Hybrid Workers Face Higher Risk of Becoming Victims of Cybercrime
Coinhako’s Chief Information Security Officer Pasi Koistinen shares insights on the increasing adaptability of cyber threats as hybrid work uptake increases
With 23 years under his belt as CISO and head of security across several companies, Pasi Koistinen now holds the post of Chief Information Security Officer of Coinhako, Singapore’s market-leading crypto platform.
Koistinen drives Coinhako’s information security policies and is responsible for developing and establishing a world-class security framework to prevent, assess, and tackle internal and external threats to the company. In line with his impressive range of experience, he previously co-founded two cybersecurity companies, Cyber Intelligence House in Singapore and Silverskin Information security in Finland.
Ahead of his keynote presentation at CISO Singapore 2022, we asked Koistinen to share his insights into current information security risks and positive trends that have emerged from our resilience and persistence against bad actors.
Highlighting the seriousness of today’s threat landscape, Koistinen opened up about the way cyber security leaders have had to face numerous aggressive hacking manoeuvres, particularly supply chain-related attacks, and more polished and damaging phishing assaults.
Most of today’s threats have been around for a long time, but there are certain vectors that Koistinen is keeping a close eye on.
Supply Chain Risk Woes
Supply chain security and exposure is universally held as a critical risk point for organisations working towards greater control over hackers and bad vectors.
“Today’s norm of hybrid working arrangement means companies often rely on cloud services and remote connectivity via VPN/network providers. To target the company, cybercriminals get around the target’s security systems by infiltrating less-protected third-party networks which have access to the target company,” Koistinen says.
“Also, attack vectors can be related to the tech stacks and services that companies use in their service provisioning.
“For example, it could be an off-the-shelf software product that we’ve been using for quite some time, which gets tainted by malicious code and is used to stage cyber attacks on our business.”
To top it off, Koistinen says it could also be a vendor-related risk, where a vendor's employee or subcontractor has access to some data and then misuses that access.
Lures Look Legitimate and Convince Victims
Another challenge is the prevalence of social engineering attacks, particularly in the form of whale and spear phishing.
“Hackers are getting very proficient in crafting messages which look and feel authentic. Also, hackers are paying more attention to using more accurate forged sender addresses compared to the past, where forged addresses are quite distinctly fake. As the world moves into an increasingly hybrid work environment, employees might not have the option to check in with colleagues for a second opinion on suspicious emails,” he says.
The lack of human interaction can also result in employees being more careless on clicking malicious links.
“This is because they are not aware of who’s who. If the email seems like it is from a legitimate colleague, they might be more likely to click on it.”
Stronger Security Measures are at Play
Not all is bleak, with the cyber security industry taking positive steps in the direction of better understanding, more willingness to invest, and increased vigilance. Koistinen believes that the sector is prepared to rise to the challenge if they remain consistent with their purpose.
“Through the years, the level of understanding of cybersecurity threats has increased substantially and companies are now more vigilant and prepared in dealing with cyber threats. It helps that companies are also more willing to invest in services and infrastructure to strengthen their cybersecurity” he says.
However, Koistinen highlights the need to remain vigilant and that security is an ongoing endeavour for all.
“Our increasing resilience compels hackers to develop newer and more innovative ways to find the route of least resistance in penetrating a company’s infrastructure. As such, cybersecurity professionals need to remain updated on new modes of attacks and be prompt and adaptable in dealing with such threats.”
The Future of Tomorrow’s Cyber Frontier
When asked about lessons he would impart on the cyber security leaders of tomorrow, Koistinen says continued education and stress testing is the way to go forward.
“It’s paramount to have robust security management processes but do not stop stress testing these measures. It’s through continuous testing that we find the lapses in our defences. No matter how trivial these lapses may seem, our defence is only as strong as our weakest link. Continually educate yourself and expand your knowledge. Hackers are constantly developing new methods and systems to get an advantage,” he stresses.
“It’s only through continual education that we can stay on top of the latest developments and develop innovative strategies to deal with modern cyber threats. Also, due to the complexity of modern cyber threats, being able to take on a non-linear thinking approach can help in strategising and dealing with them.”
Insights and Takeaways
Koistinen will be delivering a keynote presentation at the upcoming CISO Singapore 2022, taking place at Grand Copthorne Waterfront, Singapore on the 21st and 22nd of September.
His talk will focus on cybersecurity in the crypto space, with detailed insights into developments in crypto-related technology as well as the growth of new crypto ecosystems including Web3.0, metaverse, decentralised finance, and NFTs.
Koistinen will share insights into navigating challenges in the evolving crypto space and how adopting various strategies could help organisations initiate a comprehensive 360 approach to prevent, detect, and manage such cybersecurity risks.
When asked about what he is most looking forward to at CISO Singapore 2022, he says that the people and the takeaways are the highlights for him.
“CISO Singapore brings together cybersecurity experts and innovators and I’m looking forward to gaining new insights from fellow executives and professionals.”
Don't miss the opportunity to see Pasi Koistinen and other cyber security leaders present at CISO Singapore 2022 in September. Click here to download the agenda.