[InnoVEX FORUM 2022] Zero-Trust as Base for New Cybersecurity

 2022-07-14 By: InnoVEX Team

Technology developments have given the users a net positive as well as opened new possibilities that were previously incomprehensible. However, many connected technologies also created new attack vectors for malicious actors who specialize in cyber attacks and security breaches. As the frequency, intensity, and diversity of cyber attacks increase; users must properly prepare to secure their own devices. While commercially available solutions such as firewalls and antivirus software were enough to prevent cyber attacks; now they have become the bare minimum of cybersecurity and a new paradigm of zero trust must be implemented.

Organized by the Industry Development Bureau (IDB) of Ministry of Economic Affairs (MOEA), the cybersecurity forum of InnoVEX 2022 was titled The Opportunities and Challenges of Zero Trust Security with speakers from various cybersecurity companies such as Trend Micro, CHT Security, Openfind Information Technology, ArmorX Global Technology, and PUFsecurity; with opening remarks by Mr. Jiunn-Shiow Lin, Director of IDB Information Technology Industries Division.

In his speech, Director Lin shared how Taiwan put a higher emphasis on cybersecurity since 2021 when the "Cybersecurity is National Security 2.0" strategy was announced. The strategy aims to position Taiwan as a resilient, safe, and reliable smart nation through strengthening organizations, implementing relevant laws & regulations, cultivating talents, and supporting the private sector with regards to cybersecurity. The government has also made programs available to improve cybersecurity in the private sector such as through consultations, subsidies, supply chain security, evaluations, cybersecurity professional training, cross-sector solutions, industrial matchmaking and exchange sessions, and developing cybersecurity authentication methods for applications and IoT.

Addressing Blindspots for Better Protection

Mr. Andrew Chen, Director of Product & Service Management of Trend Micro stated that innovation is needed to keep up with the ecosystem. Cybersecurity today is getting more difficult because bad actors have a lot of resources and fundings coming in from various sources. Some bad actors are even state funded and are very motivated with all sorts of modus operandi to support their initiative. As attack vectors grow in number and the attacks themselves grow in intensity and frequency, it is important for users to discover possible attack surfaces on their side to flush out any possible blindspots as common antivirus/ anti-malware programs are no longer sufficient; especially for corporate users.

While unfortunate, these blindspots are common among users as they might not have adequate security control or bad intelligence. Users today can no longer rely on conventional cybersec defenses and would have to look to preemptive intelligence driven defense measures; especially when dealing with new threats such as ransomwares. Users must also understand that cybersecurity relies on the right people, technologies, and processes; all of which are the foundations to solving cybersecurity challenges. Users today have many best practice guidelines to follow that fits their organizations and their needs.

Common Cybersecurity Issues as Foundation of Enterprise Cybersecurity

Mr. Jeff Hung, General Manager of CHT Security shared that in general there are 3 main reasons for vulnerabilities that become the initial access for hackers. The CHT Security team’s finding of the top 3 cybersecurity threats were in line with the technological research and consulting firm, Gartner. The top 3 threats in 2022 are: Supply Chain Risks, Zero Day Vulnerabilities, and Weak Protection to endpoints/ IoT devices. These risks have their own solutions that users can adopt to mitigate them; including SSDLC (Secure Software Development Lifecycle), supply chain management systems, vulnerability management systems, and EDR (Endpoint Detection and Response) & MDR (Managed Detection And Response).

Enterprises today are often targets for cybersecurity risks and they need to be ready for incident responses such as by reviewing their incident response (IR) policies, preparing their IR playbook in advance, providing training for their employees, and conducting the necessary drills. Enterprises often develop their own cybersecurity tools & mechanisms for a lot of money, but have no way of testing its capabilities. The most effective way would be to conduct a red team exercise either internally or by hiring 3rd party red teams. Vulnerability management is vital for cybersecurity management and enterprises will need effective tools such as ticket or vulnerability management systems.

Multi-Layered Defense to Defend Against State-Sponsored Attacks

Ms. Meng-chiu Lee, Marketing Vice President of Openfind Information Technology stated that Taiwan experiences thousands of cyberattacks on a daily basis, including through malware-infested emails. Emails have become such a ubiquitous and common communication method and its versatility means it is also one of the most significant attack vectors for cyber attacks. An estimated 92% of malwares come via email and as emails are public information, proper security measures must be taken to prevent the cyber attacks. In addition, while some cyber attacks can be obvious or “loud”, a great majority are quiet and unassuming, often going for days before anyone notices the system is compromised; among them are state-sponsored attackers who will have more resources, funding, and motivation than the regular hackers.

Taiwan is now the fastest growing cybersecurity market in Asia as it becomes a more significant necessity than before. With higher demand and requirements, Taiwan’s cybersecurity market now sees more products with better quality. In terms of email service protection, a multi-layered protection that can detect, filter, and properly defend against cyber attacks is necessary. Hackers today tend to use social engineering to infiltrate their targets so it is also important to prevent users from clicking on dangerous links or downloading dangerous files.

Social Engineering Based Threats are Still High

Ms. River Lin, Deputy General Manager of ArmorX Global Technology Corporation focused her speech on phishing, one of the more difficult cyber attacks to handle. At its core, phishing is relatively low-tech and focuses more on social engineering its targets to perform certain actions that would benefit the attackers; such as clicking on a malicious link, downloading dangerous data, etc. A majority of phishing attacks use emails as their attack vector and as the emails are often masked, using automatic APT Solutions will not filter out 100% of the phishing attempts, but only about 47%. The remaining 53% will have to rely on phishing databases for automatic blocking which is only 10 - 30% effective.

Relying on phishing databases is not ideal as the perpetrators can easily scrub data or purge information before retrying with a new email address/ server/ location. Currently there are ways to counteract phishing attempts such as access restriction tools, email server security proxies, routing control, and more. Hackers will also hide in the public cloud in the future so a regular email based whitelist will not suffice as a control method. A better option is a multi-factor whitelist that includes precise release and block counterfeiting.

Security is Only as Strong as Its Weakest Link

Mr. Sean Wu, Deputy Director of PUFsecurity Corporation stated that the improvement in computation power and connectivity has brought both benefits and threats. While improved computing power and connectivity makes a lot of modern conveniences possible, it also makes modern cybersecurity threats possible such as remote hacking. Modern technologies such as IoT devices grow in number to create smart systems; they are often vulnerable and do not store or transmit data securely. In addition, when the data is stored or processed in the cloud, it is also difficult to ensure that potentially compromised data do not further contaminate the whole cloud.

Cybersecurity often focuses on the software side, but cybersecurity on the hardware is equally important as security is only as strong as its weakest link. While software based security can be more economical or convenient, it is undeniable that hardware based security is often more secure and harder to compromise as the attacker might not be able to do any remote hacking on the hardware based security. Security on chip (SoC) solutions also goes one step further to ensure the chips are not easily attacked and can be secured through various methods including with improved hardware root of trust.

Watch the full forum video here.

For more InnoVEX forums, please click here.