sb-as logo
Story image

Enterprise security trends for APAC

By 2020, four billion people will be online, 50 billion devices will be connected to the internet and data volumes will be an astounding 50 times greater than what we are seeing today.

That’s according to Pierre Noel, chief security officer and advisor, Microsoft Asia, ahead of the CommunicAsia2016 Summit.

“This enormous explosion of connected devices and data flows and the complexity that comes with it, will make it more challenging than ever before for individuals, organisations and nations to protect themselves against cyberattacks - with greater complexity comes greater risk of malicious attacks and security exposure,” Noel explains.

Noel says that while there will always be new threats, new attacks and new technologies to keep an eye on, there are some security trends businesses in Asia Pacific should know about.

Mobile Malware

“As security threats continue to dominate news cycles, this year will be one where we see cybercriminals focus on targeting mobile devices by attacking underlying operating systems and releasing more malware-infected apps,” says Noel.

According to Noel, China leads the world in the number of mobile users, and malware on these devices will surface as a huge problem.

A study by Tsinghua University, Microsoft Research, and China's Ministry of Science and Technology found that only a quarter of apps in the country's local app stores are safe.

“The adoption of mobile payment systems will also lead to a surge in hack activity related to stealing information from new payment processing technologies like EMV credit cards, contactless RFID smart cards, and mobile wallets,” Noel adds.

Online extortion and hacktivism

According to TrendMicro, a Microsoft Partner, rapid growth in online extortion and hacktivism is expected this year, with more sophisticated ways of stealing information and gaining control of web-enabled devices being realised.

“Malware programmes like ransomware, are potentially one of the most dangerous types of computer malware and might be used more frequently by hacktivists in order to encrypt the victim's personal information like photos or conversations and extort money online to regain control of online accounts and devices,” Noel says.

Password recovery scams, including spear phishing and smishing

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organisation, seeking unauthorised access to confidential data.

“Spear phishing attempts are not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information,” Noel says.

He says that because phishing attacks are no longer limited to email, SMS phishing (smishing) is becoming more common, especially by hackers creating password recovery scams.

“A criminal hacker only needs a victim's email address and a mobile phone number to start a password recovery process and compromise their account,” Noel explains.

A New Approach To Cybersecurity

“Ultimately, as Microsoft CEO Satya Nadella highlighted just last November, the digital world we live in today requires a new approach to how we protect, detect and respond to security threats,” says Noel.

“Companies must evolve from a simple, ‘protect and recover’ model to a more holistic protect, detect and respond posture that utilises real-time insights and predictive intelligence across networks to stay ahead of threats,” he says.

Noel says the current wave of cybersecurity evolution is centred around collecting actionable intelligence, to remain ahead of threats.

“Attacks such as Ransomware are targeted and follow certain patterns, Malware for example, tends to morph rapidly. To stay ahead of these threats, we need to make full use of the cloud to collect and analyse such information that will tell us what to expect, and where to expect it,” Noel explains.

“At the same time, it is also critical for companies to strengthen their core security hygiene; adopt modern platforms and comprehensive identity, security and management solutions; and leverage features offered within cloud services,” he says.

“It is just as important to create education and awareness across employee populations in order to build and sustain a pervasive security culture.

“While organisations across the region are in various states of readiness with regards to cybersecurity, I remain optimistic as we see more organisations, government and non-governmental companies alike, making cybersecurity a priority and cooperating closely to ensure cyber threats are identified and dealt with quickly,” says Noel.

Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Attack from DOS: In Zero We Trust
In combination with malware, DDoS attacks on banks have been used to cause distraction so the transfer of stolen funds goes unnoticed. More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More