Cyberattacks worsening — experts
Nunez said the breaches are mainly due to weak credentials in user accounts, including a lot who still use “1234” as password.
With over 90 percent of Asia-Pacific businesses shifting to work from home during the Covid-19 pandemic, cybersecurity experts in the region have noted increasing online attacks.
The severity of the threat posed by cybercriminals on businesses took the spotlight in the webinar Cybersecurity Today: Addressing the New Threat Landscape.
“There are a lot of breaches happening. There were breaches early (in 2020) and it increased with remote work,” information security expert Raymond Nuñez said in the seminar.
A former consultant of the Department of Information and Communications Technology (DICT), Nuñez said among the attacks launched are voice-based and SMS phishing, known as “smishing” and “vishing.”
He said that while automated spam filters are available in emails, SMS and voice services rely on users to determine scams.
Nuñez said the breaches are mainly due to weak credentials in user accounts, including a lot who still use “1234” as password.
Kerry Singleton, managing director for cybersecurity of webinar organizer Cisco, said that businesses are seen to leave a percentage of their workforce working remotely.
He pointed out that a few large tech companies in the US have even gone for a 100 percent work-from-home policy.
“The threats are not getting any smaller — they’re getting bigger and more maverick,” Emmanuel Caintic, Assistant Secretary of DICT, said.
“Now more than ever is the time to invest in your network security. It’s an insurance and it doesn’t cost much. It’s actually more expensive to remediate after an attack,” Caintic added.
The speakers called on businesses to take security measures, while educating staff on cyber hygiene habits as the first line of defense. These include being vigilant when opening attachments, clicking links and providing information.
Another recommendation is for businesses to invest in endpoint security and visibility now that endpoint devices like laptops and phones are deployed in employees’ homes.
Technologies such as multi-factor authentication or MFA was also raised as a way to ensure a person’s identity. “That inconvenience of a few seconds of having to check your phone to log in to that two-factor authentication could spell a lot of difference,” Caintic said.
According to Nunez, Google and Microsoft have also deployed MFA to prevent breaches and were rewarded with success rates.
“We’ve seen online banking, government applications, and a lot of social media and email platforms move down that path, but the corporate environment and businesses [also] need to look at multi-factor authentication as the first step in their process,” Singleton said.
Cisco offers Duo MFA which requires users to push a token to their smartphones — a technology that the company uses itself for security.
The threats are not getting any smaller — they’re getting bigger and more maverick.