IAA spoke with Cynthia Lee, Regional Director, ASEAN, CyberArk, about the cyber threat landscape in the region and why privileged accounts are important in cybersecurity.
Why is your solution important to the ICS sector?
CyberArk focuses on privileged access security. It is one of the common denominator for most recent cyber-attacks globally. A common denominator increases the importance of privileged access security in all industries including ICS. CyberArk provides new layer of security to all organisations in order to provide them with proactive defence.
What is privileged access security?
Privileged access security is providing logging details to your target system using privileged accounts, which are used by business users. They are those who log on to their ERP or mission critical systems. The users can be non-IT staff.
Second type of users is system administrators. And the third users are the external vendors, such as Schneider Electric and Honeywell for example. They access the organisation’s ICS environment to do the necessary alterations and configurations as well as troubleshooting.
Why do we term it as ‘privileged accounts’?
Privileged accounts have more power over the systems. They are not regular users. In ICS, it is very important to secure the privileged accounts as any compromise can largely impact the operations of a plant, which is detrimental to the business.
What are the progresses in the region with regard to securing ICS?
Singapore has set up a cybersecurity agency. This is a really good move as it has encouraged the other countries in the region to up their cybersecurity as well. For example, Thailand and Indonesia have also announced the establishment of a similar cybersecurity agency following Singapore footsteps.
How does the region view cybersecurity for ICS? Is Singapore the benchmark?
Singapore has always been seen as the foremost advanced in terms of security and the adoption of new technology. I can say that the other countries in the region are starting to build up on their cybersecurity and showing some progress, albeit at a slower pace than Singapore.
What do organisations in the ICS sector need to address?
The organisations must ask “Where are all the privileged accounts in the environment?” First, they need to do a discovery of these accounts so they will know what to secure. Second, is to secure and manage all the privileged accounts. You need to put adequate security around these accounts such as having dual control, for example. Third, is to isolate users logging on to the accounts from the system so that they will not spread the malware. Fourth, is to regularly monitor and inspect the accounts so that they are alerted if there are any suspicious activities, such as major configuration change. Last, is to provide a least privileged access and limit the administrative rights to the users.
What is CyberArk doing to deal with the evolving threat landscape?
Every year, we do a threat landscape report. This report defines the more important things that people would be interested to look at, such how the evolvement of cyber threat is constantly growing. As much as we try to be proactive in securing our systems, cyber attackers are always innovating to compromise with our security. One of the things that are noted in our recent report is that companies still maintain the same cybersecurity strategy even after being attacked. This is a real concern. And about 90 percent of respondents from the energy sector mentioned privileged accounts as most important to secure.