Connect with us

NEWS

Strengthening ICT supply chain resilience is everyone’s business

December 13, 2021 2:22 p.m.

By Genie Sugene Gan, Head of Government Affairs, Asia-Pacific, Kaspersky

NotPetya, WannaCry, ShadowPad, and Sunburst may or may not be household names, but these malware, and many more, have unleashed significant harm on the world.

Recently, one such instance of malware was used to attack an IT services company based in Dublin, which supplies security software to scores of large cybersecurity contractors. Working through the company, hackers infected hundreds of its clients worldwide with ransomware, and demanded USD 50,000–5 million from each business in exchange for the decryption key.

Earlier this year, another attack hit an American IT software company, and subsequently infiltrated nine U.S. federal agencies, including the Office of the President, and the Treasury and Commerce Departments.

What these attacks have in common is their modus operandi: hackers targeted software vendors or IT companies to gain backdoor access to their clients’ systems, infecting hundreds and thousands of systems in one go.

This is perhaps how “supply chain” got its name – each part of the process stream is inevitably linked to another. When one part gets affected, a domino effect soon follows. 

The Problem 

ICT supply chain cyberattacks are on the rise – the European Union for Cybersecurity estimates a four-fold growth in attacks in 2021 compared to 2020. The risk is compounded as vulnerabilities can be introduced at any phase of the ICT life cycle: from design – through development, production, distribution, acquisition and deployment – to maintenance.

The impact of these breaches is also set to grow, given the increasing interconnection of IT systems across organizations, sectors and countries. In a 2019 survey by Gartner, 60% of organizations reported working with more than 1000 third parties.

Upon successful infiltration, cybercriminals enjoy free rein to conduct cyber espionage, steal data and intellectual property, or extort money through ransomware attacks, which have been on the rise. From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware – malware used to extort money from high-profile targets such as corporations, government agencies, and municipal organizations – increased by 767%.

While the impact on governments and enterprises may feature more prominently, the wider public is not spared. An attack on a grocery chain could force the temporary closure of scores of supermarkets, or a virus may be unleashed on millions of PC users through a software update (as, for example, occurred in the ShadowHammer3+1 attack, which Kaspersky detected and promptly mitigated in 2019). Taking it further, the compromise of systems providing healthcare or public utilities may disrupt the provision of these essential services. And these are the very day-to-day things that affect individuals like you and me. 

Early Responses

Recognizing the risks and impact of supply chain cyberattacks, more countries are taking action. Since 2020, national cybersecurity strategies were either released or updated across Asia-Pacific, including in Singapore, Malaysia, Australia and Japan. Other countries, like Vietnam, India and Indonesia, are soon expected to release their own national strategies or implementation details too.

But when it comes to ICT supply chain resilience, the solution is more complex in view of the multitude and range of stakeholders involved. Some governments have intervened, with a focus on protecting the ICT supply chains of Critical Information Infrastructure (CII):

  • In 2018, the U.S. Department of Homeland Security established the ICT Supply Chain Risk Management Task Force, a public-private partnership to develop consensus on risk management strategies to enhance global ICT supply chain security. The Task Force has released guidelines on the sharing of supply chain risk information, and risk considerations for managed service provider customers.
  • The Australian Cyber Security Centre also published guides this year for businesses to identify cybersecurity risks associated with supply chains, and to manage these risks.
  • The Cybersecurity Agency of Singapore announced that it will shortly launch a CII Supply Chain Programme for stakeholders to adhere to international best practices and standards for supply chain risk management.

The Way Ahead

The global nature of ICT supply chains necessitates a stronger, coordinated response at every level.

Globally, countries and International Organizations (e.g., INTERPOL, the UN, ASEAN, Europol) have taken steps to tighten cooperation and share best practices:

  • Multilateral platforms – Today, the United Nations Group of Governmental Experts and Open-ended Working Group are platforms that can be used by countries to develop consensus around cyber processes and norms. Conferences such as the UN Internet Governance Forum provide further opportunities to discuss at the working level: in 2020, Kaspersky together with our partners organized a workshop to discuss the need and ways to develop assurance and transparency in global ICT supply chains.
  • Bilateral partnerships – Countries around the region, including Vietnam, India, Japan, Singapore, China and South Korea, have committed to MOUs on various aspects of cybersecurity – an important step in making progress domestically and globally.

While each of these platforms plays an important role in building consensus, exchanging knowledge and best practices, and harmonizing standards, moving forward, it is imperative to have more targeted conversations on global ICT supply chain resilience, given the wide-ranging types of actors and impact involved globally.

Nationally, governments must continue to drive nationwide efforts to establish a baseline level of cybersecurity across sectors through laws, regulations, guidelines, training requirements and awareness building. The examples above provide a sense of some of the measures undertaken by governments. 

Given the integrated nature of ICT supply chain resilience, there is a particular need to develop core principles (e.g., security-by-design), technical standards and legislative/regulatory frameworks to ensure a consistent level of cybersecurity and accountability across stakeholders. Self-assessment tools can also be published in addition to facilitate implementation.

Individually, everyone is responsible for ensuring our collective cybersecurity. Naturally, businesses that develop products and maintain systems must lead the way. 

At Kaspersky, we believe that transparency in the components within and connections across software supply chains is the best way to ensure the integrity and trustworthiness of our digital infrastructure. Our commitment to this principle is evidenced by our Global Transparency Initiative, where, among other things, we: 

  • Welcome third parties to review our source code. More recently, we made it easier for our partners and the public to understand what is inside our products by providing a software bill of materials – a list of all the components, information about them, and the relationships between them. 
  • Practice responsible vulnerability disclosure, and have on many occasions, alerted IT companies regarding vulnerabilities in their systems, averting several potentially significant cyberattacks.

Cybersecurity is everyone’s business because our collective cybersecurity is only as strong as that of the weakest link among us. To remain ahead of the game, a holistic approach involving all stakeholders is required. We must look beyond playing catch-up and reacting to cyberthreats. It is imperative to take a long-term approach in designing the cybersecurity ecosystem, which includes building a strong talent pipeline to meet the needs of CERTs, forensic analysis teams, and IT departments, and designing CII that is secure-by-design. 

The ideas above are by no means an exhaustive list, but hopefully, they provide an idea of where to begin – together – in view of the long way that lies ahead of us.

NEWS

Motolite cranks up sustainability drive with use of e-bikes for delivery

10:12 p.m. January 22, 2025

Motolite, the country’s leading, most trusted battery brand and leader in technology and product innovation, shifted its sustainability drive to a higher gear as it started deploying to key outlets eco-friendly e-bikes for the delivery of batteries to customers.

These e-bikes will now be part of the delivery fleet of Motolite Express Hatid (MEH) hubs and will be used by well-trained technicians in providing services to motorists.

The deployment of e-bikes started last November 28, with the MEH Maceda Hub and Cebu Hub receiving the initial batches of three units each. The MEH hubs in Mindanao Avenue, Las Pinas, Mandaluyong, Katipunan, and Pasong Tamo are also included in the project’s pilot phase.

E-bikes produce zero emissions, making them a more environment-friendly option for delivery. They help reduce air pollution and have three times less carbon footprints than conventional vehicles.

E-bikes also do not contribute to noise pollution and are lighter and easier to navigate than regular motorcycles, especially on busy metropolitan roads. Their speed is also comparable to conventional gas-powered motorcycles.

The deployment of e-bikes for delivery is part of Motolite’s heightened sustainability campaign, which also includes programs for the recovery and recycling of used lead acid batteries (ULAB) and the mounting of solar panels on the rooftops of its retail, warehousing, and production facilities.

Motolite’s battery production plants in Bulacan alone have an installed photovoltaic system capacity of 7,472 kWp, cutting its carbon footprint by 2,346 tons of CO2.

Both the solar panels and e-bikes are being supplied by Greener Solar Power and Electric Motor, Inc. (GEMI), a rising player in the country’s green energy sector.

Motolite’s ULAB recovery and recycling program, meanwhile, significantly reduced its dependence on fresh plastic resins and newly mined lead for its battery production.

“We are looking for every opportunity to contribute to the global effort to limit climate change. We are the only battery brand that takes its sustainability drive seriously, from manufacturing to retail and delivery,” Richard A. Chan, Motolite Vice President for Sales and Marketing, shared.

Aside from its free battery delivery 24/7 nationwide, Motolite also provides services to motorists such as emergency refueling, jumpstarting a dead battery, assisting with overheating, and changing a flat tire via the Motolite Res-Q App. 

Continue Reading

NEWS

The story on how EJ Obiena vaulted over controversy

6:57 a.m. January 17, 2025

Asia’s no. 1 pole vaulter, the Philippines Ernest John Obiena is expected to join the World Athletics Championship in Tokyo, Japan.

The Philippines’ top pole vaulter and Olympian EJ Obiena faced a challenging moment when he became the subject of a controversial accusation last October, 2023.

However, the 29-year-old athlete demonstrated grace under pressure, addressing the claims with professionalism and composure. His dignified response not only refuted the allegations, but also earned widespread praise. Ultimately, the accuser issued a public apology, acknowledging the false nature of the claims against him.

Behind the scenes, Obiena’s coach and mentor, James Michael “Jim” Lafferty, played a vital role in guiding the athlete through the ordeal.

Lafferty, a seasoned executive coach and motivational speaker, provided strategic PR and crisis management support to help Obiena navigate the situation effectively. Known for his dedication to nurturing athletic talent, Lafferty has also mentored other Filipino Olympians, including long jumper Marestella Torres-Sunang.

Jim Lafferty (left) and two-time Olympian EJ Obiena

“Whilst I have long stated that EJ Obiena is a world-class athlete, yet an even better human being, he, like all celebrities, has been unfairly embroiled in various controversies,” Lafferty recalled.

He highlighted Obiena’s remarkable ability to overcome challenges, including handling multiple crises over the years.

Despite these hurdles, Obiena rose to become the world’s No. 2 pole vaulter, Asia’s top pole vaulter, a member of the six-meter club, and now a two-time Olympian.

Recognizing a broader need for expert crisis management among businesses and public figures, Lafferty, who also serves as the Chairman of Katapult, one of the country’s leading end-to-end marketing solutions providers, took action.

“Sensing the need to better serve EJ and other clients, Katapult has established a new PR and Crisis Management division as of January 1,” Lafferty said.

Lafferty is collaborating with Media Head Anika Basa and Data Analytics Head David Rosario to ensure the seamless integration of services.

The launch of this division underscores Katapult’s commitment to help clients navigate challenges, while safeguarding their reputations and achieving sustainable growth.

Lafferty’s leadership experience spans over three decades, during which he has held CEO roles at multinational companies such as Procter & Gamble, Coca-Cola, British American Tobacco, and Fine Hygienic Holding. His proven track record of driving success across industries makes him exceptionally qualified to lead Katapult’s PR and Crisis Management division.

CEO Francis Uy highlighted Katapult’s comprehensive approach: “Katapult was born as a digital-first company with a sniper-shotgun strategy—combining precision targeting of specific consumer personas with broad-reaching campaigns that maximize impact. By leveraging insights from our AI-powered platform, we not only drive marketing success but also provide a robust safety net for brands navigating crises. With our expanded services, including PR and crisis management, we ensure our clients’ reputations are protected and their stories resonate in even the most challenging situations.”

Rosario’s team enables hyper-precise consumer targeting, fostering authentic campaigns and lasting connections.

Together with Basa’s team, they seamlessly execute the Sniper-Shotgun Approach—combining the wide-reaching impact of a shotgun with the pinpoint precision of a sniper rifle to deliver tailored ads that drive maximum impact.

Discover how Katapult can help safeguard your brand’s reputation and lead you through any crisis with precision and expertise. Reach out today to learn how we can support your brand’s continued growth, no matter the challenges ahead.

Check us out at katapultdigital.com.

Continue Reading

NEWS

Agoda: Cebu is tourist favorite to welcome ‘The Year of the Snake’

10:30 a.m. January 13, 2025

As the Lunar New Year approaches, digital travel platform Agoda unveils Cebu to be the most sought-after destination for international visitors celebrating the start of ‘The Year of the Snake’ in the Philippines. Agoda further reports that, based on accommodation searches made on the platform, Manila is the top-searched domestic destination, with Hong Kong being the most popular among Filipino travelers looking to spend the Lunar New Year holiday abroad.

International travelers are increasingly looking to the Philippines as a Lunar New Year destination, with accommodation searches growing 19% compared to the previous year. The archipelago draws the most visitors from South Korea, United States and mainland China. Cebu, with its world-renowned beaches, marine life, and cultural heritage continues to charm as the top destination for international travelers during the holiday period, with accommodation searches rising 15% from last year.

Domestic travel during the Lunar New Year holiday is also increasingly popular in the Philippines as witnessed by a 52% rise in accommodation searches on Agoda. The most popular destination for domestic travel is Manila, with a nearly 50% increase in searches compared to last year. The capital is a favorite among Filipinos looking to usher in the Lunar New Year in what is said to be one of the oldest Chinatowns in the world, featuring traditional dances, lantern-lined streets and festive fare.

For Filipinos looking to celebrate ‘The Year of the Snake’ abroad, Hong Kong slithers into the lead with a 120% growth in accommodation searches compared to the previous year, overtaking Tokyo. With its impressive skylines and melting pot of cultures, Hong Kong offers an exciting array of festivities including fireworks, parades and performances to usher in a prosperous new year. Overall, outbound accommodation searches increased by 67%, indicating Filipino travelers’ growing desire to spend the holiday period abroad.

Mike Hwang, Country Director, Philippines at Agoda said, “The Lunar New Year holiday is one of Asia’s most popular travel periods and it’s great to see growing interest in the Philippines from international and domestic travelers alike. Cities like Cebu and Manila showcase the wonderful diversity of experiences in the Philippines, from stunning island escapes to cultural festivities in the heart of the capital city. Whether celebrating the new year from the Philippines or traveling abroad, Agoda offers travelers great deals on flights, accommodations and activities to usher in the Year of the Snake.”

The Lunar New Year holiday marks new beginnings and the arrival of Spring, making it a significant travel period as people look to reunite with family and friends. ‘The Year of the Snake’ symbolizes rebirth and transformation and is said to present an auspicious opportunity for embracing self-discovery and exploring new horizons. Known for their association with good fortune, snakes inspire travelers to shed the old and welcome the new — whether by rediscovering familiar places or venturing abroad during this festive season.

Looking at the combined preferences for Asian travelers, Japanese cities in particular emerged as favorites for the Lunar New Year holiday, with Tokyo taking the crown followed by Bangkok (Thailand), Osaka (Japan), Fukuoka (Japan), and Seoul (South Korea). 

As travelers prepare to shed the old and embrace the new, Agoda offers exceptional deals for their Lunar New Year holiday on over 4.5 million holiday properties, more than 130,000 flight routes, and over 300,000 activities and experiences that are available on the platform. The latest deals are available in the Agoda app or on agoda.com/deals.

Continue Reading