Intelligent CIO APAC Issue 01 | Page 33

Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + GEOFF SCHOMBURGK, VICE PRESIDENT OF AUSTRALIA & NEW ZEALAND AT YUBICO EDITOR’S QUESTION The move to remote working has caused unwanted security concerns for most Asia Pacific organisations, so it is important to know how to mitigate the risks. Remote work typically results in personal devices being used for work-related activities or vice versa, where both are being run on substantially less secure networks. The pandemic has not resulted in any observable changes to the kind of threat tactics, techniques, or procedures. But the level of risk to which organisations are now exposed has increased. The widespread scramble to accommodate remote work has increased the attack surface to unprecedented proportions, heightening the likelihood of a large-scale cyber incident. The adversary capitalises on the effects of COVID-19 by targeting those affected with malware, ransomware, or phishing attacks. “ THE ADVERSARY CAPITALISES ON THE EFFECTS OF COVID-19 BY TARGETING THOSE AFFECTED WITH MALWARE, RANSOMWARE, OR PHISHING ATTACKS. Now that many organisations are operating away from their office environment, they must revisit their current security foundation to ensure it can withstand and combat targeted attacks. Due to the increasing use of mobile devices, it is important to build a security infrastructure that can support a modern workforce, while also having the flexibility to accommodate future systems. Most APAC companies are now thinking about how this ‘new’ way of working will change their business for good and accelerate their path to Digital Transformation. One thing is certain, as more core business functions and applications are digitised and moved to the cloud, a strong, yet flexible, security foundation is critical to reducing risk exposure. To help organisations combat the very real cyberthreats, the Australian government’s lead cybersecurity agency has introduced what it calls the ‘Essential Eight’. This is a set of eight mitigation strategies to help organisations understand how they can better protect themselves from increasingly sophisticated and frequent cyberthreats. Other governments across APAC are introducing similar guidelines and legislation. One of the eight recommended mitigation strategies is Multi-Factor Authentication (MFA), which is one of the most effective controls to prevent an adversary from gaining access to a device or network and stealing sensitive information. In fact, MFA is proven to limit the extent of cybersecurity incidents, such as phishing, man-in-themiddle attacks and malware. All organisations across APAC that do not strengthen their cybersecurity maturity level by introducing mitigation strategies may discover themselves unprepared to effectively protect, detect and respond to threats specifically targeting their organisation. INTELLIGENTCIO 33