Happy Nice Mall

An NTUC employee accidentally downloading malware onto a laptop he was using to access company files by inserting a personal USB drive was a perfect example of remote work security issues. “We got a security alert right away, but the fix was difficult,” Loe recalls. “We actually had to send a cybersecurity officer to the employee’s home by motorcycle to retrieve the computer for investigation. In the past, we could protect the network by simply cutting off the employee’s laptop access. However, there is no chance of losing any data over the internet when an employee is working from home.”

Welcome to the new cybersecurity threat landscape. 61% of organizations increase their cybersecurity investment Working from home is during the pandemic, according to the 2021 Gartner CIO Agenda survey. Remote workers rely on cloud computing services to do their jobs, such as texting with colleagues, collaborating on projects, or participating in video conference calls with customers. And when information technology (IT) teams are no longer responsive to their needs, physically removed, remote workers can easily purchase their own online solutions to problems. But all this bypasses the usual cybersecurity practices and creates a world of concern for IT.

Yet for many parts of the world, remote work is just one of many factors that increase an organization’s exposure to cybersecurity breaches. The Asia-Pacific region is no exception, where 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks reported experiencing a cybersecurity attack from an unknown, unmanaged, or poorly managed digital asset.

Conducting a complete inventory of internet-connected assets and relaunching cybersecurity policies for today’s modern remote work environment can reduce risks. But organizations must also understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in the Asia-Pacific.

To better understand the challenges today’s security teams face in this region and the strategies they should adopt, MIT Technology Review Insights and Palo Alto conducted a global survey of 728 respondents, 162 of whom were from Asia-Pacific. Their answers, together with input from industry experts, identify specific security challenges in today’s IT environment and provide a critical framework for protecting systems against growing bad actors and fast-moving threats.

Vulnerabilities of a cloud environment

The cloud continues to play a critical role in accelerating digital transformation. And for good reason: cloud technologies offer significant benefits, including increased flexibility, cost savings, and greater scalability. However, cloud environments responsible for 79% of observed exposuresCompared to 21% for on-premises assets, according to the 2021 Cortex Xpanse Attack Surface Management Threat report.

This is a major concern, given that nearly half (43%) of Asia-Pacific organizations report that at least 51% of their operations are in the cloud.

One way cloud services can compromise an organization’s security posture is by contributing to shadow IT. Because cloud computing services can be easily purchased and deployed, Loe says, “purchasing power shifts from a company’s traditional financial office to its engineers. These engineers can purchase a cloud service with nothing more than a credit card, without anyone following the purchase.” The result, he says, is “blind spots” that can hinder IT efforts to protect a company’s attack surface — the sum total of possible entry points. After all, Loe adds, “We can’t protect something that we don’t know exists – that’s an extreme reality today.”

Agnidipta Sarkar of Biocon agrees. “Without the bureaucracy associated with procuring IT capabilities, shadow IT can become pervasive,” says Sarkar, head of group information security (CISO) at the Indian pharmaceutical company. “Unless an organization truly plans for digital resilience, the unplanned and uncontrolled growth of digital assets can escape the focused governance required by information security.”

The exponential growth of connected devices is also challenging organizations to secure their cloud infrastructure. “Many people don’t realize that IoT devices like sensors are actually computers and powerful enough to be used to launch bots and other types of attacks,” Loe warns. He cites examples of smart locks and other mobile apps that allow employees to unlock and open doors and hackers gain unauthorized access to corporate networks.

As cloud services and connected devices raise universal cybersecurity issues, Asia-Pacific organizations face additional challenges. For example, Loe points to varying degrees of cybersecurity maturity among countries in the region. “We have countries like Singapore, Japan and Korea that rank high in terms of maturity,” he says. “But we also include Laos, Cambodia and Myanmar, which are at the low end of maturity. In fact, some government officials in these regions still use free Gmail accounts for official communication.” Loe says some vulnerable countries are used as launching pads for attacks on their neighbors.

Another factor that set some Asia-Pacific countries apart from other parts of the world was their unpreparedness to quickly switch to remote work in the first months of the pandemic. According to Kane Lightowler, vice president of Cortex, Palo Alto’s threat detection platform division, organizations lagging behind in their digital transformation efforts “should prioritize business continuity above all else,” allowing cybersecurity to stay in the background. Unfortunately, “many of these companies still lack the ability to do business in a secure and compliant manner. But now, in 2021, they’re starting to prioritize safety again.”

Download full report.

This content is produced by Insights, the exclusive content arm of MIT Technology Review. It was not written by the editorial staff of MIT Technology Review.