The WannaCry ransomware that hit more than 230,000 systems across the globe within a day of its launch should give you an idea of how vulnerable most organisations are, despite the many advanced security tools available today.
It was thus timely for IT and cybersecurity professionals to come together at the Computerworld Singapore Security Summit 2017 to learn about the current and upcoming threats, and how to counteract them.
Even though WannaCry received a lot of attention, some security experts claimed that it is not as sophisticated as other ransomware/malware campaigns. Stephan Schweizer, head of NEVIS, AdNovum Informatik, shared that modern/upcoming malware will be more resilient and difficult to detect. Such malware could " adapt if the browser/webpage changes, and may have layers of defence to protect itself from reverse engineering".
Besides ransomware and malware, whaling and distributed denial-of-service (DDoS) attacks are some of the top cybersecurity threats for digital businesses, said Neville Burdan, general manager for Security, Dimension Data Asia Pacific. Also known as CEO fraud, whaling is a variant of phishing scams in which fraudsters masquerade as a C-level executive and ask an employee to transfer money. Whaling is fast becoming a serious issue, with the U.S. Federal Bureau of Investigation (FBI) announcing last April that companies are losing more than US$2.3 billion over the past three years to such scams.
As for DDoS attacks, Neustar's study revealed that globally, the average attack size in the first quarter of this year was more than 10 gigabits per second (Gbps). Organisations globally seem to be struggling to detect and respond to such DDoS attacks.
Robin Schmitt, general manager - Australia (APAC), Neustar, commented: "Globally, more than a third (35 percent) of organisations were informed that they were under DDoS attacks by their customers. In Asia Pacific, only 17 percent of organisations said they detected DDoS attacks in less than 1 hour. The majority of them (69 percent) took between 1 to 5 hours. There is a slight improvement when it comes to mitigation, with 20 percent of them taking less than 1 hour and 64 percent taking 1 to 5 hours," said Schmitt.
Meanwhile, Craig Smith, research director of transportation security, Rapid7, said the increased adoption of Internet of Things (IoT) opens up an avenue for cyber attackers. Connected devices usually contain vulnerabilities as manufacturers tend to focus on developing the core features of the device and put security as a low priority.
The rise of fintech may also result in increased cybersecurity threats and attacks. Chia Hock Lai, president, Singapore Fintech Association, explained that similar to IoT manufacturers, fintech startups may focus too much on the fintech-related features that they neglect the security aspects of their product.
Sign up for CIO Asia eNewsletters.