• About
  • Subscribe
  • Contact
Thursday, June 5, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Resources Blogs

Managing cyberattacks with standard cybersecurity measures

Melinda Baylon by Melinda Baylon
September 6, 2023
Photo by Sora Shimazaki: https://www.pexels.com/photo/crop-focused-hacker-in-hood-using-laptop-5926386/

Photo by Sora Shimazaki: https://www.pexels.com/photo/crop-focused-hacker-in-hood-using-laptop-5926386/

Share on FacebookShare on Twitter

The latest IBM Data Breach Report revealed that an alarming 83% of organizations experienced more than one data breach during 2022. According to the 2022 Verizon Data Breach Investigations Report, the total number of ransomware attacks surged by 13%, which is a rise equal to the last five years combined.

Harvard Business Review

With cyber risks skyrocketing at an alarming state, Harvard Business Review notes cyber attacks not only sink an organisation’s stock price but also cause a ripple effect in the whole supply chain, consuming company resources and limiting the ability to maintain its market. Although the short-term impacts of cyber attacks are already serious, their effects are also detrimental to companies in the long term.

Tim Choi, the group vice president at Proofpoint shares about the impact of cyber attacks on enterprises and what can they do about these incidents.

Is there anything different or unusual about the attacks on various trusted and known brands recently?

Tim Choi: Recent attacks on trusted brands like EY, PwC, and Zellis involved cybercriminals exploiting zero-day vulnerabilities—previously undiscovered bugs without an immediate fix. What set these attacks apart was the subsequent targeting of clients, vendors, and suppliers through supply chain vulnerabilities.

Tim Choi

"Last year, 68% of Singaporean organisations that faced cyber attacks attributed them to supply chain attacks. Attackers are increasingly leveraging supply chain vulnerabilities, and once they gain a foothold in an organisation or network, they can gather data that will likely later be used for extortion or ransomware attacks, as reflected in the recent attacks."

Tim Choi

The recent attacks against EY, PwC and Zellis exploit zero day vulnerabilities. Should security vendors and service providers be held liable for the continued existence of zero day vulnerabilities?

Related:  Emerging technology fuels cyberattacks, study finds

Tim Choi: Security vendors and service providers have the responsibility to adopt industry best practices for developing products that are secure by design and have safe default configurations. They should also proactively identify vulnerabilities in their code through internal audits and bug bounty programs, and design their security patches for quick and easy adoption.

However, organisations that purchase software or services from these vendors also have a part to play – by making third-party risk assessments a central part of their procurement process and assessing the track record of vendors to respond promptly to vulnerability reports.

What are standard cybersecurity measures that all organisations should have?

Tim Choi: Apart from conducting due diligence on vendors to mitigate supply chain attacks, organisations should adopt a people-centric approach to defend against future threats. This involves breaking the attack chain by safeguarding identities and data to hinder lateral movement by threat actors within the organisation.

Conducting cybersecurity awareness training is vital to involve employees in cyber defence. Additionally, organisations should invest in a robust email fraud defence solution that utilises the latest technologies in machine learning and artificial intelligence to detect attacks, and partner with a threat intelligence vendor to leverage a solution that combines static and dynamic techniques to detect new attack tools, tactics and targets.

What are proven approaches to mitigate the risks of successful supply chain attacks?

Tim Choi: Government agencies should identify and prioritise software solutions that have the widest deployments and technologies that support critical infrastructure. Software vendors and companies also have a part to play – they need to adopt industry best practices for developing products that are secure by design and be proactive about identifying vulnerabilities in their code.

Companies that purchase software need to do their due diligence as well by making third-party risk assessments a central part of their procurement process. They should also invest in security around collaboration tools like Microsoft 365 and Google Workspace that have increasingly become targets for threat actors.

Related:  OpenText launches AI-powered cybersecurity solution

Given that CISOs and CIOs have acknowledged the difficulty in hiring/retaining the right talent in their cybersecurity teams, what options do they have?

Tim Choi: Our survey of global Chief Information Security Officers (CISOs) reveals that almost two-thirds believe they are at risk of suffering a material cyber attack within the next 12 months. Talent is needed to develop solutions that enable organisations to stay ahead of cybercriminals. However, demand far outpaces the available workforce.

Both the private sector and government need to invest in education and training – this could involve developing internship programs and establishing partnerships with educational institutions. This would give young talent early exposure and motivation to the industry. The industry also needs to embrace diversity and aim recruitment at women and minorities, who are too often overlooked.

Can and should they put their trust in security vendors/managed security service providers?

Tim Choi: When evaluating a security vendor, organisations must consider more than just the technology offered. They need to choose a provider who offers exceptional ongoing support, not just from the offset. Organisations should also seek companies with a strong track record of investing in research and development and innovating their solutions because attackers are constantly developing their tactics, techniques, and procedures (TTPs).

Finally, companies should ensure their vendor can provide adequate security awareness training for employees as the human factor continues to remain a critical aspect of a well-rounded security provider – everyone has a role to play in cybersecurity.

Tags: cyberattackscybersecurityHarvard Business Reviewproofpoint
Melinda Baylon

Melinda Baylon

Melinda Baylon joins Cxociety as editor for FutureCIO and FutureIoT. As editor, she will be the main editorial contact for communications professionals looking to engage with aforementioned media titles. 

Melinda has adecade-long career in the media industry and served as TV reporter for ABS-CBN and IBC 13. She also worked as a researcher for GMA-7 and a news reader for Far East Broadcasting Company Philippines. 

Prior to working for Cxociety, she worked for a local government unit as a public information officer. She now ventures into the world of finance and technology writing while pursuing her passions in poetry, public speaking and content creation. 

Based in the Philippines, she can be reached at [email protected]

No Result
View All Result

Recent Posts

  • Platform to enhance software development security
  • Check Point launches enhanced branch office security gateways
  • BarracudaOne to offer a unified approach to cybersecurity
  • AI agents present new security challenges in Southeast Asia
  • Red Hat launches Enterprise Linux 10 for hybrid security

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl