Connect with us

NEWS

Strengthening ICT supply chain resilience is everyone’s business

December 13, 2021 2:22 p.m.

By Genie Sugene Gan, Head of Government Affairs, Asia-Pacific, Kaspersky

NotPetya, WannaCry, ShadowPad, and Sunburst may or may not be household names, but these malware, and many more, have unleashed significant harm on the world.

Recently, one such instance of malware was used to attack an IT services company based in Dublin, which supplies security software to scores of large cybersecurity contractors. Working through the company, hackers infected hundreds of its clients worldwide with ransomware, and demanded USD 50,000–5 million from each business in exchange for the decryption key.

Earlier this year, another attack hit an American IT software company, and subsequently infiltrated nine U.S. federal agencies, including the Office of the President, and the Treasury and Commerce Departments.

What these attacks have in common is their modus operandi: hackers targeted software vendors or IT companies to gain backdoor access to their clients’ systems, infecting hundreds and thousands of systems in one go.

This is perhaps how “supply chain” got its name – each part of the process stream is inevitably linked to another. When one part gets affected, a domino effect soon follows. 

The Problem 

ICT supply chain cyberattacks are on the rise – the European Union for Cybersecurity estimates a four-fold growth in attacks in 2021 compared to 2020. The risk is compounded as vulnerabilities can be introduced at any phase of the ICT life cycle: from design – through development, production, distribution, acquisition and deployment – to maintenance.

The impact of these breaches is also set to grow, given the increasing interconnection of IT systems across organizations, sectors and countries. In a 2019 survey by Gartner, 60% of organizations reported working with more than 1000 third parties.

Upon successful infiltration, cybercriminals enjoy free rein to conduct cyber espionage, steal data and intellectual property, or extort money through ransomware attacks, which have been on the rise. From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware – malware used to extort money from high-profile targets such as corporations, government agencies, and municipal organizations – increased by 767%.

While the impact on governments and enterprises may feature more prominently, the wider public is not spared. An attack on a grocery chain could force the temporary closure of scores of supermarkets, or a virus may be unleashed on millions of PC users through a software update (as, for example, occurred in the ShadowHammer3+1 attack, which Kaspersky detected and promptly mitigated in 2019). Taking it further, the compromise of systems providing healthcare or public utilities may disrupt the provision of these essential services. And these are the very day-to-day things that affect individuals like you and me. 

Early Responses

Recognizing the risks and impact of supply chain cyberattacks, more countries are taking action. Since 2020, national cybersecurity strategies were either released or updated across Asia-Pacific, including in Singapore, Malaysia, Australia and Japan. Other countries, like Vietnam, India and Indonesia, are soon expected to release their own national strategies or implementation details too.

But when it comes to ICT supply chain resilience, the solution is more complex in view of the multitude and range of stakeholders involved. Some governments have intervened, with a focus on protecting the ICT supply chains of Critical Information Infrastructure (CII):

  • In 2018, the U.S. Department of Homeland Security established the ICT Supply Chain Risk Management Task Force, a public-private partnership to develop consensus on risk management strategies to enhance global ICT supply chain security. The Task Force has released guidelines on the sharing of supply chain risk information, and risk considerations for managed service provider customers.
  • The Australian Cyber Security Centre also published guides this year for businesses to identify cybersecurity risks associated with supply chains, and to manage these risks.
  • The Cybersecurity Agency of Singapore announced that it will shortly launch a CII Supply Chain Programme for stakeholders to adhere to international best practices and standards for supply chain risk management.

The Way Ahead

The global nature of ICT supply chains necessitates a stronger, coordinated response at every level.

Globally, countries and International Organizations (e.g., INTERPOL, the UN, ASEAN, Europol) have taken steps to tighten cooperation and share best practices:

  • Multilateral platforms – Today, the United Nations Group of Governmental Experts and Open-ended Working Group are platforms that can be used by countries to develop consensus around cyber processes and norms. Conferences such as the UN Internet Governance Forum provide further opportunities to discuss at the working level: in 2020, Kaspersky together with our partners organized a workshop to discuss the need and ways to develop assurance and transparency in global ICT supply chains.
  • Bilateral partnerships – Countries around the region, including Vietnam, India, Japan, Singapore, China and South Korea, have committed to MOUs on various aspects of cybersecurity – an important step in making progress domestically and globally.

While each of these platforms plays an important role in building consensus, exchanging knowledge and best practices, and harmonizing standards, moving forward, it is imperative to have more targeted conversations on global ICT supply chain resilience, given the wide-ranging types of actors and impact involved globally.

Nationally, governments must continue to drive nationwide efforts to establish a baseline level of cybersecurity across sectors through laws, regulations, guidelines, training requirements and awareness building. The examples above provide a sense of some of the measures undertaken by governments. 

Given the integrated nature of ICT supply chain resilience, there is a particular need to develop core principles (e.g., security-by-design), technical standards and legislative/regulatory frameworks to ensure a consistent level of cybersecurity and accountability across stakeholders. Self-assessment tools can also be published in addition to facilitate implementation.

Individually, everyone is responsible for ensuring our collective cybersecurity. Naturally, businesses that develop products and maintain systems must lead the way. 

At Kaspersky, we believe that transparency in the components within and connections across software supply chains is the best way to ensure the integrity and trustworthiness of our digital infrastructure. Our commitment to this principle is evidenced by our Global Transparency Initiative, where, among other things, we: 

  • Welcome third parties to review our source code. More recently, we made it easier for our partners and the public to understand what is inside our products by providing a software bill of materials – a list of all the components, information about them, and the relationships between them. 
  • Practice responsible vulnerability disclosure, and have on many occasions, alerted IT companies regarding vulnerabilities in their systems, averting several potentially significant cyberattacks.

Cybersecurity is everyone’s business because our collective cybersecurity is only as strong as that of the weakest link among us. To remain ahead of the game, a holistic approach involving all stakeholders is required. We must look beyond playing catch-up and reacting to cyberthreats. It is imperative to take a long-term approach in designing the cybersecurity ecosystem, which includes building a strong talent pipeline to meet the needs of CERTs, forensic analysis teams, and IT departments, and designing CII that is secure-by-design. 

The ideas above are by no means an exhaustive list, but hopefully, they provide an idea of where to begin – together – in view of the long way that lies ahead of us.

NEWS

Katapult Digital chairman to conduct free brand-building conference in Manila on Thursday

 9:47 p.m. November 5, 2024    

GLOBAL CEO and sports coach James Michael Lafferty will be returning to Manila for a one-day business conference on how to build a top brand nowadays in the age of fast-growing technological revolutions at the Hilton Hotel Newport on Thursday.

Lafferty, the coach and personal adviser of two-time Olympian and Asia’s No. 1 pole vault king EJ Obiena, will conduct a free 2 to 4 p.m. exclusive networking talk on mastering the art of building global brands in an era of rapidly evolving consumer presence.

The two-hour free conference entitled “Building Global Brands” for a limited 30-person attendees plus a livestream availability is organized by Lafferty, who is the chairman of Katapult Digital, and their CEO Francis Uy.

Lafferty, who was recently named for the fourth time as one of the top 100 CEOs by Forbes, has held CEO positions in some of the most iconic branded companies including Procter and Gamble and Coca-Cola.

He is considered one of the world’s leading experts on branding.

Aside from Obiena, former Southeast Asian Games long jump queen Marestella Torres-Sunang was also one of the Filipino national athletes mentored by Lafferty up to now.

Uy will also discuss the Revolution of Artificial Intelligence and Hyper-Targeting and discover how AI and precision marketing are transforming growth strategies and redefining success in the digital age.

For inquiries and interested parties, please RSVP now before spots fill up: Email: roland.espiritu@katapultdigital.com Contact: +639064993789

Continue Reading

NEWS

SM Super Pets Club offers more than paw-sibilities with new Facebook group

9:40 p.m. November 5, 2024

Calling all fur parents! The SM Super Pets Club Facebook group has officially launched in partnership with Grab Pet, and exclusive promos await! Connect with other pet owners, gain first dibs on new discounts from partner brands, and receive free consultations from veterinarians–all by joining the SM Super Pets Club.

The winning super pet and fur-parent duo pose in matching superhero-themed costumes.

The launch, held at SM Aura’s Paw Park on October 19, 2024, brought together excited pet parents for an afternoon filled with fun, bonding, and exclusive freebies. Pets arrived in their best costumes for a contest that saw both parents and furry friends show off their ensembles on stage.

Pets socialize with one another at SM Aura’s Paw Park, located at Skypark on Level 5.

Paw-syal at SM is now easier than ever with Grab Pet, which allows passengers to bring their fur-babies along for the ride.

With Grab Pet, passengers can safely bring their furry friends with them to any SM Paw Park in Metro Manila.

SM Supermalls continues to be a pet-friendly space, with this latest initiative creating an interactive hub for pet owners to share their experiences, tips, and more. Fur parents can expect more exciting events, deals, and community activities as the group expands.

Join the SM Super Pets Club Facebook group to connect with other fur parents and exchange photos of your pets.

Want to see more highlights from the launch event and learn more about the paw-sibilities that await you? Watch the video here:

https://www.facebook.com/plugins/video.php?height=314&href=https%3A%2F%2Fwww.facebook.com%2Fsmsupermalls%2Fvideos%2F583719037641608%2F&show_text=false&width=560&t=0

If you haven’t yet joined the SM Super Pets Club Facebook group, now is the perfect time to do so. For more information, visit www.smsuperpetsclub.com or follow SM Supermalls on all social media.

Continue Reading

NEWS

DITO earns global recognition with 5 awards at 21st International Business Awards

8:00 p.m. November 4, 2024

DITO Telecommunity, the fastest-growing telco in the country, continues to prove its grounds as it recently bagged five awards at the recently concluded 21st International Business Awards (IBA) held in Istanbul, Turkey.

DITO won two silver awards- Influencer Marketing Campaign of the Year and Communications or PR Campaign of the Year-Social Media-Focused – for its Galing DITO 2024 campaign, which was launched early this year and headlined by the emerging Pinoy Pop boy group Alamat.

Moreover, DITO’s commitment to innovation was recognized with three bronze awards- Marketing Disruptor of the Year, User-Centered Redesign Drives Conversions Category: Achievement in User Experience, and Fastest-growing Company of the Year in Asia, Australia, and New Zealand.  These awards underscore DITO’s relentless pursuit of enhancing connectivity and customer service experience for the Filipino people.

According to Evelyn Jimenez, DITO Chief Revenue Officer for Consumer Business, these internationally acclaimed awards reinforce DITO’s position as a dynamic force in the Philippine telecommunications industry.

“As a young telco, we’re honored by these global recognitions that not only validate our team’s hard work and dedication but also cement our position in the Philippine telco industry,” Jimenez said.

“The GalingDITO campaign, which champions Filipino talent and excellence, was one of our key initiatives this year. This campaign is more than just an avenue to spotlight homegrown talents but also a reflection of our continuous commitment towards empowering more Filipinos powered by our inclusive, next-generation technology,” Jimenez added.

The IBA, also known as the “International Stevies,” is the world’s premier business awards program, recognizing outstanding achievements in various industries worldwide.

For more information, check out @DITOphofficial at Facebook and Instagram or visit https://dito.ph/.

Continue Reading