A perfect example of remote-work security challenges occurred when an NTUC employee accidentally downloaded malware onto a laptop he was using to access corporate files by plugging in a personal USB drive. “We received a security alert right away, but the remediation was tough,” recalls Loe. “We actually had to send a cybersecurity staffer to the employee’s house on a motorbike to retrieve the computer for investigation. In the past, we could protect the network by simply cutting off the employee’s laptop access. But when an employee is working from home, we can’t take the chance of losing any data over the internet.”
Welcome to the new cybersecurity threat landscape, where 61% of organizations are increasing cybersecurity investment in the work-from-home pandemic era, according to a 2021 Gartner CIO Agenda survey. Remote workers rely on cloud computing services to do their jobs, whether it’s corresponding with co-workers, collaborating on projects, or joining video-conferencing calls with clients. And when information technology (IT) teams, now at a physical remove, are not responsive to their needs, remote workers can easily shop for their own online solutions to problems. But all that bypasses normal cybersecurity practices—and opens up a world of worry for IT.
Yet for many regions of the world, remote work is just one of many factors increasing an organization’s exposure to cybersecurity breaches. The Asia-Pacific region is no exception, where 51% of organizations surveyed by MIT Technology Review Insights and Palo Alto Networks report having experienced a cybersecurity attack originating from an unknown, unmanaged, or poorly managed digital asset.
Conducting a full inventory of internet-connected assets and rebooting cybersecurity policies for today’s modern remote work environment can mitigate risks. But organizations must also understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in the Asia-Pacific.
To better understand the challenges facing today’s security teams in this region, and the strategies they must embrace, MIT Technology Review Insights and Palo Alto conducted a global survey of 728 respondents, 162 from the Asia-Pacific. Their responses, along with the input of industry experts, identify specific security challenges in today’s IT landscape and provide a critical framework for safeguarding systems against a growing battalion of bad actors and fast-moving threats.
The vulnerabilities of a cloud environment
The cloud continues to play a critical role in accelerating digital transformation. And for good reason: cloud technologies offer substantial benefits, including increased flexibility, cost savings, and greater scalability. Yet, cloud environments are responsible for 79% of observed exposures, compared with 21% for on-premises assets, according to the 2021 Cortex Xpanse Attack Surface Management Threat report.
That’s a key concern, given that nearly half (43%) of Asia-Pacific organizations report that at least 51% of their operations is in the cloud.
One way cloud services can compromise an organization’s security posture is by contributing to shadow IT. Because cloud computing services can be easily bought and deployed, Loe says, “procurement power moves from a company’s traditional finance office to its engineers. With nothing more than a credit card, these engineers can buy a cloud service without anyone keeping track of the purchase.” The result, he says, is “blind spots” that can thwart IT efforts to protect a company’s attack surface— the totality of possible entry points. After all, adds Loe, “We can’t protect what we don’t know exists—that’s an extreme reality today.”
Biocon’s Agnidipta Sarkar agrees. “Without the bureaucracy associated with procuring IT capabilities, shadow IT can run rampant,” says Sarkar, group chief information security officer (CISO) at the Indian pharmaceutical company. “Unless an organization really plans for digital resilience, unplanned and uncontrolled growth of digital assets can escape the focused governance that information security requires.”
The exponential growth of interconnected devices is also challenging organizations to secure their cloud infrastructures. “Many people are not aware that internet-of-things devices such as sensors are actually computers, and that they’re powerful enough to be used to launch bots and other types of attacks,” warns Loe. He cites the example of smart locks and other mobile applications that allow employees to unlock and open doors—and allow hackers to gain unauthorized access to corporate networks.
While cloud services and interconnected devices raise universal cybersecurity issues, Asia-Pacific organizations face additional challenges. For instance, Loe points to the varying degrees of cybersecurity maturity among the region’s countries. “We have countries like Singapore, Japan, and Korea which rank high in terms of cyber maturity,” he says. “But we also embody Laos, Cambodia, and Myanmar, which are at the lowest end of maturity. In fact, some government officials in these areas still use free Gmail accounts for official communication.” Some vulnerable countries have already been used as launchpads for attacks on neighbors, Loe says.
Another factor that distinguished some Asia-Pacific countries from other regions in the world was an unpreparedness to quickly pivot to remote work in the early months of the pandemic. According to Kane Lightowler, vice president of Cortex, Palo Alto’s threat detection platform division, organizations behind in their digital transformation efforts “had to prioritize business continuity first and foremost,” allowing cybersecurity to take a back seat. Unfortunately, he adds, “many of these companies still have not caught up to performing business in a secure and compliant manner. Only now, in 2021, are they starting to prioritize security again.”
Download the full report.
Find out what organizations in other regions of the world are doing to understand and counter today’s cyberthreats.
This content was produced by Insights, the custom content arm of MIT Technology Review. It was not written by MIT Technology Review’s editorial staff.
The Download: Introducing our TR35 list, and the death of the smart city
Spoiler alert: our annual Innovators Under 35 list isn’t actually about what a small group of smart young people have been up to (although that’s certainly part of it.) It’s really about where the world of technology is headed next.
As you read about the problems this year’s winners have set out to solve, you’ll also glimpse the near future of AI, biotech, materials, computing, and the fight against climate change.
To connect the dots, we asked five experts—all judges or former winners—to write short essays about where they see the most promise, and the biggest potential roadblocks, in their respective fields. We hope the list inspires you and gives you a sense of what to expect in the years ahead.
Read the full list here.
The Urbanism issue
The modern city is a surveillance device. It can track your movements via your license plate, your cell phone, and your face. But go to any city or suburb in the United States and there’s a different type of monitoring happening, one powered by networks of privately owned doorbell cameras, wildlife cameras, and even garden-variety security cameras.
The latest print issue of MIT Technology Review examines why, independently of local governments, we have built our neighborhoods into panopticons: everyone watching everything, all the time. Here is a selection of some of the new stories in the edition, guaranteed to make you wonder whether smart cities really are so smart after all:
– How groups of online neighborhood watchmen are taking the law into their own hands.
– Why Toronto wants you to forget everything you know about smart cities.
– Bike theft is a huge problem. Specialized parking pods could be the answer.
– Public transport wants to kill off cash—but it won’t be as disruptive as you think.
Toronto wants to kill the smart city forever
Most Quayside watchers have a hard time believing that covid was the real reason for ending the project. Sidewalk Labs never really painted a compelling picture of the place it hoped to build.
The new Waterfront Toronto project has clearly learned from the past. Renderings of the new plans for Quayside—call it Quayside 2.0—released earlier this year show trees and greenery sprouting from every possible balcony and outcropping, with nary an autonomous vehicle or drone in site. The project’s highly accomplished design team—led by Alison Brooks, a Canadian architect based in London; the renowned Ghanaian-British architect David Adjaye; Matthew Hickey, a Mohawk architect from the Six Nations First Nation; and the Danish firm Henning Larsen—all speak of this new corner of Canada’s largest city not as a techno-utopia but as a bucolic retreat.
In every way, Quayside 2.0 promotes the notion that an urban neighborhood can be a hybrid of the natural and the manmade. The project boldly suggests that we now want our cities to be green, both metaphorically and literally—the renderings are so loaded with trees that they suggest foliage is a new form of architectural ornament. In the promotional video for the project, Adjaye, known for his design of the Smithsonian Museum of African American History, cites the “importance of human life, plant life, and the natural world.” The pendulum has swung back toward Howard’s garden city: Quayside 2022 is a conspicuous disavowal not only of the 2017 proposal but of the smart city concept itself.
To some extent, this retreat to nature reflects the changing times, as society has gone from a place of techno-optimism (think: Steve Jobs introducing the iPhone) to a place of skepticism, scarred by data collection scandals, misinformation, online harassment, and outright techno-fraud. Sure, the tech industry has made life more productive over the past two decades, but has it made it better? Sidewalk never had an answer to this.
“To me it’s a wonderful ending because we didn’t end up with a big mistake,” says Jennifer Keesmaat, former chief planner for Toronto, who advised the Ministry of Infrastructure on how to set this next iteration up for success. She’s enthusiastic about the rethought plan for the area: “If you look at what we’re doing now on that site, it’s classic city building with a 21st-century twist, which means it’s a carbon-neutral community. It’s a totally electrified community. It’s a community that prioritizes affordable housing, because we have an affordable-housing crisis in our city. It’s a community that has a strong emphasis on green space and urban agriculture and urban farming. Are those things that are derived from Sidewalk’s proposal? Not really.”
Rewriting what we thought was possible in biotech
What ML and AI in biotech broadly need to engage with are the holes that are unique to the study of health. Success stories like neural nets that learned to identify dogs in images were built with the help of high-quality image labeling that people were in a good position to provide. Even attempts to generate or translate human language are easily verified and audited by experts who speak a particular language.
Instead, much of biology, health, and medicine is very much in the stage of fundamental discovery. How do neurodegenerative diseases work? What environmental factors really matter? What role does nutrition play in overall human health? We don’t know yet. In health and biotech, machine learning is taking on a different, more challenging, task—one that will require less engineering and more science.
Marzyeh Ghassemi is an assistant professor at MIT and a faculty member at the Vector Institute (and a 35 Innovators honoree in 2018).