POLICY experts in the three countries from the Asia Pacific region sat down with global security company Kaspersky to discuss ways to improve the Information and Communication Technologies (ICT) supply chain resilience in the region.
“In the last two years there has been a new wave of attacks that exploited critical vulnerabilities in the ICT supply chain. As threat actors evolve their techniques and tactics, we should expect supply chain attacks to be a growing trend in 2022 and beyond,” Eugene Kaspersky, CEO of Kaspersky said setting the tone for the fourth APAC Online Policy Forum focusing on the rise of cyberattacks due to massive digitalization and work-from-home shifts during the COVID-19 pandemic.
“The world saw some high profile incidents where cyber criminals took advantage of the weaknesses of ICT vendors, and used them as attack launch pads with many targeted in one fell swoop,” Kaspersky indicated as he pointed out how supply chain attacks appear to be “a growing trend in 2022 and beyond” with cybercriminals monetizing on vulnerabilities requiring short and long term strategies to prevent and overwhelm possible attacks. These strategies should be looked into by both the government and more so the private sector, which has been in the sights of cybercriminals.
Speakers at the forum also agreed on the need for intelligence sharing and international cooperation to secure nations, organizations, and individuals in APAC and beyond.
“The responsibility of securing the ICT supply chain and ensuring safe and trusted internet space is something that the Indian government accords high priority to. The core part of the strategy is a cross-border collaboration with all stakeholders to ensure protection and resilience of the tech space and ICT supply chain,” Shri Rajeev Chandrasekhar, Minister of State in the Ministry of Electronics and Information Technology; and Ministry of Skill Development and Entrepreneurship of India noted.
An active advocate of cross-border collaborations and building cybersecurity capabilities, Kaspersky has been working consistently with its partners to raise awareness and propose actionable steps for the global community, done in forums such as the recent Paris Call for Trust.
“Short term solution includes improving procedures and regulations on ICT supply chain infrastructure…the long term solution is to make systems immune…This means even if there is a vulnerability in an ICT supply chain component, this weakness will not impact the whole system, or “carry over to other components in the chain,” Kasperky commented.
“The number of attacks on those working in the supply chain has increased, heavily targeted, more vulnerable and at-risk than ever before. Supply chain attack is difficult to handle due to its malware design which stays hidden among the infected system and user’s device. Especially in today’s environment, nations are slowly recovering from the pandemic and starting to move towards digital transformations,” Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, Chief Executive Officer of CyberSecurity Malaysia said, echoing Kaspersky’s sentiment.
Responding to a question by Malaya Business Insight on the “weakest link” being human operators in the supply chain, Kaspersky emphasized the need to include awareness and education across all sectors involved in the ICT supply chain, including small and medium enterprises (SMEs) which do not have the budget and assets to invest in improving their cybersecurity defenses.
“However, this will be constrained if all relevant parties do not improve the cybersecurity of their systems. The main obstacle is the lack of understanding surrounding the importance of cybersecurity to increase ICT supply chain resilience. In the end, stakeholders must consider the significant investment to increase the overall standard of cybersecurity to improve the resilience of the ICT supply chain,” Dr. Pratama Persadha | Chairman of Communication & Information System Security Research Center (CISSReC), Indonesia.
“The long-term solution is to make systems immune. This means the system being designed in such a way that even if an ICT supply chain component is vulnerable, it cannot affect the rest of the system. Even if there is a zero-day or any other vulnerability somewhere in the supply chain, it doesn’t carry over into other components in the chain,” Eugene Kaspersky concluded.
