Connect with us

NEWS

Strengthening ICT supply chain resilience is everyone’s business

December 13, 2021 2:22 p.m.

By Genie Sugene Gan, Head of Government Affairs, Asia-Pacific, Kaspersky

NotPetya, WannaCry, ShadowPad, and Sunburst may or may not be household names, but these malware, and many more, have unleashed significant harm on the world.

Recently, one such instance of malware was used to attack an IT services company based in Dublin, which supplies security software to scores of large cybersecurity contractors. Working through the company, hackers infected hundreds of its clients worldwide with ransomware, and demanded USD 50,000–5 million from each business in exchange for the decryption key.

Earlier this year, another attack hit an American IT software company, and subsequently infiltrated nine U.S. federal agencies, including the Office of the President, and the Treasury and Commerce Departments.

What these attacks have in common is their modus operandi: hackers targeted software vendors or IT companies to gain backdoor access to their clients’ systems, infecting hundreds and thousands of systems in one go.

This is perhaps how “supply chain” got its name – each part of the process stream is inevitably linked to another. When one part gets affected, a domino effect soon follows. 

The Problem 

ICT supply chain cyberattacks are on the rise – the European Union for Cybersecurity estimates a four-fold growth in attacks in 2021 compared to 2020. The risk is compounded as vulnerabilities can be introduced at any phase of the ICT life cycle: from design – through development, production, distribution, acquisition and deployment – to maintenance.

The impact of these breaches is also set to grow, given the increasing interconnection of IT systems across organizations, sectors and countries. In a 2019 survey by Gartner, 60% of organizations reported working with more than 1000 third parties.

Upon successful infiltration, cybercriminals enjoy free rein to conduct cyber espionage, steal data and intellectual property, or extort money through ransomware attacks, which have been on the rise. From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware – malware used to extort money from high-profile targets such as corporations, government agencies, and municipal organizations – increased by 767%.

While the impact on governments and enterprises may feature more prominently, the wider public is not spared. An attack on a grocery chain could force the temporary closure of scores of supermarkets, or a virus may be unleashed on millions of PC users through a software update (as, for example, occurred in the ShadowHammer3+1 attack, which Kaspersky detected and promptly mitigated in 2019). Taking it further, the compromise of systems providing healthcare or public utilities may disrupt the provision of these essential services. And these are the very day-to-day things that affect individuals like you and me. 

Early Responses

Recognizing the risks and impact of supply chain cyberattacks, more countries are taking action. Since 2020, national cybersecurity strategies were either released or updated across Asia-Pacific, including in Singapore, Malaysia, Australia and Japan. Other countries, like Vietnam, India and Indonesia, are soon expected to release their own national strategies or implementation details too.

But when it comes to ICT supply chain resilience, the solution is more complex in view of the multitude and range of stakeholders involved. Some governments have intervened, with a focus on protecting the ICT supply chains of Critical Information Infrastructure (CII):

  • In 2018, the U.S. Department of Homeland Security established the ICT Supply Chain Risk Management Task Force, a public-private partnership to develop consensus on risk management strategies to enhance global ICT supply chain security. The Task Force has released guidelines on the sharing of supply chain risk information, and risk considerations for managed service provider customers.
  • The Australian Cyber Security Centre also published guides this year for businesses to identify cybersecurity risks associated with supply chains, and to manage these risks.
  • The Cybersecurity Agency of Singapore announced that it will shortly launch a CII Supply Chain Programme for stakeholders to adhere to international best practices and standards for supply chain risk management.

The Way Ahead

The global nature of ICT supply chains necessitates a stronger, coordinated response at every level.

Globally, countries and International Organizations (e.g., INTERPOL, the UN, ASEAN, Europol) have taken steps to tighten cooperation and share best practices:

  • Multilateral platforms – Today, the United Nations Group of Governmental Experts and Open-ended Working Group are platforms that can be used by countries to develop consensus around cyber processes and norms. Conferences such as the UN Internet Governance Forum provide further opportunities to discuss at the working level: in 2020, Kaspersky together with our partners organized a workshop to discuss the need and ways to develop assurance and transparency in global ICT supply chains.
  • Bilateral partnerships – Countries around the region, including Vietnam, India, Japan, Singapore, China and South Korea, have committed to MOUs on various aspects of cybersecurity – an important step in making progress domestically and globally.

While each of these platforms plays an important role in building consensus, exchanging knowledge and best practices, and harmonizing standards, moving forward, it is imperative to have more targeted conversations on global ICT supply chain resilience, given the wide-ranging types of actors and impact involved globally.

Nationally, governments must continue to drive nationwide efforts to establish a baseline level of cybersecurity across sectors through laws, regulations, guidelines, training requirements and awareness building. The examples above provide a sense of some of the measures undertaken by governments. 

Given the integrated nature of ICT supply chain resilience, there is a particular need to develop core principles (e.g., security-by-design), technical standards and legislative/regulatory frameworks to ensure a consistent level of cybersecurity and accountability across stakeholders. Self-assessment tools can also be published in addition to facilitate implementation.

Individually, everyone is responsible for ensuring our collective cybersecurity. Naturally, businesses that develop products and maintain systems must lead the way. 

At Kaspersky, we believe that transparency in the components within and connections across software supply chains is the best way to ensure the integrity and trustworthiness of our digital infrastructure. Our commitment to this principle is evidenced by our Global Transparency Initiative, where, among other things, we: 

  • Welcome third parties to review our source code. More recently, we made it easier for our partners and the public to understand what is inside our products by providing a software bill of materials – a list of all the components, information about them, and the relationships between them. 
  • Practice responsible vulnerability disclosure, and have on many occasions, alerted IT companies regarding vulnerabilities in their systems, averting several potentially significant cyberattacks.

Cybersecurity is everyone’s business because our collective cybersecurity is only as strong as that of the weakest link among us. To remain ahead of the game, a holistic approach involving all stakeholders is required. We must look beyond playing catch-up and reacting to cyberthreats. It is imperative to take a long-term approach in designing the cybersecurity ecosystem, which includes building a strong talent pipeline to meet the needs of CERTs, forensic analysis teams, and IT departments, and designing CII that is secure-by-design. 

The ideas above are by no means an exhaustive list, but hopefully, they provide an idea of where to begin – together – in view of the long way that lies ahead of us.

NEWS

Atayde bats for moratorium on student loan payments during emergencies, calamities

March 17, 2023 9:00 p.m.

STUDENTS won’t have to worry paying their loans during times of calamities and emergencies, as Quezon City first district Congressman Juan Carlos “Arjo” Atayde has introduced a moratorium on the payment of student loans administered by higher educational institutions (HEIs).

The House Bill 7279, which Atayde filed last Feb. 21, headed into its first reading six days later in the Committee on Higher and Technical Education, chaired by Baguio City Rep. Mark O. Go.

He said the bill — once it turns to a law — will halt the payment of all the fees, charges, and costs relating to student loans and technical-vocational training institutions (TVIs) or by the Unified Student Financial Assistance System for Tertiary Education (UNIFAST) during emergencies.

It will cover all students residing in areas declared to be under a state of calamity or emergency — those who are enrolled in state universities and colleges (SUCs), local universities and colleges (LUCs), private HEIs, and public and private TVIs.

“We have to find a way to help our students and their families, when natural or even these man-made calamities hit them hard. We just have to make everything easy for them including a moratorium on the payment of student loans,” Atayde said. “It is a burden on a student and their family especially in difficult times like aftermath of typhoon, fire and earthquakes, among other disasters.”

“In the order of spending, student loans will be their least priority since spending will go mostly to basic necessities for survival,” Atayde added.

The moratorium shall be effective for the duration of the state of calamity or emergency and for 30 days after its lifting. No penalties shall be collected on the deferred payments.

“To provide adequate relief and protection to our students in times of calamities and emergencies, this measure shall allow the deferral of student loan collections for a reasonable period during and after the onset of disasters.”

The Quezon City lawmaker cited also the availability of the moratorium, which shall not adversely affect the status of the students concerned with regard to their eligibility for re-enrollment on the succeeding semesters or terms, or their eligibility for graduation.

“The proposed legislation doesn’t prevent public and private HEIs from implementing more favorable forms of payment relief or assistance to students affected by disasters, prohibiting students from voluntarily waiving the moratorium on student loan payments, or availing subsidies and assistance from the government,” Atayde concluded.

Continue Reading

NEWS

ShopeePay now available as a payment method for App Store, other Apple services in PH

March 16, 2023 1:59 p.m.

Beginning today, ShopeePay, Shopee’s integrated mobile wallet, is now available as a payment method for Apple services in the Philippines. Customers can use their ShopeePay account to pay for App Store, Apple Music, Apple TV app, and iTunes Store purchases, iCloud storage and more.

The addition of ShopeePay as an Apple ID payment method offers a new way to pay for Apple services without needing a credit card and still allows for easy, secure one-tap purchasing from Apple products including iPhone, iPad and Mac. 

Customers can manage their Apple ID payment information in Settings on iPhone and  iPad, or on their Mac or PC.

Agatha Soh, Director at ShopeePay commented, “ShopeePay is committed to meeting the needs of users who are increasingly expecting seamless payments across all platforms. We are excited to offer  ShopeePay as a convenient payment option for our customers, and expand  access to digital payments, benefitting more users.”

For more information on how to add ShopeePay as a payment method, please visit https://support.apple.com/en-us/HT201266 or https://shopee.ph/m/ShopeePay-Apple-ID-PH.

Continue Reading

NEWS

Be bolder, braver, more confident at SM Supermalls’ Women’s Month celebration!

March 8, 2023, 8:30 p.m.

Ladies, take center stage as SM celebrates Women Power throughout the month of March. Lots of activities both online and on-ground are in store to empower women and girls all over the country. 

Join the Future of Women Global Summit

SM Supermalls will be joining UN Women in kicking off the IWD 2023 celebration through a women’s summit on March 8, at the SM Aura Premier Samsung Hall. Focusing on the future of women in ICT, the two-part event will gather young women, country leaders, policy makers, and advocates together to share perspectives and affirm their commitment to supporting digital equality for women and girls. 

Photo courtesy of SM City Lucena

Photo courtesy of SM City San Jose del Monte

Support your local Womenpreneurs

Great finds for ladies are on sale at the SM Womenpreneur Market! This pop-up of small and medium businesses owned by women for women will give you everything you need from food and beauty to wellness and fashion! 

Wednesdays are for women!

Shopping on Wednesdays has become even more tempting because the Women’s Wednesday Sale is back! Achieve the glow-up you deserve with special discounts, deals, and promos on fashion, beauty, and fitness exclusively for women every Wednesday of March. So don’t hold back on your shopping; you deserve all these and more!

A beautiful treat of wellness all for you

Forda glow-up and pampering sesh tayo this month because lots of self-care deals are available at the Women’s Wellness Sale. Avail of great deals from wellness salons on facials, hair and body treatments, nail care, and massage from March 1 to March 31.

And more deals online!

Special deals are up for women via the SM Malls Online app. Get the best brand offerings every Wednesday from shoes and beauty and wellness to home and hobbies. Use the code WOMEN and get an extra 10% off, capped at 250. What’s great is that there’s no minimum purchase required! 

Also, a collection of brand vouchers will be sent to all women SM Malls Online shoppers valid all month. Wait for your Beauty Pass and give yourself the retail therapy you deserve with tons of discounts, GWP deals, samplers, in-store pick up bonuses, and mystery boxes!

Plus, the SM Malls Online app will be hosting self-care sessions online. Follow SM Supermalls on social media to get a dose of starter packages, Get-Ready-With-Me routines, and beauty products that your favorite beauty experts swear by.

Photo courtesy of SM City East Ortigas

Photo courtesy of SM City Manila

Celebrate Women Power on IG!

Capture the beauty and power of women at the beautiful spots and installations all over SM. Be free to express your own uniqueness and creativity in the specially-designed selfie spaces in partnership with Selfie Studio. Don’t forget to tag us on IG!

We don’t know about you but exciting days await every SM woman. So be bolder, braver, and more confident! With these activities, you can confidently step forward in fashion, beauty, wellness, and express yourselves to make a positive impact.

Stay updated on all things women this IWD 2023 by visiting www.smsupermalls.com and following @smsupermalls on social media. 

Continue Reading