Cyberattacks are and will continue to be a major concern for businesses big and small—and that is particularly true for enterprises in Asia, which has become a hotbed for cybercriminals and all sorts of malicious actors. Southeast Asia alone has become a hotspot of cyber incidents, with Interpol’s ASEAN Cyber Threat Assessment 2021 report noting how cyber attacks have grown to be “one of the fastest-growing forms of cybercrime,” nowadays due mainly to “the globalisation of infrastructures and the increasing number of connected and centralised control systems.”
Ransomware, in particular, has become one of the most significant threats in today’s cybersecurity landscape, with over 2.7 million ransomware detections in ASEAN alone in the first three quarters of 2020. Just this August, in fact, three high-profile ransomware incidents were reported, with the Eye and Retina Surgeons medical clinic of Singapore’s Ministry of Health, FinTech solutions provider Pine Labs and cybersecurity insurer Tokio Marine all getting victimised one after the other only days apart.
But the threats go beyond ransomware as phishing, business email compromise, cyber fraud and e-commerce data interception continue to be a cause of concern, more so now that remote work and e-commerce have become indispensable to life during and, likely, after the pandemic. And the ramifications are many and noteworthy: Additional costs in the way of data recovery or ransom payments, lost trust from consumers and work disruptions that can range anywhere from a few hours to several weeks in some cases.
All told, the future of work is under attack. Exacerbating matters is the sobering reality that the bad guys seem to be figuring out ways to get the upper hand—that is unless organisations start being proactive about dealing with cyber threats as soon as possible.
Proactive Security Must Be Intrinsic
Intrinsic security is a cutting-edge approach to cybersecurity in which security is, by design, embedded into an organisation’s entire IT infrastructure. What this simply means is that security solutions are built into the actual environment that needs to be protected and not layered onto it.
This modern, intrinsic model is in stark contrast to more traditional approaches where security solutions are bolted onto the different kinds of attack surfaces within the IT infrastructure, like system access points, servers, websites and endpoint devices. Worse, these products are, more often than not, too threat-centric and focused on blocking threats at the perimeter. Most are also reactive, able to take aim only at what happened yesterday but unable to protect the organisation against what is happening today and what might happen tomorrow.
Additionally, these products are generally unaware of the very elements they are supposed to secure: Apps and infrastructure. The result of this bolt-on security approach is a hodgepodge of individual security products, each of which has its own agent and management tool. This overly complicates security and makes it costly but with the assurance of effective and comprehensive across-the-board protection.
Making security intrinsic is, therefore, the solution to such costly overcomplication. It is also the best way to keep your organisation as safe as possible against cyber attacks as intrinsic security simplifies management, unifies different administrative tools, brings together disparate security teams, maintain consistent security even across clouds and safeguards apps and data accessed by employees using their preferred devices.
The Right Place to Deliver Intrinsic Security
While intrinsic security is the best kind of cybersecurity, the question now is: Where should an organisation embed it?
The most ideal place to embed intrinsic security is somewhere that provides the deepest, most encompassing visibility into apps, data and endpoints—but without getting compromised easily by an operating system process or from within an app. That somewhere is in the virtualisation layer, whose location within the IT infrastructure ensures deep but hard to compromise visibility.
This is exactly the layer that VMware uses in helping organisations implement across-the-board zero-trust security that reduces the attack surface, minimises the need to manage multiple products and simplifies administration. Central to this zero-trust model are VMware Carbon Black Cloud and VMware NSX, next-generation technologies specifically engineered to protect data centre workloads, public clouds and endpoints. These allow an organisation’s IT team to gain visibility into network traffic and app behaviour, thereby enabling them to see issues and stop them at their tracks.
Together, VMware’s built-in security solutions protect an organisation’s data and apps across multi-cloud environments with network security policies that are informed and guided by contextual app and workload information. In addition, these solutions guarantee secure network access by controlling network traffic via segmentation and inspecting it for anomalous behaviour. These solutions even fortify public cloud configurations with real-time threat detection and response capabilities that collectively strengthen security and compliance.
Critically, VMware technologies provide close security to every one of an organisation’s apps and workloads, thus ensuring that each is doing only the things it is supposed to be doing. Otherwise, behavioural anomalies will be detected and addressed accordingly. Endpoints are secured as well in the authenticity level of the users connecting to them, thus ensuring security against cybercriminals taking advantage of remote working to intrude on businesses’ IT infrastructure.
Built-In, Not Bolt-On
Indeed, built-in is better than bolt-on when it comes to security. And with the above-mentioned security capabilities embedded in the IT infrastructure and working in harmony under simplified management, the organisation implementing this intrinsic approach to security will always be ahead of cybercriminals—proactively defending against any and all threats and nipping them right in the bud.
It goes without saying then that in a future where work is under attack, the best defence must come from within. That is exactly what intrinsic security is all about, and it represents the next frontier in cybersecurity.
Click here to know more about VMware’s intrinsic security model anchored on zero-trust and how it can protect your organisation from even the most advanced of cyber attacks.