APAC: Security in today’s hybrid workplace

Preceding COVID-19, large multinational corporations toyed around with the idea of a hybrid workplace, with a small minority of employees actually living the hybrid work life. However, with several cultural and technological barriers, it was impossible to imagine industry-wide shifts to a hybrid model – structural shifts like these do not occur without a catalyst.

 

Now, well into the pandemic, several organisations are beginning to see gains to the bottom-line, from reduced overhead costs to greater employee productivity and morale. Previously perceived as an imposition, this safe-management emergency measure is now starting to make sound business sense for multiple reasons across various industries. With several Multinational Corporations looking into making this a more permanent feature, it will not be long before other organisations follow suit.

 

Setting the context: The hybrid workplace in the Asia-Pacific region

 

According to a study by Deloitte, “up to 47.8 million people in the ASEAN-6 nations (Indonesia, Malaysia, Singapore, Philippines, Thailand, and Vietnam) could shift to working remotely over a multi-year time horizon.

 

The potential for a hybrid/remote workplace is determined by the employees’ nature of tasks – certain industries such as construction and agriculture have the lowest potential for hybrid/remote work. In line with this, Singapore and Malaysia are expected to lead the region in the structural shift to remote working “with a potential remote workforce of up to 45% and 26% respectively due to the dominance of service industries”.

 

Economies like Thailand, Indonesia, Philippines, and Vietnam may notice productivity gains from the reduced commute time, with a potential remote workforce of up to 15%, 16%, 22% and 13% respectively.

Source: Remote work: A temporary ‘bug’ becomes a permanent ‘feature’. 2020 Deloitte Consulting Pte Ltd.

 

While the nature of work plays the biggest role in determining the potential for a remote workplace, other factors such as culture and access to technology are significant determinants as well. Home to 60% of the world's population, the APAC region is one of the most heterogeneous regions in terms of culture and technological adeptness, both of which are crucial factors in determining how the concept of a hybrid workplace will be embraced. For instance, citing a culture of “presenteeism” within the Japanese workforce, researchers have identified that many expressed reluctance towards remote working because employees were doubtful “as to whether employers would evaluate their telework performance correctly and fairly”.

 

Despite the above, it is still clear that some form of hybrid working is here to stay succeeding the pandemic. There are significant advantages to this working model, and the best way for businesses to reap these gains would be to first and foremost, invest in the right technology to enable their workers to be productive and collaborate securely.

 

Evolving security threats and opportunist hackers

 

A study commissioned by Cisco revealed that cyber security threats or alerts have increased by 25% or more according to 6 out of 10 businesses surveyed. Ensuring secure access was cited as the top cybersecurity challenge by 62% of companies surveyed, with 85% citing cybersecurity as their top priority.

 

This is a valid concern - Opportunist hackers have taken advantage of the abrupt shift to remote working, which has left many businesses without adequate security and cloud infrastructure vulnerable. Cyber-attacks on Domain Name Systems (DNS) in APAC has seen a sharp increase since the outbreak, and according to an IDC InfoBrief, sponsored by Efficient iP, “Malaysia saw the sharpest increase in damages at 78%, with the average cost per DNS attack growing from $442,820 in 2019 to $787,200 last year.” Phishing attacks have also seen an exponential rise in the region – Singapore has the second highest phishing rate in Asia at 46%, followed by Malaysia at 43%.

 

Using sophisticated data harvesting malware such as Remote Access Trojan, info stealers and the likes, opportunist hackers have managed to steal sensitive company data, as well as money. Software security measures that constantly assess and mitigate against threats and vulnerabilities should be put in place in order to protect corporate data. Secured-core PC, a Microsoft initiative backed by AMD, enables staff to boot laptops with robust security features to help ensure they’re protected against firmware vulnerabilities and unauthorised access.

 

Foundations of hardware security: Hardware root of trust and memory encryption

 

When purchasing/upgrading hardware for employees, it is important to keep in mind that the right PC will allow businesses to adopt a holistic, multi-layered approach to security. In addition to PC and Operating Systems (OS) security features and functions, a PC with integrated on-chip security features can stand to benefit from multiple additional layers of protection, from helping ensure a secure boot through to operations.

 

“Hardware root-of-trust” is the foundation of layered security features in computing operations, relying on cryptographic keys to enable safe boot. It is a key component, which is why AMD CPU architectures ship out with a dedicated hardware security processor known as the AMD Secure Processor (ASP). The ASP acts as hardware root-of-trust, providing platform integrity by authenticating initial firmware loaded on the platform. If errors or modifications are detected, they are automatically denied access, helping ensure a secure boot and providing a layer of protection against malicious firmware.

 

That being said, businesses need to consider purchasing PCs with an additonal layers of security. With more and more people exploring different places to work, risks of laptop thefts, along with its confidential and proprietary information rise. In the event of a laptop theft, software-based full disk encryption (FDE) is typically the first line of defence in protecting user data. However, it has limitations and ultimately leaves data open to hackers - hackers may be able to decipher cryptographic keys if they’re all in clear text, including those used for drive encryption/decryption. An effective way to prevent this is by encrypting the system memory. This way, if a laptop gets into the wrong hands, they would not be able to simply bypass the FDE by accessing keys stored in memory. This is precisely why all AMD processors with PRO technologies come with multi-layer security, including the layer of encryption protection available with AMD Memory Guard that helps prevent the above from taking place.

 

Organisation-wide cyber-security measures

 

One of the most effective measures against cyber-threats is to influence change in the workforce’s online behaviour by providing adequate cyber security training, and regular refresher courses, as threats continue to evolve. It is absolutely crucial that employees are kept privy to the potential risks out there, taught to identify malicious online activity and rectify it proactively. As employees are educated on the potential cyber risks out there, they will also develop the confidence to work remotely and independently on a long-term basis.

 

A virtual private network (VPN) is the very first thing that should be installed on all laptops to help ensure that employees who work remotely can continue to benefit from the same cyber-security offered in the workplace. A VPN is an affordable service that can be employed in a range of devices - from laptops, to tablets and smartphones; a preventative measure to help ensure employees’ data, conversations and internet use will be encrypted and remain secure. While effective corrective measures exist, they are only useful to a certain extent. Reactively installing antivirus software following the detection of malicious internet activity is only effective if employees are aware of how to detect and identify malicious code. It is absolutely important to keep in mind that there are extremely sophisticated methods that can go undetected, even to the trained-eye. Prevention is better than cure!

 

Cloud security is another pertinent area businesses must tackle to help ensure employees are able to collaborate securely. It is common knowledge that video conferencing tools have gained popularity during the pandemic - it is, after all, a highly effective way to not only collaborate, but also to remain connected with friends and colleagues during a period of limited physical interaction. However, while these tools have a certain level of security in place, there have been high-profile instances of malicious actors accessing private video conferences. Businesses should remind employees to consciously check meeting links and call for multi-factor authentication (MFA) to confirm the identity of all meeting participants.

 

Finally, when it comes to making the shift to remote working, there is no one-size-fits-all solution. While it is encouraged for businesses, both large and small, to take advantage of the benefits of a hybrid/remote working arrangement, this is a significant undertaking with several risks. It is absolutely crucial for businesses to do a comprehensive needs assessment against available resources to make the right technological investments in order to provide the necessary tools for employees to work safely and securely no matter where they are.

*The terms “Hybrid” and “Remote” are used interchangeably throughout the article