By Yeo Siang Tiong
General Manager for Southeast Asia, Kaspersky

A long time ago in the cybersecurity space far far away, the choice of a threat intelligence service was often restricted to a handful of providers. Today, the cybersecurity industry in APAC is worth at least USD 30.45 billion and expected to grow at an annual rate of 18.3% from 2020 to 2025, with multiple cybersecurity vendors seeking a bigger slice of the proverbial pie. 

For any chief information security officer (CISO) or IT lead, operating in today’s highly digitalized environment, not only are they tasked with establishing and maintaining the digital transformation efforts of their companies on a tight budget, they must also ensure that the company’s IT policy is compliant with the data protection regimes in the markets that they operate in. 

Clearly, it is not an easy task to take, but little things like having the right threat intelligence service can make life easier. We have been hearing a lot about this for several years now. But what is it threat intelligence exactly and what you should be looking for in a threat intelligence service provider?

Turning intelligence into action

Let’s have a quick refresher. Threat intelligence is data collected and analyzed by an organization in order to understand a threat actor’s motives, targets, and attack behavior. It empowers organizations of all shapes and sizes to make faster, more informed security decisions and shifts their cybersecurity posture from reactive to proactive in the fight against breaches and targeted attacks. 

I am aware that there are a lot of free threat intelligence if one has a knack on researching. However, let me put it this way. A premium threat intelligence report or feed is like a special block screening of an amazing movie. You get the first dibs of the plot and perhaps get to know the characters even. Eventually, the film will be shown in major cinemas. Then after say, six months or more, it will land on several streaming services.

With us at Kaspersky, we provide comprehensive, real-time, organic, and actionable information on our premium threat reports and data feed which is why they are exclusive to the enterprises and organizations which have subscribed to our services. We see to it that we share such with the law enforcement agencies as well, because cooperation is key to fighting cybercriminals.

After a few months, we will then make such data available in public. Why is it not ideal to wait until the mass release of a threat report? Because it will allow you to act fast, to assess your risks, check your endpoints, fix the loopholes which they may exploit. Because knowing first-hand such critical information can save you money, reputation, and headache. Because proactive security is necessary at this time and age.

You may wonder why don’t we make our findings public to begin with? Let us remember here that public here means anyone – including them, cybercriminals. The last thing we want is to tip them off.

Aside from these, what else should you be looking for in a threat intelligence service provider?

1. Check their sources

Threat intelligence should make your systems smarter through data feeds. To get the feeds you need sensors scattered all across the globe to ensure that your data is reflective of the real-time, global threat landscape. 

For example, our very own Threat Intelligence portfolio is powered by millions of Kaspersky’s global users who agreed to share their anonymized data. This huge network builds our Kaspersky Security Network (KSN) which collects more than 340,000 malicious files per day, allowing us to get rich information compared with firms with limited sensors and workforce.

2. The data collection strategy needs to be GReAT

Speaking of human force, a threat intelligence service’s data collection strategy should be the most important factor to consider in your evaluation of their capabilities because they can only provide intelligence as far as the parameters of their data sources. Given that cybersecurity attacks are often transnational in nature, it is important that a vendor can source information globally and put pieces of the puzzle together in a way that makes sense for your IT staff. It should not be aggregated, it should be organic. It should also be critically monitored and studied by the brightest minds who can understand tactics, techniques, and procedures (TTPs).

To assess whether a threat intelligence service has such a capability, look at their research team and see what kind of campaigns that they have uncovered. For example, Kaspersky’s Global Research & Analysis Team (GReAT) found that the Lazarus APT group shifted their modus operandi to launch targeted ransomware attacks against businesses in Asia, extending as far as France in Q2 this year. 

3. Check the visibility

I have already mentioned the borderless nature of cyberthreats. Hence the visibility of your provider should be another box you have to tick. Look into their Advanced Persistent Threat (APT) logbook and their database. Are they monitoring cyberthreats only from a particular country or region? Or do they have a global reach? Are there researchers only based in one country? Or do they have a network of experts scattered around the world? The answers for these questions are essential.

4. The provider should understand the difference between intelligence and data 

At the heart of the debate between intelligence and data lies the concept of context. Assuming now you’ve got your data sources setup and information is feeding in from all corners of the globe, but you’re asking yourself the million dollar question: how do I know what is important and why is it important?

Things such as threat names, timestamps, resolved IPs addresses of infected web resources are useless on their own if they are not enriched with actionable context. When a relationship context is established, the data can be used more readily to answer the questions of “who”, “what”, “where”, “questions”. It is only at this point that data becomes the finished article – intelligence – and you now receive a boost to incident investigation, as well as uncover new Indicators of Compromise (IoC) in your IT network. 

5. The ability to integrate is key

Integration can be a dirty word of the IT industry. With constant technological upgrades and the evolution of standards happening all the time, the ability to integrate new processes into existing IT operations is a never-ending challenge. 

Similarly, for threat intelligence, it is important that your service provider can provide delivery methods, integration mechanisms and formats that support smooth integration of threat intelligence into your existing security controls. 

The endgame 

The above-mentioned tips are just a few of the many other aspects you should consider when looking for a threat intelligence service, but they serve as a good stepping stone in bolstering your cybersecurity posture for now. With threats becoming increasingly complex and malicious, having the latest enterprise security programs are no longer sufficient. Adding threat intelligence to your arsenal of cybersecurity countermeasures will allow you to bring the fight to them. 

With the lowest recorded drop of 16.5% in the Philippine economy since the mid-80s, Kaspersky advises small and medium enterprise (SME) owners in the country to begin protecting its employees, customers, suppliers, and infrastructure to stay in the game during these uncertain times.

Making short term decisions that will have an impact on their businesses in the longer term should be the SME sector’s top priorities during the current downturn, according to the cybersecurity company.  

“At the onset of the pandemic, we have recommended for companies to look after their employees first and foremost. Nine months into lockdown, we still advise businesses to keep their employees working and provide support for them under the safest possible conditions. At this point, we suggest for businesses with good liquidity to also take care of their customers and suppliers because recovery for every stakeholder means a steady run for the business towards the coming recovery,” says Yeo Siang Tiong, general manager for Kaspersky Southeast Asia. 

For the SME sector, Yeo emphasized the value of making investments in the business’ future during an economic slump, not after.

“If you look at post-recession recoveries in the past, what companies choose to invest into their businesses has played a big role in how weak or strong they fared after a crisis. It’s about time that Filipino SMEs pay attention to this during this period,” says Yeo.

Data from the Philippine Statistics Authority in 2018 show that 99.52 percent of business establishments in the country are MSMEs. In recent years, most small and medium enterprises, like their major league counterparts, have learned to adopt digital tools as they joined the e-commerce arena, enjoying wider market reach and higher revenue than they ever had with offline systems.

Since the start of the lockdown due to the pandemic, the Philippines recorded more than 75,000 online business registrations in the first nine months of the year, one local mobile money services provider reported a 150% surge in registrations in one month and the government allowed 56 more institutions accepting digital payments during the first months of quarantine.

Like the big boys, too, the dynamic SME sector has been officially in the radar of cybercriminals.

In a report from the cybersecurity company, ransomware attacks against almost 19,000 computers of SMEs in the region with Kaspersky software were blocked in the first half of 2019. While the number of ransomware attacks on computers of small and medium enterprises is observed to be dropping, there is a monitored increase in sophisticated targeted ransomware, phishing attacks, and crypto mining attempts.

Unfortunately, the IT department is the least prioritized concern of most SMEs. Oftentimes, the single person assigned to take charge of monitoring the entire infrastructure is not even a full time employee.

Kaspersky shares the following top five tech checks an IT administrator can routinely do:

1. Set an alarm in your calendar about certificate renewal. Potential customers get scared exploring your website further when they get warnings that it has no SSL certificate.
2. Update router firmware. Keeping software up to date means lesser vulnerabilities. 
3. Revoke unnecessary access rights of dismissed employees.
4. Back up your data.
5. Update AV licenses on servers.

Claire Hatcher, head of the fraud prevention department at Kaspersky, said the pandemic has given cybercriminals a new context to exploit but the attack is the same. “The nature of the attack never really changes that much and it naturally increased because people have become susceptible now,” she said.

When a business invests in its people, stakeholders, resources, and processes, they are better able to cope with the outcomes and financial losses from unprecedented times and cybersecurity incidents.

“We found out that small and medium enterprises are willing to know how to perform better especially while securing their cash flow during these times. We know it’s not always economically viable to maintain a dedicated IT security team. Get help on what is not your core. This is where technology can come in to support,” says Yeo.

Businesses with limited cybersecurity expertise and resources but need help on having company-wide insights on incidents and the ability to respond will greatly benefit from solutions such as the new Kaspersky Endpoint Detection and Response Optimum. KEDRO is actually an efficient way for SMEs to reduce costs while saving on protection as it complements protection for endpoints such as mobile phones, tablets, and laptops connected to the company network.

A new Lenovo and Intel commissioned study, “Empower Your Employees with the Right Technology,” conducted by Forrester Consulting, has found that the impact of technology in improving the employee experience (EX), or an employee’s full journey in an organization, is much more than anticipated — highlighting opportunities for organizations’ IT decision makers (ITDMs) in today’s remote and hybrid work environment.

The key insight points out that while companies on average see a 5x return on investment in the EX driven by increased productivity, organizational agility and customer satisfaction, ITDMs and employees disagree on technology priorities. While ITDMs are prioritizing strategic IT integration, software and service needs, employees are more focused on their fundamental daily technology experience.

This suggests that business leaders have room to collaborate more closely with employees on their IT purchase decisions to elevate team engagement, increase customer satisfaction and improve the bottom line.

Bridging the divide between employees and IT decision makers

With organizations now shifting their focus toward remote and hybrid work, ITDMs are upgrading devices, software and services as part of EX initiatives to improve team engagement and satisfaction. Based on the research findings, this has led to more tech spending. IT leaders are reporting a 5x return (USD $1 spent on these programs yields USD $5 of increased staff productivity, organizational agility and customer satisfaction), with many expecting to increase their investment by nearly 25 percent in two years.

Yet employees still report that they’re frustrated with their PC hardware and software experience:

• Fifty (50) percent of respondents say their PC devices are out of date or insufficient (e.g. not fast enough, reliable enough or powerful enough)
• Forty-six (46) percent note their software frequently malfunctions and disrupts their work
• Only 33 percent are extremely satisfied with the current laptop provided by the company
• Only 30 percent said their laptops or desktop work well for cross-collaboration.

Importantly, ITDMs and employees both define employee satisfaction with technology as a crucial goal. Satisfaction with technology also has the greatest observable positive impact: nearly 60 percent of ITDM respondents noted a more than 10-percent increase in EX scores by improving employee satisfaction with technology. It’s evident that IT departments and the technologies they offer are instrumental to driving EX, beyond conventional factors such as human resources, worker benefits and more.

Yet again, there is a clear disconnect between employees and these ITDMs, whose primary concerns are the longevity of their technology investments rather than its impact on team engagement. According to the study, whereas 84 percent of ITDMs believe employees can easily switch to a different PC device if their current one needs to be replaced, only half of employees agree that’s an available solution. Ultimately, both ITDMs and employees agree that refresh cycles can be improved and better aligned. In addition, ITDMs believe the integration of hardware and software will impact EX the most, whereas employees simply want devices that work consistently.

Prioritizing employees to better leverage technology investments

The study outlines a few key recommendations on how business leaders can better improve employee engagement and business outcomes through technology investments.

• Realign investments. While many ITDMs are investing resources into exploring newer, emerging technologies such as 5G, augmented and virtual reality (AR/VR), and artificial intelligence (AI) or machine learning tools, based on worker respondents’ feedback there is an opportunity to focus first on immediate employee priorities—building a strong foundation of collaboration tools and PC devices—while IT departments explore more advanced technology tools in parallel.
• Reorganize priorities. Decision-makers should also focus on improving EX vs only focusing on specific productivity metrics. In fact, according to the study nearly 80 percent of ITDMs plan to focus on improving employee engagement over the next few months.
• Focus on PCs. PCs have become critically important to employees, with 77 percent of full-time employees saying that PC devices are a critical factor in their daily work and collaboration with one another. A renewed focus on PCs can make the greatest impact on the bottom line and customer satisfaction, with most respondents agreeing that PC devices are critical to increasing customer satisfaction (69 percent), revenue growth (62 percent) and employee retention (55 percent).
• Involving employees in PC investment decisions. Overwhelmingly (72 percent) of employees responded that listening to workers or getting clarity on what they need ranks in the top three of what companies should do to improve EX. This feedback is important, as employees understand their work devices’ value in driving business outcomes, based on technology factors such as performance, connectivity, reliability, portability, size/weight, battery life and more. Listening to employee feedback can go a long way towards making the case for better technology options.

“Our new study findings further affirm our belief in the strategic importance of technology as critical investments, and not as simple transaction costs. The right deployment of technologies delivering returns can far exceed the initial expense of new business models and opportunities,” said Christian Teismann,  President, Commercial PC and Smart Devices Business, Lenovo. “Given employees are a company’s greatest asset, the study further maps out opportunities to uplift the return on technology investment by focusing on PC devices and collaboration tools, while better involving employees in purchase decisions. In today’s new remote and hybrid work set-up, these steps are pivotal for companies in yielding opportunities that go far beyond the initial spend on their technology.”