Complexity and frequency of cyberattacks will increase this year

Organisations will need to continue to focus on retrofitting cybersecurity controls following the digital response to the pandemic

By HARIZAH KAMEL

CYBER security needs to be a built-in feature of day-to-day business and not a bolt-on afterthought as the complexity and frequency of cyberattacks increase and remote work becomes a more permanent fixture.

Ernst & Young Global Ltd (EY) Asia-Pacific cybersecurity risk consulting leader Richard Watson said the biggest technology challenge organisations faced last year was due to the Covid-19 crisis.

“With employees required to work from home, distributed workplaces and a rise in unsecured devices, cybersecurity quickly became a top priority for many organisations,” he said in a statement recently.

Watson shared his cybersecurity predictions for 2021 that security leaders and businesses must consider as companies continue to juggle accelerated information technology strategies and hybrid work structures.

He said the rise in complex security attacks is set to continue and that another exponential increase in ransomware, phishing, privileged access credential abuse and endpoint security attacks is expected.

“64% of clients surveyed by EY teams expect to somewhat or significantly increase their investment in cybersecurity in the light of these threats,” he said.

The rise of disruption caused by nation-state attacks and social hacktivism will also continue.

Watson explained that business continuity will overtake concerns around privacy and data theft in 2021, with 59% of EY clients surveyed in the Global Information Security Survey experiencing an increase in disruptive attacks over the past year.

Recently in a viral video on social media, hacker group Anonymous Malaysia threatened to hack the government’s websites and even asserted that the government’s security system is low, making it defenceless for ominous hackers to leak and sell data.

The group’s “message” raised widespread concern about the country’s data security, which prompted National Cyber Security Agency (NACSA) and the National Security Council (MKN) to issue a warning notice to all government agencies.

“As such, NACSA and MKN have issued a warning notice to all government agencies to take necessary actions to prevent and mini- mise the impact of the attack threats.

“NACSA and MKN are also working with the Royal Malaysia Police to coordinate and take actions accordingly,” the MKN said in a statement.

Watson said organisations’ 2021 cyber strategies will focus on simplification and automation of key cyber activities, improving the meantime to detect and respond to a cyber incident, and assuring the security of trusted third parties.

Meanwhile, he said the need to respond to the regulatory push for minimum cyber standards will drive most spend, adding that regulators who have not already done so will begin to mandate minimum cyber standards.

“Starting with critical national infrastructure and then extending beyond, with regulatory compliance continuing to be the single biggest main driver for organisations’ cyber spend,” he noted.

He added that organisations will need to continue to focus on retrofitting cybersecurity controls following the digital response to the pandemic, with 45% of clients surveyed by EY saying they have adopted new technology because of remote working, and 60% saying they have abbreviated or skipped the security review in doing so.