The 2023 State of Cybersecurity in ASEAN Report by Palo Alto Networks, a global cybersecurity leader, has shed light on a concerning statistic: one in three small and medium enterprises (SMEs) in the Philippines and Southeast Asia lacks confidence in effectively monitoring cybersecurity breaches within the framework of a hybrid work environment. As 41% of their operations and processes now run in the cloud, accommodating both on-site and remote work setups, SMEs express heightened apprehension about specific threats, notably password attacks (63%), malware intrusions (56%), and account takeovers (53%).
Steven Scheurmann, Vice President for ASEAN at Palo Alto Networks, emphasized, “During this Cybersecurity Awareness Month in October, we are doubling down on our commitment to empower SMEs with robust cybersecurity capabilities, recognizing their critical role as the backbone of our economy. It’s imperative to understand that SMEs, much like larger enterprises, house valuable data coveted by cyber adversaries for financial exploitation.”
For the second consecutive year, SMEs have prioritized adopting cloud security as a core cybersecurity strategy. However, the persistent adoption of hybrid work models presents ongoing challenges for SMEs in safeguarding their cloud-based applications and services, primarily due to the associated risks tied to unsecured home networks and personal devices. These risks encompass potential data breaches, posing threats to both SME employees and customers, potentially leading to identity theft and unauthorized financial transactions. These vulnerabilities render it difficult for almost one-third of SMEs to procure a comprehensive suite of cybersecurity solutions suitable for the hybrid work landscape.
To effectively navigate these evolving threats, Scheurmann underscored essential considerations that SMEs should prioritize when securing their cloud infrastructure in hybrid environments:
- Holistic Visibility of Network Traffic: Drawing an analogy to a bustling airport, where employees operate from different ‘terminals’ or physical locations, such as offices, homes, or remote sites, the challenge is akin to airport security—ensuring that only authorized ‘passengers’ (devices and users) have access to ‘network flights’ (data and applications). Holistic visibility ensures that authorized users and devices are granted access while enhancing overall cybersecurity.
- Zero Trust Network Access (ZTNA): Operating on the principle of ‘never trust, always verify,’ ZTNA acts as a diligent security manager, akin to managing access in a mall establishment, where employees (‘tenants’) must validate their identification and purpose before accessing restricted areas for authorized personnel.
- AI and Machine Learning: AI-backed machine learning in network security, akin to personalized content recommendations on social media, analyzes network traffic and predicts and prevents cyber threats that are becoming increasingly sophisticated due to AI. These AI-driven firewalls continuously adapt, enabling SMEs to protect themselves from emerging threats effectively.
Scheurmann concluded, “Even for small-sized and resource-constrained businesses, establishing a formidable security posture is achievable, making it challenging for attackers to breach, provided a strong cybersecurity hygiene culture is upheld within the company. Holistic visibility, a zero-trust approach, and AI integration are crucial in helping SMEs scale up their cloud security to protect against both current and future threats, regardless of their chosen work location.”
