Fortinet Advises Macau Organizations to Step Up Cybersecurity on Three Fronts
snakenoodle9 20-04-2021, 11:30

MACAU - Media OutReach - 20 April 2021 - COVID-19 has been a catalyst for faster digital transformation across all sectors. As organizations have overcome the uncertainties and difficulties of the pandemic and achieved greater efficiency, new ways of working have also led to new cyber threats emerging to take advantage of the current situation.

On a typical day in 2020, Macau's Cybersecurity Incident Alert and Response Centre received 1,600 initial cybersecurity risk alerts. It also issued 38 warnings to critical information infrastructure operators last year. Macau recognizes the importance of cybersecurity and introduced the Macau Cybersecurity Law (MCSL) in 2019. Under the MCSL, public and private critical infrastructure operators have to maintain adequate management and security levels for their information networks and computer systems, adopt cybersecurity systems and establish reporting mechanisms.


To safeguard Macau organizations from cyberattacks while they push forward with digital transformation, Fortinet suggests three measures to step up cybersecurity capabilities.


1.    Adopt Zero-Trust Access and segmentation strategies

Ransomware remains a prevailing threat that can cause enormous loss of money and reputation, especially for healthcare, professional services, consumer services companies, public sector organizations and financial services firms. FortiGuard Labs data shows a sevenfold increase in ransomware activity in the second half of 2020 compared to the first half, with multiple trends responsible for this increased threat.

To effectively deal with the evolving risks of ransomware, organizations will need to ensure data backups are timely, complete, and secure off-site. Adopting zero-trust access and segmentation strategies can minimize risk and segmentation is especially critical when collecting and correlating large amounts of data in single and multiple network environments. Consistent policies across the network can more effectively manage and secure the movement of data and applications.


2.    Use an Automated Security Fabric Platform to safeguard the expanded digital attack surface

Under the MCSL, all critical infrastructure operators must adopt a cybersecurity management system and develop internal measures for monitoring and responding to security incidents. However, the increased use of personal devices for remote working outside the corporate network can make organizations vulnerable to cyber threats as it expands the attack surface.
An automated security fabric platform has become essential for organizations with increasingly complex network environments, enabling then to operate securely across the core network, multi-cloud environments, branch offices and remote workers. The platform minimizes risk by providing broad visibility and control over the entire potential digital attack surface. Powered by machine learning, this automation level looks out for new cyber threats, to enable speedy prevention, detection and responses.

3.    Provide education to overcome the cybersecurity skills gap

With increasing cyber threats and the implementation of the MCSL, the need for skilled cybersecurity professionals in Macau is more crucial than ever. According to the Center for Strategic and International Studies, global shortages in cybersecurity talent affect 82% of organizations. To address this skills gap and establish a more secure organization, education and training are fundamental, but they should be customized to address different roles' unique situation. The underlying principles of cybersecurity awareness should run as a common thread throughout every training program.


Cyber criminals are leveraging advances in computing power to create new and advanced threats at unprecedented speed and scale. To staying one step ahead of cyberthreats and comply with the MCSL, organizations must act now to maximize their investments in cybersecurity platforms designed to provide comprehensive visibility and protection across the entire digital infrastructure, including networked, application, multi-cloud, and mobile environments.