Sudhir Panda, Associate Director, Digital Analytics at a financial institution, at the Computerworld Singapore Security Summit 2017.
Data breaches are costly. According to IBM Security's research, every breach costs US$4 million on average last year, a 29 percent increase since 2013.
Asian organisations can avoid such losses by enforcing updates and patches, said Sudhir Panda, Associate Director of Digital Analytics at a financial institution, at the Computerworld Singapore Security Summit 2017. The importance of doing so is proven by the recent spate of organisations across the globe being hit by the WannaCry ransomware. The ransomware exploits vulnerabilities in Windows, which Microsoft has released patches for them in March.
Since employees are an important line of defence against cyberattacks, they need to be aware of security threats and be taught how to avoid them by undertaking security best practices, Panda added.
He also urged organisations in Asia to ensure that their employee are practising basic cyber hygiene, such as locking computers and devices when not in used, using strong passwords, and using encryption when transferring sensitive information.
Despite the need for security, it should not impede usability. "Organisations need to consider [and balance] confidentiality, integrity, and availability when it comes to protecting data," Panda asserted. He explained that confidentiality limits access to information, integrity assures that the information is trustworthy and accurate, while availability guarantees that authorised employees are able to access the necessary information at any time.
As no one is safe from cyberattacks, it is vital for organisations to be able to detect and respond to it quickly. Panda shared that IT/security teams should pay attention to:
- HTTPS exfiltration as attackers usually exfiltrate data across commonly used channels permitted by firewalls like the unencrypted (http) and encrypted (https) web to hide within the noise of the network.
- Remote Desktop Protocol (RDP) and suspicious admin toolkits such as Poison Ivy. Attackers can use these two tools to remotely log into a networked computer and use the desktop interface as if they are in front of the machine.
- Port scans as they are designed to probe a server or host for openports. While port scanners enable administrators to verify their network security policies, they also allow attackers to use it to exploit or compromise.
Panda concluded his presentation by urging IT/security teams to "always be in a discovery mode, fix the architecture to avoid future breaches, and close the security skills gap."
Other stories from the Computerworld Security Summit Series 2017:
- [Singapore] Singapore Fintech Association's Chia Hock Lai: Why should security professionals pay attention to the rise of fintech?
- [Malaysia] Combatting cyberattacks with a strategic mindset
- [Philippines] DICT's Allan Cabanlong shares Philippines' cybersecurity game plan
- [Philippines] Jollibee's Frank Vibar: Why Digital Risk Officers are necessary for digital transformation
- [Philippines] Asian Development Bank's Alain Duminy: Taking a bi-modal approach to IT governance
- [Philippines] How IT leaders can get everyone involved in cybersecurity