Continue reading this on our app for a better experience

Open in App
Floating Button
Home Digitaledge Digital Economy

Bolstering cybersecurity calls for an ecosystem effort: Cisco

Lim Hui Jie
Lim Hui Jie • 4 min read
Bolstering cybersecurity calls for an ecosystem effort: Cisco
Photo Credit: Cisco
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

Today, there are more targets for cyberattacks than ever before because more customers, partners and suppliers are connected to an organisation’s systems.

“This incredibly interconnected world provides immense benefits. But because of how interconnected we are, everyone and everything is an insider, and humans are a top target for malicious actors,” says Cisco’s executive vice president and GM for security and collaboration Jeetu Patel at a Cisco Live event in Las Vegas in June.

He adds: “It's not [enough to] just protect ourselves. We have to protect the entire entirety of the ecosystem, or we will not be protected as a society.”

This can be illustrated by the supply chain attack that hit software developer SolarWinds in 2020, wherein the hackers inserted a malicious code into the SolarWinds Orion IT performance monitoring system instead of directly attacking SolarWinds networks.

The compromised versions of Orion were then unwittingly distributed by SolarWinds to its customers as an update or a patch.

As an IT monitoring system, SolarWinds Orion has privileged access to IT systems to obtain log and system performance data, and is used by more than 30,000 public and private organisations to manage their IT resources.

SolarWinds’ customers were not the only ones affected. Because the hack exposed the inner workings of Orion users, the hackers could potentially gain access to the data and networks of their customers and partners as well -- enabling affected victims to grow exponentially from there.

Tim Brown, vice president of Security at SolarWinds, tells The Edge Singapore the attack was “one of the most sophisticated cyberattacks in history”, explaining that the hackers inserted malicious code in the software build environment in a way that had never been done before.

In response to the attack, Brown says the company has taken the lessons from the attack to create its Secure by Design initiative, which includes immediate steps to strengthen and protect its network by implementing additional security practices.

These practices, he says, include improving its software build process to make it more secure and adopting zero trust and least privilege access, among other steps.

But these solutions may be prohibitively expensive to implement, especially for small and medium businesses (SMBs), which may not have the financial muscle to deploy a comprehensive cybersecurity solution.

Helping SMBs to improve their cybersecurity readiness

SMBs' concerns are valid, according to Cisco’s Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense study.

The survey reveals that two in three (67%) SMBs in Singapore are more concerned about cybersecurity today than they were 12 months ago.

See also: Testing QA New Section BDC Feature Winner 1

40% of local SMBs also suffered a cyber incident in the last 12 months, with 51% saying that these cyber incidents cost their business US$500,000 or more.

Cisco says that the top reason highlighted as the cause of these incidents was cybersecurity solutions not being adequate to detect or prevent the attack.

These attacks have a tangible impact on SMBs – from disruption in operations and loss of revenue to a negative impact on the organisation’s reputation.

See also: Unpublished article shouldnt be accessible testing

As such, on May 5, Cisco launched a new assessment tool for Singapore SMBs to better understand their overall security posture.

The new online assessment tool assesses the “cybersecurity readiness” of each organisation through the lens of “zero trust,” the concept that all attempts to access an organisation’s network architecture are not granted until trust can be verified.

Cisco explains its approach as such: “When a user accesses an application using a device, both the user and device are verified, with that trust continuously monitored. This helps secure the organization’s applications and environments, from any user, device, and location.”

The tool assesses an organisation’s level of maturity in six areas of “zero trust”, namely, user identity, device, networks, applications, data, and security operations.

Once an organisation enters details of its security capabilities and policies, the tool assesses the overall security posture of the organisation based on industry and sector benchmarks.

In addition, the organisation also gets a bespoke report that indicates its level of maturity, challenges and opportunities in each of the six areas of zero trust.

Where applicable, it also offers tailored recommendations on the technologies and solutions that can help strengthen the organisation’s overall security posture and preparedness in a hybrid work environment.

While this is not the all and end all for SMBs, Andy Lee, managing director for Cisco Singapore and Brunei, says this is a “first step [for SMBs to get a] better understanding of their cybersecurity preparedness, and the opportunities and gaps that require attention”.

Highlights

Re test Testing QA Spotlight
1000th issue

Re test Testing QA Spotlight

Get the latest news updates in your mailbox
Never miss out on important financial news and get daily updates today
×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.