EDITION
  • English
  • 中文
  • Bahasa
  • eCommerce
Wednesday, March 22, 2023
uLearnMoney Subscription Events
No Result
View All Result
Money Compass

EDITIONS:

Media and partner organizations:

cmc bmc ulearnmoney mylife mcm asncommerce mcm
  • HOME
  • NEWS
    • Global Market News
    • Local Market News
    • Corporate News
    • PLC News
  • SPECIAL FEATURE
  • COMPASS
    • Financial
    • Investment
    • Start Up
    • Capital
    • Infographics & Quotes
  • MONEY TUBE
  • LIFESTYLE
  • PR NEWSWIRE
Subscription Newsletter
Money Compass
  • HOME
  • NEWS
    • Global Market News
    • Local Market News
    • Corporate News
    • PLC News
  • SPECIAL FEATURE
  • COMPASS
    • Financial
    • Investment
    • Start Up
    • Capital
    • Infographics & Quotes
  • MONEY TUBE
  • LIFESTYLE
  • PR NEWSWIRE
No Result
View All Result
中文 Bahasa eCommerce
Money Compass

How Strengthening ICT Supply Chain Resilience Is Everyone’s Business

A perspective from the Asia-Pacific

by Contributor
January 12, 2022
in Special Feature
supply chain
Share on FacebookShare on WhatsApp

NotPetya, WannaCry, ShadowPad, and Sunburst may or may not be household names, but these malware, and many more, have unleashed significant harm on the world.

Recently, one such instance of malware was used to attack an IT services company based in Dublin, which supplies security software to scores of large cybersecurity contractors. Working through the company, hackers infected hundreds of its clients worldwide with ransomware and demanded USD 50,000–5 million from each business in exchange for the decryption key.

Earlier this year, another attack hit an American IT software company, and subsequently infiltrated nine U.S. federal agencies, including the Office of the President, and the Treasury and Commerce Departments.

What these attacks have in common is their modus operandi: hackers targeted software vendors or IT companies to gain backdoor access to their clients’ systems, infecting hundreds and thousands of systems in one go.

This is perhaps how “supply chain” got its name – each part of the process stream is inevitably linked to another. When one part gets affected, a domino effect soon follows.

The Problem

ICT supply chain cyberattacks are on the rise – the European Union for Cybersecurity estimates a four-fold growth in attacks in 2021 compared to 2020. The risk is compounded as vulnerabilities can be introduced at any phase of the ICT life cycle: from design – through development, production, distribution, acquisition, and deployment – to maintenance.

The impact of these breaches is also set to grow, given the increasing interconnection of IT systems across organizations, sectors, and countries. In a 2019 survey by Gartner, 60% of organizations reported working with more than 1000 third parties.

Upon successful infiltration, cybercriminals enjoy free rein to conduct cyber espionage, steal data and intellectual property, or extort money through ransomware attacks, which have been on the rise. From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware – malware used to extort money from high-profile targets such as corporations, government agencies, and municipal organizations – increased by 767%.

While the impact on governments and enterprises may feature more prominently, the wider public is not spared. An attack on a grocery chain could force the temporary closure of scores of supermarkets, or a virus may be unleashed on millions of PC users through a software update (as, for example, occurred in the ShadowHammer3+1 attack, which Kaspersky detected and promptly mitigated in 2019).

Taking it further, the compromise of systems providing healthcare or public utilities may disrupt the provision of these essential services. And these are the very day-to-day things that affect individuals like you and me.

Early Responses

Recognising the risks and impact of supply chain cyberattacks, more countries are taking action. Since 2020, national cybersecurity strategies were either released or updated across Asia-Pacific, including in Singapore, Malaysia, Australia, and Japan. Other countries, like Vietnam, India, and Indonesia, are soon expected to release their own national strategies or implementation details too.

But when it comes to ICT supply chain resilience, the solution is more complex in view of the multitude and range of stakeholders involved. Some governments have intervened, with a focus on protecting the ICT supply chains of Critical Information Infrastructure (CII):

  • In 2018, the U.S. Department of Homeland Security established the ICT Supply Chain Risk Management Task Force, a public-private partnership to develop consensus on risk management strategies to enhance global ICT supply chain security. The Task Force has released guidelines on the sharing of supply chain risk information, and risk considerations for managed service provider customers.
  • The Australian Cyber Security Centre also published guides this year for businesses to identify cybersecurity risks associated with supply chains, and to manage these risks.
  • The Cybersecurity Agency of Singapore announced that it will shortly launch a CII Supply Chain Programme for stakeholders to adhere to international best practices and standards for supply chain risk management.

The Way Ahead

The global nature of ICT supply chains necessitates a stronger, coordinated response at every level.

Globally, countries and International Organizations (e.g., INTERPOL, the UN, ASEAN, Europol) have taken steps to tighten cooperation and share best practices:

  • Multilateral platforms – Today, the United Nations Group of Governmental Experts and Open-ended Working Group are platforms that can be used by countries to develop consensus around cyber processes and norms. Conferences such as the UN Internet Governance Forum provide further opportunities to discuss at the working level: in 2020, Kaspersky together with our partners organized a workshop to discuss the need and ways to develop assurance and transparency in global ICT supply chains.
  • Bilateral partnerships – Countries around the region, including Vietnam, India, Japan, Singapore, China and South Korea, have committed to MOUs on various aspects of cybersecurity – an important step in making progress domestically and globally.

While each of these platforms plays an important role in building consensus, exchanging knowledge and best practices, and harmonizing standards, moving forward, it is imperative to have more targeted conversations on global ICT supply chain resilience, given the wide-ranging types of actors and impact involved globally.

Nationally, governments must continue to drive nationwide efforts to establish a baseline level of cybersecurity across sectors through laws, regulations, guidelines, training requirements, and awareness building. The examples above provide a sense of some of the measures undertaken by governments.

Given the integrated nature of ICT supply chain resilience, there is a particular need to develop core principles (e.g., security-by-design), technical standards and legislative/regulatory frameworks to ensure a consistent level of cybersecurity and accountability across stakeholders. Self-assessment tools can also be published in addition to facilitating implementation.

Individually, everyone is responsible for ensuring our collective cybersecurity. Naturally, businesses that develop products and maintain systems must lead the way.

At Kaspersky, we believe that transparency in the components within and connections across software supply chains is the best way to ensure the integrity and trustworthiness of our digital infrastructure. Our commitment to this principle is evidenced by our Global Transparency Initiative, where, among other things, we:

  • Welcome third parties to review our source code. More recently, we made it easier for our partners and the public to understand what is inside our products by providing a software bill of materials – a list of all the components, information about them, and the relationships between them.
  • Practise responsible vulnerability disclosure, and have on many occasions, alerted IT companies regarding vulnerabilities in their systems, averting several potentially significant cyberattacks.

Cybersecurity is everyone’s business because our collective cybersecurity is only as strong as that of the weakest link among us. To remain ahead of the game, a holistic approach involving all stakeholders is required. We must look beyond playing catch-up and reacting to cyberthreats.

It is imperative to take a long term approach in designing the cybersecurity ecosystem, which includes building a strong talent pipeline to meet the needs of CERTs, forensic analysis teams, and IT departments, and designing CII that is secure-by-design.

The ideas above are by no means an exhaustive list, but hopefully, they provide an idea of where to begin – together – in view of the long way that lies ahead of us.

 

Written by: Genie Sugene Gan, Head of Government Affairs, Asia-Pacific, Kaspersky

 

Read more: How to Achieve Better User Experiences for Business Success

Tags: businessCybersecurityICTtechnology
ShareSendShareSendTweetShare
Previous Post

Unemployment rate to improve to 3.9% in 2022 – Kenanga Research

Next Post

WEA launches Online Entrepreneurship Certificate Programme for women worldwide

Related Posts

Quotes

Leading for Equality & Equity: How far have we already come towards gender equity in our nation?

09 Mar 2023
Corporate News

Pavilion Bukit Jalil acquisition to drive growth for Pavilion REIT

08 Mar 2023
Special Report

Citadel Group – AIMING FOR THE SKIES!

24 Feb 2023

Discussion about this post

MOST POPULAR

  • Top 100 SMEs Defy Economic Headwinds to Post Triple-Digit Growth

    0 shares
    Share 0 Tweet 0
  • Haleon launches #BetterOralCareNation campaign to improve oral health habits in Malaysia

    0 shares
    Share 0 Tweet 0
  • 7 Reasons to Hold MICE Events at The Westin Grand Ballroom and Convention Center, Surabaya

    0 shares
    Share 0 Tweet 0
  • Leveraging MineSec’s SDK, NCCNet SoftPOS solution receives PCI CPoC certification

    0 shares
    Share 0 Tweet 0
  • Dataxet Group Operation in Malaysia Wins Prestigious Brand Laureate Award for Sustainable Business

    0 shares
    Share 0 Tweet 0

MEMBERSHIP SUBSCRIPTION

Subscribe Now

Sign Up for Our Free Newsletters

Stay up-to-date with the latest personal wealth-related articles, breaking financial market news, and more.

Follow us on Social Media

News
Special Feature
Compass
Money Tube
Smart Lifestyle
Corporate Profile
Advertise
Subscriptions
Career
Contact Us
eLearning
Events
Privacy Policy
Terms of Use
Strategic Partners

Copyright © . Money Compass. All Rights Reserved.

Design and Development by Ant Internet Sdn Bhd

No Result
View All Result
  • HOME
  • NEWS
    • Global Market News
    • Local Market News
    • Corporate News
    • PLC News
  • SPECIAL FEATURE
  • COMPASS
    • Financial
    • Investment
    • Start Up
    • Capital
    • Infographics & Quotes
  • MONEY TUBE
  • LIFESTYLE
  • PR NEWSWIRE

© 2020 Money Compass

Career

SUBSCRIBE FREE NEWSLETTER