In the past two years, like other regions of the world, Asia-Pacific (APAC), has witnessed a huge leap in digitalisation due to the impact of the pandemic. Meanwhile, cybersecurity measures have receded to give way to the urgency of the global health crisis, leading to several well-known ICT supply chain attacks in 2021.
In such attacks, cybercriminals take advantage of the weaknesses of ICT vendors and use them as attack platforms where many other targets fall into the trap. Global cybersecurity company Kaspersky sees this trend continuing as cybercriminals try to further profit from this threat.
Mr. Eugene Kaspersky, CEO of Kaspersky shared about the above trend: “The past two years have seen a wave of attacks exploiting critical vulnerabilities in the ICT supply chain. As cybercriminals increasingly develop their attack patterns, this type of attack will become mainstream in 2022 and beyond.”
To present possible solutions to strengthen ICT supply chain resilience in the region, Kaspersky hosted the fourth APAC Online Policy Forum with the participation of leading experts and experts. About policy:
- Mr. Rajeev Chandrasekhar, Minister of Electronics and Information Technology and Ministry of Skills Development and Entrepreneurship, India
- Dr. Amirudin Abdul Wahab, General Manager, Cybersecurity Malaysia (CyberSecurity Malaysia)
- Dr. Pratama Persadha, President of Information and Communication Systems Security Research Center (CISSReC), Indonesia
Sharing more about Kaspersky’s comments, Mr. Amirudin said: “The number of attacks on people working in the supply chain has increased, with more targeted, vulnerable, and more vulnerable than ever before. Supply chain attacks are difficult to deal with because malware is designed to stay hidden in infected systems and users’ devices. Especially in today’s environment, countries are slowly recovering from the pandemic and moving towards digital transformation.”
He also noted that there is a need to raise awareness and education for all actors involved in the ICT supply chain, including small and medium-sized enterprises (SMEs) that do not have the budget to invest in improving ICT supply chains. improve their cybersecurity defenses.
In his share, Dr. Pratama Persadha said: “Resilience is all about the ability to react and recover. One way for stakeholders including governments and NGOs to mitigate these risks is to improve cybersecurity capabilities, which in turn will improve ICT supply chain resilience. However, this will be limited if all parties involved do not improve the cybersecurity of their systems. The main obstacle is the lack of understanding around the importance of cybersecurity to increase ICT supply chain resilience. Ultimately, stakeholders must consider significant investment to raise common standards in cybersecurity to improve ICT supply chain resilience.”
Cross-border cooperation
Speakers at the event concurred on the need for cybersecurity intelligence sharing and international cooperation to ensure the safety of countries, organizations and individuals in the region and beyond.
Mr. Shri Rajeev Chandrasekhar shared: “The responsibility of securing the ICT supply chain and ensuring a safe and reliable internet space is something that the Indian government has made a top priority. A core part of the strategy is collaborating across borders with all stakeholders to ensure the protection and resilience of the ICT space and supply chains.”
Actively advocating for cross-border cooperation and cybersecurity capacity building, Kaspersky has been working consistently with its partners to raise awareness and recommend action steps for the global community. request, done in forums like the recent Paris Call for Trust.
Kaspersky also sets the bar for cybersecurity through its Global Transparency Initiative, which includes a number of specific measures the company has taken to welcome validators and verify the trustworthiness of its users. the company’s products, internal processes, and business, and Cybersecurity.
When it comes to solutions, Kaspersky believes that both short-term and long-term strategies need stakeholders, including governments and non-governmental organizations.
The short-term solution includes improving the procedures and regulations of the ICT supply chain infrastructure. Kaspersky cites companies that recognize supply chain partners to reduce the number of attacks to near zero. Government regulations play a similar role as critical infrastructure.
Mr. Eugene Kaspersky added: “The long-term solution is to make systems “immune”. This means that the system is designed in such a way that even if one component of the ICT supply chain might be vulnerable, the rest of the system would not be affected. Even if there is a zero-day or any other vulnerability somewhere in the supply chain, it will not “spread” to other components in the chain.”
