(FILES) This file photo illustration picture taken on June 25, 2019 in Brest shows a close-up view of a computer keyboard. – Up to 1,500 businesses around the world may have been affected by a major ransomware attack that has shuttered hundreds of Swedish supermarkets, according to the American IT company at the centre of the hack. Miami-based firm Kaseya, which provides IT services to some 40,000 businesses globally, said customers of its clients were the main victims of the attack, which saw hackers demand $70 million in bitcoin in exchange for the return of stolen data.”We understand the total impact thus far has been to fewer than 1,500 downstream businesses,” Kaseya said in an update on its website late July 5, 2021. (Photo by Fred TANNEAU / AFP)

Do APAC businesses really need zero-trust cybersecurity?

While most remote working employees use company-issued devices, many still use their personal devices for work. Personal devices such as handphones and laptops that are not issued by an organization are some of the major factors leading to cybercrime. A zero-trust approach to cybersecurity may just be the answer for them.

Almost everyone owns a personal device, but not every device may have endpoint security protection. At most, they’d have some basic data protections in place. Cybercriminals know this and tend to exploit them to launch a cyber-attack when the device is used for work purposes.

Recent reports by cybersecurity agencies around the region indicate how remote workers are being targeted specifically. The Cyber Security Agency of Singapore reported increased botnet drone attacks last year that target IoT devices while a total of 4,615 cybersecurity incidents were reported to CyberSecurity Malaysia from January till May this year.

As such, businesses today need to ensure that they do not only protect devices that have been issued to their remote employees but also have visibility on who and what devices are accessing their data and workloads, be it on the cloud or on-premises. At the same time, the growing number of IoT devices in the office are becoming easier entry points for cybercriminals. For example, printers that are connected to the network can be easily hacked if the organization does not have any threat detection or endpoint security software.

To help businesses securely manage the access of their applications and data, visibility and continuous verification of all users and devices are needed. One way of protecting the network and applications these devices use is by adapting a zero-trust access approach to devices.

Recognizing the device, user, or network being used to access data may just be able to allow businesses to protect themselves. Implementing zero trust access would mean ensuring strong authentication capabilities such as multi-factor authentication, powerful network access control technologies as well as pervasive application access controls.

What is a zero-trust approach?

A zero trust cybersecurity approach acknowledges every device on the network as a threat. The only way devices can get access is through a series of verifications. It leverages network segmentation, preventing lateral movement, providing layer 7 threat prevention, and simplifying granular user-access control. Secure user access is provided via a software-defined perimeter.

Businesses leveraging zero-trust need to have deep visibility into their user activities as well as interdependencies across all users, devices, networks, applications, and data. Simply put, zero trust needs full visibility on everything that’s happening.

According to Cisco’s Accelerating Digital Agility Research, organizations need highly secure access and the best collaboration experiences for the future of work. Whether or not remote working is going to be the new normal, 89% of the CIOs surveyed believe that maintaining security, control, and governance across user devices, networks, clouds, and applications is essential.

Statista reported that 42% of respondents from a global survey report have plans to adopt a zero-trust strategy, which most of them are in the early phases of doing so. 72% also plan to adopt or are already adopting a zero-trust cybersecurity approach.

Large enterprises that have employees working remotely need to ensure they have consistent visibility over who accesses their data and applications. They also need to ensure their employees are using devices that have been secured for work. In often cases, malware can disguise itself and attack a system through the network, causing major problems for the organization. Zero-trust security would identify these anomalies and restrict its access, ensuring the malware does not cause any problems.

Small and medium enterprises (SMEs) are often targeted by cybercriminals due to minimal cybersecurity protections. Whilst having a full suite of cybersecurity protection may be costly, a zero-trust strategy is a proactive approach that may just save their business. After all, SMEs, especially those that are cloud-native, are the ones who work remotely the most.