The funny thing about trust is that although it is intangible, its absence is glaringly obvious.
Trust has become a key focus on the cyber front, and being able to trust companies with personal and financial information has become top of mind for many customers. Consequently, businesses must show that the systems and platforms used daily have the right security to deter hackers from penetrating and safeguarding their users’ data.
To illustrate, a recent global study by McKinsey & Company found that establishing trust in products and experiences that leverage artificial intelligence (AI), digital technologies, and data not only meet customer expectations but also promotes the growth of a business by at least 10% on their top and bottom lines annually.
Digital trust is important in many ways, and crucially, it enables organisations and individuals to participate in today’s connected world with the confidence that their digital footprint is secure.
The same study also reveals that 58% of Asia Pacific (Apac) respondents would consider other brands if the brand they are purchasing from is less than forthcoming about how their data will be used. How, then, do businesses ensure their integrity is never compromised?
In the lion’s den
See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way
Apac is a region still maturing on the cyber front, having suffered numerous cyber-attacks recently, including high-profile ones within the telecommunications and luxury hospitality industries. Such threats exemplify that businesses have now begun to understand that encountering a cyber-attack nowadays is almost inevitable.
Against this backdrop, digital trust has become a critical security consideration for businesses and their customers.
The general attitude of customers is “once bitten, twice shy” when they learn their data has been compromised. As a ripple effect of a data breach, organisations are obliged to spend a significant amount of time and money on building and regaining the trust of these customers.
See also: Responsible AI starts with transparency
A reactive approach, therefore, is not the way forward. Instead, a living security approach can help organisations stay one step ahead of adversaries, adapt to new threats, and accelerate detection and correction. Ultimately, this is a win-win for businesses in Apac, given that threats are analysed proactively, and security operations centre teams can spend less time on error-prone fire drills with weeks of investigation and respond faster to protect their organisation.
Dear netizen, please find the new malware attached
According to the Singapore Police Force, the latest findings show a rising trend that has engulfed organisations are job scams, which came in second behind phishing scams as the top scams in the nation.
Similarly, the Trellix Advanced Research Center has observed that cyber-criminals have used phishing and malware campaigns to target job seekers and organisations to steal sensitive information. They are often disguised in emails that seemingly originate from a legitimate source but are crafted to steal private data like passwords or financial information.
For example, Trellix recently determined that 78% of business email compromises involved fake CEO emails using common CEO phrases, asking employees to confirm their direct phone number to execute a voice-phishing scheme. To make things even scarier, 82% of these emails were sent using free email services, meaning threat actors need no special infrastructure to execute their campaigns.
The key to combating a sophisticated threat like this lies in employing a multi-layered strategy. This involves checks on the URL, email, network, and attachment levels to make sure that any possible threat is detected and prevented from harming. For example, having a system that can correlate the attack life-cycle and trace it back to an original phishing email and threat actor allows organisations to seamlessly detect and quickly respond to blended attacks, keeping them safe from even the most complex breaches.
The rise of generative AI correlates to a rise in phishing
To stay ahead of the latest tech trends, click here for DigitalEdge Section
For good or for bad, generative AI has quickly risen to be the new talk of the town in the cyber-security industry. To be clear, chatbots like ChatGPT are not malicious.
Yet, creating malicious code and well-worded communications can make it simpler. This revelation has hackers licking their lips, knowing they do not have to manually create hyper-realistic phishing emails and leverage AI-powered chatbots to change the user input or slightly modify the output generated.
As AI develops and phishing tactics are further solidified, there will be a rising trend in loopholes within IT infrastructures and data systems. For example, Trellix recently discovered that scammers are creating pseudo-ChatGPT sites to install additional payloads, carry out phishing attacks, or distribute malware, with Singapore emerging as a hotspot. Naturally, this accelerates a sense of urgency and desire for business leaders to understand and improve their cyber-defences and resilience.
Unfortunately, cyber-criminals operate 24/7, which means that business leaders must always be one step ahead and improve their organisations’ cyber-readiness for new evasive, focused, and automated hacking tactics.
The importance of investing in an extended detection and response architecture that adapts at the speed of threat actors and delivers advanced cyber-threat intelligence cannot be emphasised enough. It also lets business leaders feel at ease knowing they are supported by a system that constantly monitors and updates its threat intelligence database, allowing them to keep ahead of emerging and evolving threats.
Furthermore, incorporating other security solutions will free up leaders’ time to focus on other business challenges, knowing they have done their part practising good cyber-security hygiene.
Threats do not rest; they are never static. They constantly change shape and rise in volume, complexity, and intensity. Taking on today’s dynamic threats calls for a new approach — the next evolution of cyber-security.
Maintaining a good cyber-security and data security posture helps to ensure data quality and integrity by preventing alteration or loss of data. Similarly, investing in a trustworthy cyber-security platform allows companies to use their data wisely, protect against leakage, and make informed decisions in response to their present state, the marketplace and current or anticipated concerns.
Jonathan Tan is the managing director for Asia at Trellix
