Did you know that almost a third of network users were attacked by web threats in previous years?
Did you also know that risky online behaviour of employees remains a challenge for half of businesses?
If you weren’t aware before, it’s time to think again.
Surely, employees can put corporate networks and sensitive data at risk. Their doing so is either by chance or by design. While employees might be the unknowing gatekeepers of your organisation’s network safety, the onus is on businesses to educate their staff and implement strict security policies.
Even so, education might not be enough. Since attacks have become more malicious and sophisticted, one of the key techniques used to penetrate businesses is social engineering. Attackers manipulate employees into performing dangerous actions or giving out personal information.
Business Solution for Web Threats
However, this is not enough. Endpoint protection, such as Kaspersky Web Traffic Security, provides businesses with a solid first line of defence. The added risk-mitigation layer stops threats at the point of attempted attack. Hence the attacker never once has the opportunity to reach employee endpoints. Such software reinforces web gateways to protect employees from web-based attacks of all sorts. Moreover, the solution is able to reduce risks and decrease IT support overheads.
As a powerful multi-layered machine learning based anti-malware engine, the Kaspersky Web Traffic Security weans the probability of hazardous actions. Actions like clicking on phishing links and opening untrusted web pages become unlikely with the renewed anti-phishing engine, in addition to the deep learning-based technologies. By filtering ingoing and outgoing content, the risk of infection and data leakage is quickly lowered. Moreover, the application’s web control feature assists in the managing of categories of web resources, limiting its access to only authorised employees.
Around the clock, the solution uses global threat intelligence from the cloud to improve attack detection rates. The cloud contains reputation data about files, URLs and IP addresses from Kaspersky Security Network and unique data acquired during expert research.
In terms of social engineering, Kaspersky Web Traffic Security can significantly reduce the risk and minimise pressure from IT support staff.
Serget Martsynkyan, Head of B2B Product Marketing, Kaspersky Lab, commented, “The application will boost business defenses, providing a proven Next Generation cybersecurity engine, with arguably the lowest false positive rates and highest detection rates in the industry – governing internet use via a single application point.”
Better Business with Less Threats
Users of Kaspersky Web Traffic Security can also enjoy enhanced management capabilities.
For an improved user experience, a graphic user interface can be used for event-centric gateway security management and monitoring.
Secondly, a SIEM integration is present to add gateway security context to the infrastructure-wide picture of security events.
To tackle heavier loads and work easier with distributed infrastructure, multi-node management is available.
Additionally, a special multitenancy mode for MSPs and diversified companies is available. This allows them to assign dedicated workspaces for different customers or projects/offices and manage them separately.
Finally, role-based access control allowing the management of access levels for security administrators who have different responsibilities is possible.
The fear of an employee who probably has poor IT literacy or cyber hygiene is ameliorated with this endpoint protection. No more cases of curiosity killed the cat.
Kaspersky Web Traffic Security is a part of Kaspersky Internet Gateway Security. More information about the application can be found here.
The Minister of Electronics and Information Technology (MeitY), Ashwini Vaishnaw, has discussed creating a robust response to the challenges posed by deepfake technology with representatives from academia, industry bodies, and social media companies. The consensus reached in the discussion entails collaborative efforts among the government, academia, social media companies, and the National Association of Software and Service Companies (NASSCOM) to collectively address the harmful uses of deepfake.
Deepfakes are artificial intelligence-manipulated video, audio, and images. Their hyper-realistic nature makes them challenging to identify as fake, especially for individuals unfamiliar with the technology. Therefore, these manipulations can and have harmed reputations and serve as tools to falsify evidence. Deepfakes are also a threat to democracy and social institutions globally and the increasing presence of deepfakes in political messaging could be particularly damaging, especially in the lead-up to the upcoming general elections, posing risks to the integrity of information and public discourse.
The meeting, held at the end of November, concluded with an agreement to identify actionable items within the next 10 days, focusing on four key pillars:
- Detection: Develop methods to identify deepfake content both before and after its posting.
- Prevention: Establish an effective mechanism to prevent the spread of deepfake content.
- Reporting: Implement an efficient and prompt reporting system along with a grievance redressal mechanism.
- Awareness: Launch a widespread awareness campaign to educate the public on the issues related to deepfake technology.Top of Form
Furthermore, effective immediately, MeitY will initiate an exercise to assess and formulate necessary regulations to combat the threat of deepfake. To facilitate this process, MeitY will invite public comments through the MyGov portal.
A follow-up meeting with relevant stakeholders will be held again this week to finalise the four-pillared structure. According to the government’s AI news portal, it remains committed to combating the growing threat of deepfake through technology and by fostering public awareness. It said that MeitY has frequently guided social media intermediaries, urging them to exercise due diligence and promptly take necessary actions against instances of deepfake.
Recently, the Delhi High Court expressed reservations about the prospect of judicial intervention to regulate the use of deepfake content created through AI. It said that addressing the issue and finding a balanced solution would be more appropriately handled by the government, given its extensive data resources and wide-ranging machinery. The court scheduled the matter for an additional hearing in January.
Governments globally are addressing the threats of damaging deepfake technologies by implementing enhanced rules and regulations. In September, the United States National Security Agency (NSA) and federal agency partners issued new guidance on cybersecurity risks associated with deepfakes.
As OpenGov Asia reported, they published a Cybersecurity Information Sheet (CSI) titled “Contextualising Deepfake Threats to Organisations” to help organisations recognise, safeguard against, and respond to deepfake threats.
It suggests that organisations should incorporate real-time verification capabilities. It underscores the use of passive detection techniques for continuous monitoring and early identification and emphasises the significance of safeguarding high-profile officers and their communications, as they are frequent targets of deepfake attempts.
Apart from detection, the guidance offered ways to mitigate the impact of deepfake attacks. Organisations must foster information sharing within and across organisations. The guidance advocates for thorough planning and rehearsal of responses to potential exploitation attempts, ensuring organisations are well-prepared for any incidents. Personnel training is another crucial aspect, providing individuals with the skills and knowledge to effectively recognise and respond to synthetic media threats.
Ethical concerns in artificial intelligence (AI) cybersecurity encompass a spectrum of issues, including privacy, fairness, transparency, and accountability. Ensuring that AI systems operate within ethical boundaries is paramount to building trust among users, stakeholders, and the public. The collaborative effort behind the global guidelines signifies a collective commitment to addressing these ethical considerations comprehensively.
Privacy is a cornerstone of ethical AI development, especially in a world where data plays a central role in training and refining AI models. The guidelines emphasise the need for robust privacy measures to safeguard user data, preventing unauthorised access and misuse. Developers can contribute to a more ethical and responsible AI ecosystem by incorporating privacy-preserving practices.
New Zealand’s dedication to enhancing cybersecurity strengthens the landscape around AI. In the last update, the National Cyber Security Centre (NCSC) became one of 17 agencies from 17 countries to release guidance, led by the United Kingdom, to help AI developers adopt cyber security from the outset. The result is the release of the Guidelines for Secure AI System Development, a comprehensive set of standards that mark the first globally agreed-upon cybersecurity guidelines for AI developers. The policies, endorsed by 23 international agencies, including New Zealand’s NCSC, aim to instil a “secure by design” approach in the development process, ensuring the safety, resilience, privacy, fairness, reliability, and predictability of AI systems.
The newly introduced guidelines serve as a crucial pre-condition for the safety and effectiveness of AI systems. Cybersecurity considerations are paramount to safeguarding these systems against evolving threats and potential vulnerabilities. Lisa Fong, Deputy Director General of the National Cyber Security Centre, emphasises the importance of adopting a secure-by-design approach, which is fundamental in elevating the cybersecurity posture of AI systems. The guidelines provide developers with a roadmap to make informed decisions at every stage of AI system development, whether building systems from scratch or leveraging existing tools and services.
International partner agencies and industry experts are involved in this collaboration, fostering a shared understanding of cyber risks, vulnerabilities, and effective mitigation strategies. The guidelines lay down a comprehensive framework for developers and contribute to establishing a global consensus on best practices for AI cybersecurity. The international endorsement of these guidelines reinforces the shared commitment to creating a secure environment for the evolution of AI technologies.
The release of these guidelines follows the interim generative AI guidance for the public service. This interim guidance, jointly produced by the NCSC, served as a precursor to the global guidelines and demonstrated the multidisciplinary approach required to securely harness the potential of generative AI. The collaboration between the NCSC, data experts, digital professionals, procurement specialists, and privacy counterparts underscores the need for a holistic and integrated approach to AI cybersecurity.
As the adoption of AI continues to grow across diverse sectors, from public services to private industries, the significance of robust cybersecurity measures cannot be overstated. The global nature of the collaboration behind these guidelines reflects the urgency and shared responsibility felt by nations worldwide to mitigate the evolving threats posed by cyber adversaries.
These guidelines are set to become a foundational resource for AI developers globally, offering a comprehensive approach to embedding cybersecurity measures from the outset. The emphasis on a secure-by-design philosophy aligns with the evolving landscape of cyber threats, where proactive measures are essential for staying ahead of potential risks. The guidelines address current challenges and provide a forward-looking framework to adapt to the dynamic nature of AI technologies and the cybersecurity landscape.
New Zealand is consistent in conforming to international collaboration to fortify the foundations of AI cybersecurity. As nations join forces to address the challenges posed by cybersecurity threats, these guidelines stand as a testament to the commitment to creating a secure and resilient environment for the evolution of artificial intelligence. The global endorsement underscores the recognition of AI’s transformative potential and the shared responsibility to ensure its responsible and secure integration into various facets of modern society.
In the nation’s critical infrastructure landscape, K-12 schools are pivotal, serving as the foundation for future success and playing an indispensable part in the lives of millions of children, families, and communities. Recognising the importance of ensuring the safety and well-being of students, educators, and staff, the Cybersecurity and Infrastructure Security Agency (CISA) leads the annual Critical Infrastructure Security and Resilience Month. This initiative aims to educate and engage all levels of government, infrastructure owners and operators, and the American public about critical infrastructure’s crucial role in the nation’s well-being and the need to strengthen security and resilience.
Digital technology has become an integral aspect of modern education, and as schools navigate the complex landscape of security and resilience, leveraging digital tools and strategies becomes paramount. The intersection of education and technology presents various challenges and opportunities, especially in an evolving threat environment that includes cyberattacks alongside more traditional hazards.
As CISA encourages a Resolve to be Resilient, the emphasis extends to the education community, urging several measures and investments in resilience. The agency acknowledges threats’ increased frequency and intensity, encompassing natural disasters, targeted violence, and cyberattacks. The call to action is clear: prepare today to withstand or recover quickly in the event of an incident tomorrow.
To address the challenges an interconnected world poses, CISA collaborates with several federal agencies and non-government partners to provide actionable guidance, evidence-based practices, and digital tools. The goal is to empower school leaders to navigate the complexities of the digital landscape while fostering a secure and resilient environment for students and staff.
One critical resource CISA offers is the K-12 Bystander Reporting Toolkit, developed in partnership with the U.S. Secret Service National Threat Assessment Centre. This toolkit equips schools with simple strategies to implement and enhance safety reporting programmes, leveraging digital communication channels to facilitate reporting and response.
The K-12 School Security Guide Product Suite, another digital resource, offers districts and campuses tools and strategies to evaluate vulnerabilities, strengthen security measures, and enhance the protection of school communities. This suite reflects a comprehensive approach to digital and physical security in educational settings.
Recognising the importance of cybersecurity, CISA’s Cybersecurity for K-12 Education provides schools with tools, information, and resources to guard against cyber actors and reduce the likelihood of successful cyber incursions. Addressing systemic cybersecurity risks becomes an integral component of school safety plans as technology advances.
Further, CISA’s Tabletop Exercise Packages, designed to examine and test safety processes and plans through simulated exercises, incorporate digital scenarios to ensure that schools are prepared for various threat scenarios, including cyber incidents. This proactive approach helps schools identify digital resilience and response capabilities gaps.
The agency’s regionally based security advisors further contribute to building resilience by providing various risk management and response services, including guidance on addressing evolving digital threats. These advisors play a crucial role in ensuring that schools are equipped to handle the dynamic challenges posed by the digital landscape.
In the digital age, where information is shared at unprecedented speeds, CISA administers SchoolSafety.gov, a Federal interagency website serving as a one-stop access point to school safety information, resources, and tools. This platform covers various topics and threats, offering a holistic approach to creating comprehensive and sustainable school safety plans.
Critical Infrastructure Security and Resilience Month reminds the entire school community to unite in advancing safety efforts. The focus on digital resilience highlights the need for ongoing preparedness and adaptation to changing risk conditions. Throughout this month and beyond, CISA reaffirms its commitment to assisting school communities in maintaining safe, secure, and resilient learning environments in the digital era. The agency’s dedication to leveraging digital technology to benefit education underscores the importance of an inclusive and collaborative approach to cybersecurity and resilience in the nation’s schools.
In a meeting with the Private Sector Advisory Council (PSAC), President Ferdinand R. Marcos Jr. pledged support for pivotal legislative measures recommended by the PSAC Digital Infrastructure Group. These measures, aligned with the Philippine Digital Transformation Framework, aim to fortify cybersecurity efforts within the nation.
Expressing his commitment during a Palace gathering, the President affirmed his intention to prioritise and expedite the passage of three bills pending in the Senate. These bills, including the Cybersecurity Act, Anti-Mule Act, and the Online Site Blocking Act, are integral components of the nation’s strategy to bolster cybersecurity and safeguard digital assets.
“The structural requirements in legislation are evidently crucial. Let’s focus on the Cybersecurity Act, Anti-Mule Act, and the Online Site Blocking Act. Collaborating with the Legislature’s leadership, we aim to swiftly progress these bills,” explained the President to PSAC officials.
The bills, currently pending at the Senate, encompass vital aspects crucial for the country’s digital security and protection against cyber threats. The Cybersecurity Act, in particular, carries provisions designed to enhance the country’s cybersecurity resilience, fortify critical information infrastructures, and impose penalties for non-compliance with digital asset protection standards.
Recent cyber threats targeting government entities have underscored the urgency of passing the Cybersecurity Act, aligning with the administration’s commitment to securing public digital assets.
Citing statistics from a tech giant, a significant 85% of Philippine companies anticipate potential disruptions to their operations due to cybersecurity attacks within the next 24 months. Additionally, data from the Department of Information and Communications Technology (DICT) underscores the Philippines’ prominence as the fourth most targeted country globally, with approximately 3,000 cyber incidents reported between 2020 and 2022, half of which targeted government institutions.
Moreover, the proposed Anti-Mule Act aims to curb fraudulent activities related to bank accounts, e-wallets, and other financial platforms. The legislation seeks to criminalise activities like using fake identities to open accounts, unauthorised account transfers, and recruiting individuals for fraudulent account purposes. It will also enforce stricter penalties and delineate jurisdiction for law enforcement agencies.
Simultaneously, the Online Site Blocking Act, if passed, will combat online content piracy by instituting measures to block websites hosting pirated content. Advocates highlight the importance of safeguarding the creative industry and consumers from the perils of online piracy, emphasising the potential revenue loss and risks posed by pirate websites.
PSAC stressed the significance of fortifying laws to protect the creative economy, ensuring artists can create content without fear of theft. They underscored the necessity of empowering the Executive branch to implement these laws effectively.
The collective urgency to fortify cybersecurity measures and protect digital assets underscores the critical need for the prompt passage of these bills. President Marcos Jr.’s endorsement signifies a pivotal step toward reinforcing the country’s digital infrastructure and safeguarding its cyber landscape for the future.
Earlier this year the Asian Productivity Organization (APO) convened a pivotal training session focused on enhancing cybersecurity across its member countries. Intending to foster the adoption of robust cybersecurity practices among IT professionals, the event encompassed representatives from diverse nations. Notably, among the forty-four participants, fourteen were delegates from various Philippine National Government Agencies alongside active participation from the private sector.
The four-day intensive training facilitated addressed the pressing need to fortify defences against evolving cyber threats and shed light on the escalating complexity of cyber threats. With the proliferation of artificial intelligence (AI) in augmenting the capabilities of cyber assailants, the landscape has become more treacherous, amplifying the vulnerabilities of existing cybersecurity defence mechanisms.
Established in 1961, the APO stands as an intergovernmental organisation committed to fostering mutual cooperation and sustainable socio-economic development across the region. Serving as a think tank and offering policy advisory services, the APO has consistently spearheaded initiatives spanning diverse sectors. In its unwavering dedication, it plays a crucial role in enhancing the cybersecurity resilience of member countries.
Singapore’s Senior Minister of State for Defence, Heng Chee How, and Senior Minister of State for Communications and Information and Health, Dr Janil Puthucheary, recently visited the Critical Infrastructure Defence Exercise (CIDeX) 2023, underscoring the government’s commitment to fortifying national cybersecurity.
The exercise, held at the National University of Singapore School of Computing, witnessed over 200 participants engaging in operational technology (OT) critical infrastructure defence training.
Organised by the Digital and Intelligence Service (DIS) and the Cyber Security Agency of Singapore (CSA), with support from iTrust/SUTD and the National Cybersecurity R&D Laboratory (NCL), CIDeX 2023 marked a collaborative effort to enhance Whole-Of-Government (WoG) cyber capabilities. The exercise focused on detecting and countering cyber threats to both Information Technology (IT) and OT networks governing critical infrastructure sectors.
This year’s edition boasted participation from DIS, CSA, and 24 other national agencies across six Critical Information Infrastructure (CII) sectors. With an expanded digital infrastructure comprising six enterprise IT networks and three new OT testbeds, participants operated on six OT testbeds within key sectors—power, water, telecom, and aviation.
CIDeX 2023 featured Blue Teams, composed of national agency participants serving as cyber defenders, defending their digital infrastructure against simulated cyber-attacks launched by a composite Red Team comprising DIS, CSA, DSTA, and IMDA personnel. The exercises simulated attacks on both IT and OT networks, including scenarios such as overloading an airport substation, disrupting water distribution, and shutting down a gas plant.
The exercise provided a platform for participants to hone their technical competencies, enhance collaboration, and share expertise across agencies. Before CIDeX, participants underwent a five-day hands-on training programme at the Singapore Armed Forces (SAF)’s Cyber Defence Test and Evaluation Centre (CyTEC) at Stagmont Camp, ensuring readiness for cyber defence challenges.
On the sidelines of CIDeX 2023, the DIS solidified cyber collaboration by signing Memorandums of Understanding (MoUs) with key technology sector partners, expanding its partnerships beyond the earlier agreement with Microsoft earlier in the year.
Senior Minister Heng emphasised the importance of inter-agency cooperation, stating, “CIDeX is a platform where we bring together many agencies throughout the government to come together to learn how to defend together.” He highlighted the collective effort involving 26 agencies and over 200 participants, acknowledging the significance of unity in cybersecurity.
Dr Janil echoed this sentiment, emphasising CIDeX’s role in the Whole-of-Government (WoG) cyber defence effort. He remarked, “Defending Singapore’s cyberspace is not an easy task, and it is a team effort.”
He commended the strong partnership between the Cyber Security Agency of Singapore and the Digital and Intelligence Service, recognising the exercise as a crucial element in strengthening the nation’s digital resilience and national cybersecurity posture.
By leveraging collaboration, innovation, and a robust defence strategy, Singapore aims not just to protect its critical infrastructure but to set a global standard in cybersecurity practices.
CIDeX 2023 serves as a compelling embodiment of Singapore’s unwavering dedication to maintaining a leadership position in cybersecurity practices. This strategic exercise underscores the nation’s commitment to cultivating collaboration and fortifying its resilience against continually evolving cyber threats.
Beyond a training ground for sharpening the skills of cyber defenders, CIDeX 2023 encapsulates the government’s profound commitment to adopting a robust, collaborative, and forward-thinking approach to safeguarding the integrity and security of the nation’s critical infrastructure in the dynamic landscape of the digital age.
Union Minister of State for Skill Development & Entrepreneurship and Electronics & IT, Rajeev Chandrasekhar, spoke at two influential tech events: the Indian Express Digifraud & Safety Summit 2023 and YourStory Techsparks’23. His engagements centred around India’s technological advancements, regulatory policies, and the nation’s promising future in the global tech landscape.
At these tech summits, Minister Rajeev Chandrasekhar outlined India’s ambitious technological trajectory, reinforcing the government’s dedication to fostering innovation, ensuring a safe digital environment, and harnessing the transformative power of technology for the nation’s progress.
Minister Rajeev Chandrasekhar articulated India’s journey in artificial intelligence (AI) and emphasised the government’s commitment to fostering innovation and the startup ecosystem. He expressed the government’s profound interest in further boosting India’s burgeoning startup landscape.
Minister Rajeev Chandrasekhar noted India’s transition from an unrestricted, eternally optimistic view of technology and the internet to a more nuanced approach. He highlighted the government’s aim to strike a balance between fostering innovation and growth while guaranteeing distinct rights for digital citizens.
The Minister emphasised the evolution from the phase of transforming India to the concept of ‘New India’ and now envisions witnessing the emergence of ‘Viksit Bharat’. He expanded on India’s transformation which resonated with the Prime Minister’s vision to raise India to a developed nation status, aiming to elevate the nation to the position of the world’s third-largest economy.
Highlighting the government’s initiatives, Minister Chandrasekhar stated, “Our focus is on startups, innovation, and funding, creating a computing infrastructure. In January, Prime Minister Shri Narendra Modi agreed to establish a significant amount of GPU capacity in India for startups to access and bring forth their innovation and foundational models.”
He advocated for decentralising the startup landscape, encouraging the emergence of successful ventures from various regions across India. “We want unicorns and successful startups to come from Meerut, Ghaziabad, Kohima, Srinagar, Kottayam, Belgaum, Dharwad, Visakhapatnam, Nagpur, and beyond,” he asserted, confirming the nation’s commitment to fostering innovation in diverse cities.
Addressing concerns about internet regulation and safety, the Minister explained the government’s evolved approach, focusing on ensuring safety and trust for digital citizens while holding platforms accountable. He clarified that “safety and trust are not for the Government; rather, they are initiatives aimed at safeguarding the vast majority of Digital Nagriks”.
Reflecting on his participation in the UK AI Summit, Minister Chandrasekhar underscored India’s commitment to a safe and trusted internet, aligning with the government’s guiding principles since 2021.
“We want the internet to be safe and trusted; it is an article of faith. We also aim for platforms to be legally accountable,” he reiterated.
He highlighted the need to embrace AI’s potential while managing risks, warning against a narrative that diminishes its innovation. The Minister emphasised that avoiding the overshadowing of AI’s benefits by its perceived risks is crucial for the digital economy and the populace.
“We don’t seek to demonise AI; rather, it’s vital to maintain a balance so that the discourse on its risks doesn’t eclipse its potential advantages,” he explains, clarifying India’s approach to artificial intelligence.
OpenGov Asia provided coverage of India’s expanding global influence, highlighting the country’s leadership roles across diverse international platforms. Prime Minister Narendra Modi has introduced the Global Digital Public Infrastructure Repository (GDPIR) and a Social Impact Fund (SIF). The GDPIR will be used for sharing information and best practices and the SIF is designed to advance Digital Public Infrastructure (DPI).
He unveiled the schemes during the Virtual G20 Leaders’ Summit. Chaired by the Ministry of Electronics and Information Technology (MeitY), the G20 Digital Economy Working Group (DEWG) has played a key role in progressing the global DPI agenda.
In a significant move aimed at fortifying the nation’s technological landscape, the Vietnam Authority of Information Security (AIS) has underscored the non-negotiable nature of cybersecurity in the current digital landscape.
Emphasising the indispensability of robust cybersecurity measures, the AIS recommended stringent adherence to these protocols across agencies, institutions, and businesses. In today’s digital landscape, the confluence of telecommunications and IT has redefined the contours of security, compelling institutions and businesses to recalibrate their approach to information security.
A workshop dedicated to IT and information security held in Hanoi spotlighted the criticality of information security investment for the digital future. A collaborative effort between AIS, Viettel Cyber Security, and IEC Group, the summit aimed at empowering institutions and businesses to proactively anticipate risks and navigate confidently through the complexities of the digital landscape.
Highlighting the severity of the situation, Nguyen Son Hai, CEO of Viettel Cyber Security observes that the digital transformation wave brings a torrent of information security risks. Viettel Threat Intelligence, for instance, reported 12 million hacked accounts within Vietnam, with 48 million data records compromised and traded in the cyberspace market. Moreover, the stark reality is that numerous entities remain unaware of being under cyberattack.
Financial fraud looms large on this precarious horizon. An alarming revelation showcases the exploitation of 5,800 domain names masquerading as commercial banks, e-wallets, manufacturing firms, and retail giants, posing a severe threat to users’ assets through deceitful means.
Ransomware, an escalating menace, presents formidable challenges to organisations and businesses. Its disruptive potential can cripple entire operations, with cybercriminals extorting exorbitant sums, sometimes reaching millions of dollars, from their victims.
Nguyen Son Hai highlighted the 300 GB of encrypted organisational data published on the Internet, indicating that the actual figures are likely higher, underlining the gravity of the situation.
Tran Dang Khoa from AIS stressed the perennial existence of information security risks, underscoring the urgent need for effective solutions. He outlined five pivotal criteria for cybersecurity solutions: legality, effectiveness, appropriateness, comprehensiveness, and a crucial emphasis on utilising solutions originating from Vietnam.
The paramount importance of legal compliance within cybersecurity frameworks cannot be overstated. Organisations providing online services bear a heightened responsibility to ensure compliance, as information security is mandated by law. Straying from these regulations can render entities liable in the event of security breaches.
Despite substantial investments in sophisticated protection systems, the efficacy of these measures remains questionable if they cannot detect and avert cyberattacks. The challenge lies in optimising system efficiency while rationalising costs – an arduous task that cybersecurity firms endeavour to address.
Khoa acknowledges the need to address existing vulnerabilities alongside fortifying against new threats. Neglecting existing risks within systems, and waiting for opportune moments for cyber assailants, poses significant dangers. Pre-emptive measures must focus on rectifying known vulnerabilities before investing in additional protective tools.
Khoa highlighted that vulnerabilities often emanate not from direct cyberattacks but from individuals within organisations possessing inadequate technological proficiency. Exploiting these individuals can cascade attacks throughout systems, amplifying vulnerabilities exponentially.
Empowering all personnel within organisations with robust cybersecurity knowledge and skills emerges as a pivotal defence mechanism. Khoa accentuated the criticality of imparting such knowledge to safeguard information systems comprehensively.
Furthermore, advocating for the utilisation of ‘Make in Vietnam’ products, solutions, and services assumes significance. Homegrown solutions tailored to address the specific intricacies of Vietnamese organisations offer unique advantages. These domestic solutions not only offer timely support but also demonstrate a deep understanding of local challenges, aiding in swift problem resolution.
As businesses and institutions navigate this dynamic digital terrain, the proactive integration of these strategies is pivotal in safeguarding against the multifaceted threats that loom large in the era of digital proliferation.