New Solutions for New Threats
Kunaciilan Nallappan, Senior Product Marketing Manager for F5 Networks, acknowledged the changes in the current web landscape. “Because the web has evolved a lot, the security challenges have evolved as well. Applications are dynamic, and so are the ways in which we access them,” he said. Nallappan highlighted web application firewalls, which were a new trend as a method to offload the security of the application. “It also makes a lot of sense from a security perspective,” he said. “There’s no point telling your boss ‘My site is secured—no one can access it!’ You want security for a purpose—for an optimal user experience. This is a security as well as a performance solution.”
Adli Abdul Wahid, Vice President of Cyber Security Responsive Services, Cyber Security Malaysia noted that viruses and malware had changed substantially, and that users needed to be aware of those changes. “Sometimes, users are surprised when we call them and tell them we see their computer as part of a botnet network, claiming there’s ‘nothing wrong’ with their computers. The idea that malware slows down the computer isn’t an accurate measure anymore,” he warned. “Bad guys can hire better programmers that make malware that sits quietly on your computer, and doesn’t affect its performance in any way. They like it that way.” He also cautioned that standard tools were often not up to the job of protecting against a targeted threat. “You have to remember that you’re defending against another human being with his own motives and capabilities. If you have a spam filter and antivirus, you can be sure they have one too,” he said.
Clarence Phua, Director of Sales for Sophos South Asia & Korea spoke on a similar topic. “Before, we used to see pranks and jokes but now it’s all financially driven. It’s all become very sophisticated, and [having a] faster Internet [now] doesn’t help either. [That] just makes them propagate faster,” he said. Phua cited the example of a group of hackers leaving attractive thumb drives loaded with invisible malware in the car parks of buildings housing big MNCs, enticing people to pick them up and start using them.
Chng of Ernst & Young, however, cautioned against the impulse to rush out and buy the latest and greatest solutions without proper planning. “It’s pointless to spend ten dollars to protect a five dollar asset, and if you do this, then you won’t get your budgets in future because you can’t demonstrate the value that you’re giving back to the organisation,” he said. “You need to be able to prioritise what’s important, and not be isolated. Talk to your business to find out what needs to be protected.”
Sign up for CIO Asia eNewsletters.