecurity maturity level.

The Microsoft Digital Defense Report of 2023 serves as a beacon of illumination in the relentless battle against cyber adversaries. Partnering closely with more than 10,000 experts, Microsoft has blocked on average 4,000 attacks every second, tracked over 300 threat actors with the removal of 100,000 domains. Apart from that, discrete manufacturing and higher education are the prime targets while 70% of organizations experiencing human-operated ransomware are SMEs with fewer than 500 employees. It’s also reported that above 80% of the compromises come from unmanaged devices.

Amidst these alarming numbers, it becomes increasingly evident that cybersecurity transcends the realm of technology – it’s a process, a collective effort. Having navigated the Microsoft landscape for more than 10 years, I have concluded that humans, prone to errors, serve as both first and last lines of defense. Cybersecurity is not a solution nor a service, but again ultimately, a process.

“Hackers don’t differentiate whether you are a small company with five employees or 50,000 employees. For them, you are just one target,” This point was strongly emphasized by Abbas Kudrati, Microsoft’s APAC Chief Cybersecurity Advisor, in an interview with Vulcan Post.

Ushering into the new age of technology, safeguarding oneself in the digital realm necessitates a proactive and comprehensive approach. To build a holistic cybersecurity strategy on an organizational level, the 3 pillars of cybersecurity which are technology, people, and process, should all work hand-in-hand. Hence, I recommend these four steps to reinforce your digital defenses:

Cybersecurity Assessment

Before exploring cybersecurity solutions, assess your business’s risk of potential attacks. Did you know that 60% of small businesses don’t survive a cyberattack?

In this context, accessing your business’ risk of potential attacks becomes the top priority. A comprehensive cybersecurity assessment like THIS allows you not only to evaluate your business’ cybersecurity posture and vulnerabilities, but also to take proactive steps in mitigating these risks.

Cybersecurity Training

Human error is more common than you think. Often, we overlook the importance of being wary of malicious links, threat actors, having strong passwords or even locking our devices when they’re no longer in use. One of the largest casino centers in the world, MGM Resorts, was hit by a ransomware firm, Scattered Spider, due to human error. They managed to gain access to the system by impersonating an MGM employee through a call with the IT help desk, which resulted in major financial loss, leak of customers’ personal information and shut down of IT operations.

As one of the pillars of cybersecurity, humans play a pivotal role in ensuring there’s minimal to no error and that their entire digital ecosystem is well secured. Hence, it is essential for organizations to equip their employees not just with the right tools but also knowledge and skills through comprehensive cybersecurity training. This method can empower your employees to become the first and last lines of defense, guiding them to recognize diverse cyber threats, test their knowledge, and encourage them to adopt the best practices for heightened awareness and preparedness. It does not only reduce the risk of human error but also lower the chance of data breaches. Find out more how you can instill cybersecurity awareness among your employees through this Cybersecurity Awareness Training.

Optimize the Latest Software and Technology

With the rapid evolution of technology, devices are made easy and more secure equipped with features meant to protect your device and data from getting attacked. For instance, Microsoft 365 Business Premium has its own Microsoft Defender, Azure Information Protection, and Microsoft Intune to ensure its users can roam the digital landscape safely.

Apart from that, regular software updates are just as important to safeguard your devices against evolving threats. While updated software has new and more compatible features, it helps to patch security flaws, protect your data, and improves device performance. These days, even modern laptops have built-in cybersecurity features, alerting users to potential ransomware and phishing attacks.

Business Continuity and Disaster Recovery (BCDR)

We all know downtime can lead to lost revenue. In an unpredictable landscape, you can never expect when your business will be targeted for cyber threats, hit by disasters or a scenario where someone is eager to leak your valuable information. It was revealed in the 2023 Datto’s SMB Cybersecurity for MSPs Report that many SMBs do not have the right tools to minimize downtime despite it being costly, posing them vulnerable in the event of potential disasters.

This is precisely where BCDR comes in handy. It is a dire need for organizations to invest in BCDR as a prevention method against those unforeseen circumstances. It serves as a lifeline, enabling the restoration of critical data to keep essential functions up and running while reducing downtime. A well-thought-out disaster recovery plan not only helps eliminate high recovery costs, but also prevent permanent data loss, ensuring the resilience of your business.

Steering through the vast expanse of the digital landscape necessitates a robust cybersecurity paradigm. In the era of AI dominance, the rise of AI brings both opportunities and threats, with cyber threats continuing to evolve in sophistication alongside technological advancements.

Cyber resilience stands as the cornerstone of business sustainability in this dynamic environment. It demands a collaborative and strategic effort to fortify our digital boundaries against an ever-adapting adversary. The urgency to embrace a holistic approach to cybersecurity becomes fundamental as we confront the challenges that lie ahead.

At SRKK, we stand as your strategic partner, working closely with industry-leading partners, where our consultants and engineers undergo continuous upskilling and certification. This ensures that we remain at the forefront of cybersecurity trends, ready to design and implement comprehensive security roadmaps for your organization’s IT infrastructure.

If you want to explore how we can help your organization strengthen your security posture, I am happy to discuss further, or you can reach out here – https://www.srkk.com/contact-us/

Building Cyber Resilience in Today’s Ever-Changing Digital Landscape

In today’s digitally driven world, no one is truly safe from the inevitable cyber threats spreading swiftly across the globe. The concerning normalization of data breaches and cybercrimes has become increasingly apparent with reports from CNN showing that various US Federal agencies have consistently highlighted cyber criminals’ opportunistic exploitation of system vulnerabilities.

The Asia-Pacific (APAC) region faces an escalating threat landscape too. Channel News Asia revealed that Singapore received up to 32 million attacks through the exploitation of e-commerce payment transactions using automated bots, ranking the country higher than APAC on average when it comes to digital fraud attacks.

To illustrate this on a local scale, a cybersecurity company, Surfshark, reported that Malaysia was ranked as the 8th most breached country in Q3 2023 with 494,699 leaked accounts. With this evidence, it signifies as a crucial reminder for us to take this matter seriously.

There’s a pressing need for improvement in cybersecurity practices. Fortinet’s 2023 State of Operational Technology and Cybersecurity Report reveals a shift in cybercriminal tactics towards a more targeted approach. According to the report, CISOs will soon be overseeing Operational Technology (OT) cybersecurity and 44% of the 570 OT professionals surveyed worldwide recognized the need for improvement in their cybersecurity maturity level.

The Microsoft Digital Defense Report of 2023 serves as a beacon of illumination in the relentless battle against cyber adversaries. Partnering closely with more than 10,000 experts, Microsoft has blocked on average 4,000 attacks every second, tracked over 300 threat actors with the removal of 100,000 domains. Apart from that, discrete manufacturing and higher education are the prime targets while 70% of organizations experiencing human-operated ransomware are SMEs with fewer than 500 employees. It’s also reported that above 80% of the compromises come from unmanaged devices.

Amidst these alarming numbers, it becomes increasingly evident that cybersecurity transcends the realm of technology – it’s a process, a collective effort. Having navigated the Microsoft landscape for more than 10 years, I have concluded that humans, prone to errors, serve as both first and last lines of defense. Cybersecurity is not a solution nor a service, but again ultimately, a process.

“Hackers don’t differentiate whether you are a small company with five employees or 50,000 employees. For them, you are just one target,” This point was strongly emphasized by Abbas Kudrati, Microsoft’s APAC Chief Cybersecurity Advisor, in an interview with Vulcan Post.

Ushering into the new age of technology, safeguarding oneself in the digital realm necessitates a proactive and comprehensive approach. To build a holistic cybersecurity strategy on an organizational level, the 3 pillars of cybersecurity which are technology, people, and process, should all work hand-in-hand. Hence, I recommend these four steps to reinforce your digital defenses:

Cybersecurity Assessment

Before exploring cybersecurity solutions, assess your business’s risk of potential attacks. Did you know that 60% of small businesses don’t survive a cyberattack?

In this context, accessing your business’ risk of potential attacks becomes the top priority. A comprehensive cybersecurity assessment like THIS allows you not only to evaluate your business’ cybersecurity posture and vulnerabilities, but also to take proactive steps in mitigating these risks.

Cybersecurity Training

Human error is more common than you think. Often, we overlook the importance of being wary of malicious links, threat actors, having strong passwords or even locking our devices when they’re no longer in use. One of the largest casino centers in the world, MGM Resorts, was hit by a ransomware firm, Scattered Spider, due to human error. They managed to gain access to the system by impersonating an MGM employee through a call with the IT help desk, which resulted in major financial loss, leak of customers’ personal information and shut down of IT operations.

As one of the pillars of cybersecurity, humans play a pivotal role in ensuring there’s minimal to no error and that their entire digital ecosystem is well secured. Hence, it is essential for organizations to equip their employees not just with the right tools but also knowledge and skills through comprehensive cybersecurity training. This method can empower your employees to become the first and last lines of defense, guiding them to recognize diverse cyber threats, test their knowledge, and encourage them to adopt the best practices for heightened awareness and preparedness. It does not only reduce the risk of human error but also lower the chance of data breaches. Find out more how you can instill cybersecurity awareness among your employees through this Cybersecurity Awareness Training.

Optimize the Latest Software and Technology

With the rapid evolution of technology, devices are made easy and more secure equipped with features meant to protect your device and data from getting attacked. For instance, Microsoft 365 Business Premium has its own Microsoft Defender, Azure Information Protection, and Microsoft Intune to ensure its users can roam the digital landscape safely.

Apart from that, regular software updates are just as important to safeguard your devices against evolving threats. While updated software has new and more compatible features, it helps to patch security flaws, protect your data, and improves device performance. These days, even modern laptops have built-in cybersecurity features, alerting users to potential ransomware and phishing attacks.

Business Continuity and Disaster Recovery (BCDR)

We all know downtime can lead to lost revenue. In an unpredictable landscape, you can never expect when your business will be targeted for cyber threats, hit by disasters or a scenario where someone is eager to leak your valuable information. It was revealed in the 2023 Datto’s SMB Cybersecurity for MSPs Report that many SMBs do not have the right tools to minimize downtime despite it being costly, posing them vulnerable in the event of potential disasters.

This is precisely where BCDR comes in handy. It is a dire need for organizations to invest in BCDR as a prevention method against those unforeseen circumstances. It serves as a lifeline, enabling the restoration of critical data to keep essential functions up and running while reducing downtime. A well-thought-out disaster recovery plan not only helps eliminate high recovery costs, but also prevent permanent data loss, ensuring the resilience of your business.

Steering through the vast expanse of the digital landscape necessitates a robust cybersecurity paradigm. In the era of AI dominance, the rise of AI brings both opportunities and threats, with cyber threats continuing to evolve in sophistication alongside technological advancements.

Cyber resilience stands as the cornerstone of business sustainability in this dynamic environment. It demands a collaborative and strategic effort to fortify our digital boundaries against an ever-adapting adversary. The urgency to embrace a holistic approach to cybersecurity becomes fundamental as we confront the challenges that lie ahead.

At SRKK, we stand as your strategic partner, working closely with industry-leading partners, where our consultants and engineers undergo continuous upskilling and certification. This ensures that we remain at the forefront of cybersecurity trends, ready to design and implement comprehensive security roadmaps for your organization’s IT infrastructure.

If you want to explore how we can help your organization strengthen your security posture, I am happy to discuss further, or you can reach out here – https://www.srkk.com/contact-us/

ABOUT THE AUTHOR:
Phang Wai Yin, is the CTO of the SRKK Group, over 10 years’ experience in transforming organizational productivity, enabling remote work while reducing cost and management effort.

ABOUT THE AUTHOR:
Phang Wai Yin, is the CTO of the SRKK Group, over 10 years’ experience in transforming organizational productivity, enabling remote work while reducing cost and management effort.