For the past two years, the Asia-Pacific (APAC) region, like the rest of the world, has seen a huge digitalization leap as a result of the pandemic. Given the haste and urgency, cybersecurity measures have taken a back seat, resulting in some high-profile ICT supply chain attacks last year.
The world has seen some high-profile incidents where cybercriminals took advantage of the weaknesses of ICT vendors, and used them as attack launch pads where many other targets in one fell swoop. Global cybersecurity company Kaspersky sees this trend to continue as cybercriminals try to further monetize this threat.
Commenting on the trend, Eugene Kaspersky, CEO of Kaspersky, said: “In the last two years there has been a new wave of attacks that exploited critical vulnerabilities in the ICT supply chain. As threat actors evolve their techniques and tactics, we should expect supply chain attacks to be a growing trend in 2022 and beyond.”
To map out the possible solutions to beef up the ICT supply chain resilience in the region, Kaspersky held its fourth APAC Online Policy Forum gathering distinguished industry and policy experts including:
- Shri Rajeev Chandrasekhar | Minister of State in the Ministry of Electronics and Information Technology; and Ministry of Skill Development and Entrepreneurship, India
- Dato’ Ts. Dr. Haji Amirudin Abdul Wahab | Chief Executive Officer of CyberSecurity Malaysia
- Dr. Pratama Persadha | Chairman of Communication & Information System Security Research Center (CISSReC), Indonesia
Kaspersky 4th APAC Online Policy Forum speakers (Left to Right): CEO of Kaspersky Eugene Kaspersky, Head of Government Affairs for Kaspersky APAC Genie Sugene Gan, Indonesia’s Chairman of Communication & Information System Security Research Center Dr. Pratama Persadha, India’s Minister in the Ministry of Electronics and Information Technology Shri Rajeev Chandrasekhar, and Malaysia’s Chief Executive Officer of CyberSecurit Dato’ Ts. Dr. Haji Amirudin Abdul Wahab
Echoing Kaspersky’s note, Dato Amirudin explained, “The number of attacks on those working in the supply chain has increased, heavily targeted, more vulnerable and at-risk than ever before. Supply chain attack is difficult to handle due to its malware design which stays hidden among the infected system and user’s device. Especially in today’s environment, nations are slowly recovering from the pandemic and starting to move towards digital transformations.”
He also noted, during the forum, the need to include awareness and education across all sectors involved in the ICT supply chain, including small and medium enterprises (SMEs) which do not have the budget and assets to invest in improving their cybersecurity defenses.
For his part, Dr. Pratama Persadha, added, “Resilience is all about resistance and recovery. One way for both government and non-government stakeholders to minimize these risks is to improve cybersecurity capabilities, which will subsequently improve ICT supply chain resilience,” he says.
“However, this will be constrained if all relevant parties do not improve the cybersecurity of their systems. The main obstacle is the lack of understanding surrounding the importance of cybersecurity to increase ICT supply chain resilience. In the end, stakeholders must consider the significant investment to increase the overall standard of cybersecurity to improve the resilience of the ICT supply chain,” Dr. Persadha explained.
Cross border collaboration
Speakers at the forum also agreed on the need for intelligence sharing and international cooperation to secure nations, organizations, and individuals in APAC and beyond.
“The responsibility of securing the ICT supply chain and ensuring safe and trusted internet space is something that the Indian government accords high priority to. The core part of the strategy is a cross-border collaboration with all stakeholders to ensure protection and resilience of the tech space and ICT supply chain,” noted Shri Rajeev Chandrasekhar.
An active advocate of cross-border collaborations and building cybersecurity capabilities, Kaspersky has been working consistently with its partners to raise awareness and propose actionable steps for the global community, done in forums such as the recent Paris Call for Trust.
The global cybersecurity company has also established its baseline standard of cybersecurity through the Global Transparency Initiative which includes a number of actionable and concrete measures that the company takes to welcome others to validate and verify the trustworthiness of our products, internal processes, and business operations and Security in Cyberspace.
Explaining possible solutions, Kaspersky says short-term and long-term strategies should be looked into by both government and private sectors.
Short-term solution includes improving procedures and regulations on ICT supply chain infrastructure. Kaspersky cited companies certifying supply chain partners to lessen attacks close to zero. The role of government regulations also plays a key role in this as in the case of critical infrastructure.
Eugene Kaspersky added: “The long-term solution is to make systems immune. This means the system being designed in such a way that even if an ICT supply chain component is vulnerable, it cannot affect the rest of the system. Even if there is a zero-day or any other vulnerability somewhere in the supply chain, it doesn’t carry over into other components in the chain.”
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
About CyberSecurity Malaysia
CyberSecurity Malaysia is the national cybersecurity specialist and technical agency under the purview of the Ministry of Communications and Multimedia Malaysia. In essence, CyberSecurity Malaysia is committed to provide a broad range of cybersecurity innovation-led services, programs, and initiatives to help reduce the vulnerability of digital systems, and at the same time strengthen Malaysia’s self-reliance in cyberspace. Among specialized cyber security services provided are Cyber Security Responsive Services; Cyber Security Proactive Services; Outreach and Capacity Building; Strategic Study and Engagement, and Industry and Research Development.
For more information, please visit http://www.cybersecurity.my. For general inquiry, please email to info@cybersecurity.my.
About Ministry of Electronics and Information Technology (MeitY)
The Ministry of Electronics and Information Technology (MeitY) India serves to promote e-Governance for empowering citizens, promoting the inclusive and sustainable growth of the Electronics, IT & ITeS industries, enhancing India’s role in Internet Governance, adopting a multipronged approach that includes development of human resources, promoting R&D and innovation, enhancing efficiency through digital services and ensuring a secure cyber space.
About Communication & Information System Security Research Center (CISSReC)
CISSReC (Communication & Information System Security Research Center) is a non-profit organization in Indonesia that focuses on information and communication system security research. This institution aims to help create a society that is aware of and understands the importance of information and communication system security.
The institution, which was founded by professionals in the IT security and cryptography field, will continue to educate the public through the publication of its research results and various campaign activities in the field of information and communication system security.
Recent Comments