Global cybersecurity firm Kaspersky said there have been many supply chain cyber-attacks over the last two years due to huge digitalization leap as a result of the pandemic in the Asia-Pacific (APAC) region.
Kaspersky chief executive officer Eugene Kaspersky said the trend is expected to continue as cybercriminals try to further monetize this threat.
“In the last two years there has been a new wave of attacks that exploited critical vulnerabilities in the ICT supply chain. As threat actors evolve their techniques and tactics, we should expect supply chain attacks to be a growing trend in 2022 and beyond,” he said at the Asia-Pacific Online Policy Forum IV on Jan 20, 2022.
The virtual forum organized by Kaspersky was joined by CyberSecurity Malaysia chief executive officer Dato’ Ts. Dr. Amirudin Abdul Wahab, Indonesia Communication and Information System Security Research Center (CISSReC) chairman Dr. Pratama Persadha and India minister of State for Skill Development and Entrepreneurship and Electronics and Information Technology Shri Rajeev Chandrasekhar.
Echoing Kaspersky’s note, Amirudin said the number of attacks on those working in the supply chain have increased, heavily targeted, become more vulnerable and at risk than ever before.
“Supply chain attack is difficult to handle due to its malware design which stays hidden among the infected system and user’s device. Especially in today’s environment, nations are slowly recovering from the pandemic and starting to move towards digital transformations,” he said.
Amirudin added that awareness and education are needed across all sectors involved in the supply chain, including small and medium enterprises (SMEs) which do not have the budget and asset to improve their cybersecurity defenses.
Dr. Pratama said one way for both government and non-government stakeholders to minimize risks is to improve cybersecurity capabilities which will subsequently improve ICT supply chain resilience.
“The main obstacle is the lack of understanding surrounding the importance of cybersecurity to increase ICT supply chain resilience. Stakeholders must consider significant investment to increase the overall standard of cybersecurity to improve the resilience of the ICT supply chain,” he said.
The experts agreed on the need for intelligence sharing and international cooperation to secure nations, organizations and individuals in APAC and beyond.
Rajeev said the Indian government accorded high priority to ICT supply chain security and a safe, trusted internet space.
“Core part of the strategy is cross border collaboration with all stakeholders to ensure protection and resilience of the tech space and ICT supply chain,” he said.
Explaining possible solutions, Kaspersky said short-term and long-term strategies should be looked into by both government and private sectors.
Short term solution includes improving procedures and regulations on ICT supply chain infrastructure. Kaspersky cited companies certifying supply chain partners to lessen attacks close to zero. The role of government regulations also plays a key role in this as in the case of critical infrastructure.
“The long term solution is to make systems immune. This means the system being designed in such a way that even if an ICT supply chain component is vulnerable, it cannot affect the rest of the system. Even if there is a zero-day or any other vulnerability somewhere in the supply chain, it doesn’t carry over into other components in the chain,” added Kaspersky.