Companies in Asia are starting to ask for more advanced cyber security services such as ‘reconnaissance or early kill chain’ services, according to Adura, a specialised cyber security consultancy. Beyond meeting basic compliance requirements, companies in the region are now seeing value in threat intelligence, network A.I. behaviour, and phishing susceptibility services.
Traditional cybersecurity programs are aimed at ensuring compliance, usually through ethical hacking, cyber audits or staff awareness training. However, these rely on older frameworks which are behind the security curve. By the time a framework is approved and auditors are trained, a whole new set of cyber security challenges must be tackled. Hence, companies must approach cyber security with a long-term view beyond compliance.
For example, last year Adura’s Threat Intelligence Services identified and successfully neutralised over 750 high risk Darkweb assets exposures for its clients. These included leaked confidential files, pre-emptive cyber attack intel, VIP and corporate impersonation, harvested staff system credentials, social media exposure, email forensics and security configuration. Conventional cyber security tools and compliance measures would not be enough to capture these exposures as doing so requires skilled personnel and analytical know-how.
Adura’s Head of Cyber Security Services, Barnaby Grosvenor, who has over 20 years of experience working in the cyber risk and information security industry commented, “Our work managing cyber incidents in the Darkweb shows that cyber threats are commonplace in today’s digital world and can have a serious impact on businesses of all sizes. The sheer volume of threats and rapid change in cyber security and best practices makes it difficult for companies to effectively manage their cyber security needs. Solid cyber security programmes follow a prevention-led approach, continuously identifying and closing gaps in employee awareness, security management processes and skills as well as technology.”
Adura offers a flexible, tailor-made approach that complements in-house cyber security teams and helps safeguard organizations’ digital assets. The Adura team has been in operation since November 2016 and has over 30 clients including Jardine Aviation Services Group and JEC
John Harrison, General Manager, Technology and Process, Jardine Aviation Services Group, commented, “Using nearly 100 security control checks, the Adura team provided us with a detailed, quantifiable assessment of our cyber security gaps and risks, and our level of preparedness. Their holistic approach to cyber security is centered upon business success, enabling us to align our security priorities and budgets with our desired business objectives—which we find refreshing, relevant and most importantly, effective.”
Simplifying Cyber Security Management
Major incidents over the past year have shown how cyber attackers are getting more sophisticated. Adura helps businesses put structure into their cyber security management approach through its proprietary Cyber Essentials Framework covering the three key pillars needed for effective cyber security management – people, process and technology.
Trends such as bring-your-own-device coupled with highly variable employee awareness of cyber security best practices and shadow IT can open the door for cyber criminals. It is vital to educate employees about cyber threats, lowering their susceptibility to social engineering attacks and email phishing. In phishing simulations run by Adura across its clients, 20 percent of staff opened phishing emails disguised as social media invites or internal organisational messages. Despite receiving training on how to spot phishing emails, finance and HR department members, two departments that manage sensitive employee information, were found to be more likely to be misled by phishing emails. This highlights the importance of continuous and effective employee training on cyber security issues.
Managing cyber security risk requires a well-rounded approach, and Adura works with companies to put in place the right processes and plans depending on customers’ size, industry and business goals. In Adura’s experience, 99 percent of web servers lack at least eight critical security patches because of weaknesses in in-house cyber security processes, leaving businesses exposed to cyber threats. Adura helps customers reduce their risk exposure by identifying vulnerabilities, and prioritizing security updates.
As the technology landscape and cyber security best practices continue to evolve, companies need skilled cyber security personnel on hand at all times to help them assess and manage their risk profile. Adura has found that 20 percent of companies in the region do not have a Chief Information Security Officer (CISO) or sufficient specialist staff. To help ensure companies always have access to the best talent at hand, Adura offers a Virtual Chief Information Security Officer (vCISO) service, that provides the senior-level counsel and insight of a traditional CISO, without the customer needing to hire additional personnel in their IT team.