Kaspersky forum highlights the need to build resilience in the ICT supply chain
Global cybersecurity firm Kaspersky is advocating for a more collaborative and inclusive response to strengthen the ICT (information and communications technology) supply chain to mitigate all forms of cyberattacks.
At the 4th Asia Pacific Online Policy Forum hosted by Kaspersky, Kaspersky policyholders and executives highlighted the need to synchronize security with digitization efforts, as cybercriminals quickly take advantage of weaknesses in ICT vendors.
“Over the past two years, there has been a new wave of attacks that have exploited critical vulnerabilities in the ICT supply chain,” said Eugene Kaspersky, CEO of Kaspersky. “As threat actors evolve their techniques and tactics, we should expect supply chain attacks to be a growing trend in 2022 and beyond.”
Experts agree that strengthening cybersecurity defenses means closing the skills gap
Kaspersky Forum Highlights Need to Invest in Education to Strengthen Nations’ Cybersecurity Defense
The effects of the COVID-19 pandemic have driven unprecedented speed in digitization efforts around the world for businesses to ensure business and operational efficiency. The move to the cloud presented vulnerabilities that could be easily exploited if companies’ security posture was weak or non-existent.
“The number of attacks against those working in the supply chain has increased, highly targeted, more vulnerable and at risk than ever before,” Dato’Ts said. Dr. Haji Amirudin Abdul Wahab and CEO of CyberSecurity Malaysia. “The supply chain attack is difficult to manage due to their malicious design which remains hidden among the infected system and the user’s device. Especially in the current environment, nations are slowly recovering from the pandemic and are starting to move towards digital transformations.
He highlighted the need to strengthen cybersecurity education and awareness in all sectors involved in the ICT supply chain. Special mention is given to small and medium-sized enterprises (SMEs), which more often than not do not have the budget and assets to invest in improving their cybersecurity defenses.
“Resilience is about resistance and recovery,” said Dr. Pratama Persadha, President, Communication and Information Systems Security Research Center (CISSReC), Indonesia. “One way for government and non-government stakeholders to minimize these risks is to improve cybersecurity capabilities, which will subsequently improve the resilience of the ICT supply chain.
“However, this will be limited if all parties involved do not improve the cybersecurity of their systems. The main barrier is the lack of understanding surrounding the importance of cybersecurity to increase the resilience of the ICT supply chain. Ultimately, stakeholders need to consider the significant investment to increase the overall level of cybersecurity to improve the resilience of the ICT supply chain,” Dr. Persadha said.
The recent arrest of REvil members has highlighted the need for cross-border collaboration. It has been reported that Russian security agencies have responded to the US government’s request to arrest the ransomware group responsible for last year’s high-profile attacks that crippled some industries.
“The responsibility of securing the ICT supply chain and ensuring a safe and reliable internet space is something the Government of India places high priority on. The central part of the strategy is cross-border collaboration with all stakeholders to ensure the protection and resilience of the technology space and the ICT supply chain,” said Shri Rajeev Chandrasekhar.
Explaining possible solutions, Kaspersky says both short-term and long-term strategies should be considered by both the government and private sectors.
The short-term solution includes improving procedures and regulations on ICT supply chain infrastructure. Kaspersky cited companies certifying supply chain partners to reduce attacks to near zero. The role of government regulations also plays a key role in this regard, as in the case of critical infrastructure.
“The long-term solution is to make the systems immune,” Kaspersky said. “This means that the system is designed in such a way that even if one component of the ICT supply chain is vulnerable, it cannot affect the rest of the system. Even if there is a zero-day vulnerability or any other vulnerability somewhere in the supply chain, it does not impact other components of the chain.