Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Remembering the vulnerabilities of last year and making security resolutions for 2015

David Siah, Country Manager, Trend Micro Singapore | Feb. 24, 2015
David Siah of Trend Micro Singapore identifies best practices for companies based on what we learned in 2014, some of which include securing critical systems and networks, and replacing traditional physical systems with cloud computing for security of sensitive data.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.


David Siah, Country Manager, Trend Micro Singapore

The new year is typically a time to take stock of the previous year and make resolutions moving forward. For the cyber security space, 2014 was a year which will be remembered for the escalated number of cyber attacks, with the total number of disclosed vulnerabilities for the year approaching the 10,000 mark. We saw major vulnerabilities like Heartbleed and Shellshock which caused severe impacts with their widespread attack surface. It also made it difficult for enterprises to patch their systems to defend themselves. The entertainment industry and corporations were also rocked by attacks, best illustrated by the hack of Sony Pictures. Copious amounts of data were leaked, which maimed the corporation and forced them to shut down their entire corporate network.

Many witnessed as victims grappled with an invisible enemy. It is because of these dangers that enterprises should learn from these situations and be reminded of what to avoid, what to improve, and what to anticipate. Below are tips to take note of when securing their systems against cyber attacks and threats:

Secure your data in the cloud and virtualized environments.

Cloud computing is a powerful capacity extender that is increasingly adopted by small, medium, and very large enterprises alike. And while users can expect a certain level of security under the "shared responsibility" model — such as in the way cloud service providers like Amazon Web Services run cloud services and infrastructure including physical hardware and facilities — users must not forget that access to data in the cloud can be wholly compromised at their end.

With so much money and time being invested into building private clouds and even virtual environments, companies will definitely want to maximize their investments and reap the benefits of efficiency and productivity. However, not protecting your data and these environments adequately reduces the return on investment (ROI) for organisations — as downtime and security breaches greatly impact how much an organisation can reap from what they've sown.

Secure your systems that connect to external environments

Any device that connects outside of itself can be hacked remotely as well. The most obvious example is that of retail and hospitality companies — with branches that make use of ubiquitous point of sale (PoS) systems — have been hacked into, leaking credit card information that will eventually end up being peddled in cybercriminal underground forums. Or like the case of JP Morgan last year, where a neglected server led to the largest intrusion of an American bank to date, reportedly reaching an estimated 76 million households and 7 million small businesses. The breach resulted in the compromise of sensitive customer data that included names, addresses, phone numbers, and email addresses, amongst others

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.