Cybersecurity in Key Infrastructures: Key Findings
- Protecting governments and telecoms has taught Nexusguard that balancing technology, adaptability, and trust is essential for resilient infrastructure.
- Overengineering defenses often backfires, creating inefficiencies, latency, and higher costs. Simplicity and scalability win.
- Leaders must focus on fundamentals like MFA, access controls, and continuous improvement before chasing hype-driven solutions.
When governments and telecoms face some of the largest cyberattacks in the world, continuity is survival.
The stakes are rising: global damages from cybercrime are projected to reach $10.5 trillion annually by 2025, according to a Cybersecurity Ventures report.
For Nexusguard, which secures critical infrastructure against DDoS and other advanced threats, every lesson learned in these high-pressure environments translates into practical guidance for enterprises everywhere.
In an exclusive DesignRush interview, Nexusguard CEO Andy Ng shared what organizations can learn from protecting national infrastructure.
He also explained why overengineering defenses often backfires, and how leaders can make smarter, more resilient choices over the next 12 months.
Who is Andy Ng?
Andy Ng is the chief executive officer of Nexusguard and a global leader in DDoS mitigation. Based in Singapore, he brings decades of experience helping governments and telecoms stay resilient against cyber threats.
Balance Technology, Adaptability, and Trust to Build Resilience
Protecting national infrastructures and global telecoms against massive threats has shaped Nexusguard’s philosophy and offers a clear lesson for enterprises.
“Securing governments and telecoms has taught us that building resilient infrastructure requires a balance between technology, adaptability, and trust,” Ng says.
“It’s not just about handling threats, it’s about ensuring continuity for critical services under all circumstances.”
View this post on Instagram
That philosophy comes to life in Patriot Net, Nexusguard’s tailored solution for building sovereign, scalable defenses that evolve with threats and integrate seamlessly into national infrastructure.
It puts control and visibility in the hands of stakeholders, helping them manage operations independently and with confidence.
Patriot Net helps organizations stay online when the pressure is high and downtime simply isn't an option.
So what does it take to stay strong when everything’s on the line?
It starts with executing the basics. Here’s how.
1. Close the Execution Gap in Zero Trust
Many enterprises adopt the language of Zero Trust but struggle with execution.
Policies may exist on paper, yet breakdowns in training, process, or regular review leave vulnerabilities exposed.
Frameworks like PCI DSS or ISO 27001 provide guidance, but discipline makes the difference.
“The gap often lies in execution and human factors,” Ng notes.
He points out that even strong technical designs can fail if teams aren’t consistently trained and policies aren’t enforced.
2. Avoid Overengineering in DDoS Defense
When faced with growing cyber threats, some leaders overengineer defenses in ways that hurt performance and inflate costs.
Complex setups can introduce latency and blind spots instead of improving security.
View this post on Instagram
A better approach is simpler, scalable, and covers every layer: DNS, application, and network.
“A common pitfall is overengineering DDoS mitigation,” Ng warns. “These efforts can inadvertently weaken their defense by introducing inefficiencies.”
3. Prioritize Identity and Access Controls
Identity remains the cornerstone of enterprise security.
In the next 12 months, executives should focus on fundamentals like:
- Enforcing multi-factor authentication
- Removing dormant accounts, and
- Reducing excess access rights
Training frontline teams, especially helpdesk staff, is equally important for preventing mistakes.
“Enforce MFA for all accounts and remove dormant or unused accounts regularly,” Ng advises.
4. Learn From Real-World Cases
You only find out how resilient you are when you're tested for real.
In Sarawak, Malaysia, Nexusguard worked with telecom provider Irix and ICT agency SAINS to protect government services during a major infrastructure transition.
Concerns over disruption gave way to smoother operations and stronger defenses once real-time dashboards and managed DDoS protection were in place.
View this post on Instagram
The result: uninterrupted public services.
As Ng recalls, the collaboration “enabled a smooth transition to Irix’s Tier IV-certified data center with no service interruptions.”
5. Track the Right Metrics
Cybersecurity performance isn’t measured by how many tools are deployed, but by whether defenses actually work when needed.
Metrics that matter include the number of attacks blocked before they reach customers, the speed of detection and response, and how clean the traffic is after mitigation.
Ng stresses the importance of speed.
“Every second we save reduces downtime and impact for the customer,” he says.
6. Borrow From Continuous Improvement
The best models for cybersecurity sometimes come from outside the industry.
Ng points to Toyota’s Kaizen philosophy, “continuous improvement,” as a guide for refining processes.
Each attack becomes an opportunity to learn, update playbooks, and strengthen defenses for the entire ecosystem.
“Every time we face a DDoS attack, we don’t just block it and move on. We dig into what happened, tweak our detection templates, adjust our playbooks, and then share those updates,” he explains.
7. Be Honest About Zero Trust Challenges
Zero Trust and passwordless solutions are often marketed as quick wins, but in reality, large-scale adoption is slow, political, and messy.
Legacy systems and exceptions make it a years-long process.
View this post on Instagram
Ng stresses that honesty about these challenges is key for progress.
“I wish more leaders would admit that Zero Trust and passwordless at scale are not these clean, one-year transformation projects,” he says.
Turning Cyber Pressure Into a Resilience Strategy
Cyber resilience is about balance. This means blending strong technology with adaptability, trust, and simplicity.
Whether protecting governments, telecoms, or enterprises, the principles remain the same.
Stick to the essentials, track what works, and treat improvement as a habit, not a one-time fix.
Cybersecurity FAQs
What’s the biggest mistake companies make with DDoS defense?
Overengineering defenses. Complex setups often add latency and costs without improving protection.
A simpler, scalable approach that secures DNS, application, and network layers is more effective.
What should executives prioritize in the next 12 months?
Enforce MFA for all accounts, remove dormant accounts, review access rights monthly, and train frontline staff to prevent identity mistakes.
How does Nexusguard measure if defenses are working?
By tracking how many attacks are blocked before reaching customers, how fast attacks are mitigated, and how clean traffic remains after mitigation.
What long-term shift could change the future of DDoS defense?
Embedding multi-tenant DDoS mitigation into telecom infrastructure itself, making it a default service for entire networks rather than a separate add-on for customers.
