CIO Asia: How well is the security industry, particularly in Asian countries like Singapore, Malaysia and Hong Kong, coping with the current growing sophistication of cyber threats?
John Vigouroux: Since 2007, the overall security industry has grown about 40 percent. However during this same timeframe, legacy security technology went from stopping 97 percent of all malware to stopping only 40 percent today. Consequently, the economic impact of cyber crime has grown by well over 400 percent, creating a worldwide cost impact in excess of US$100 billion*.
Looking at Asia, cyber crime is on the rise and the malware is becoming increasingly sophisticated, just like every other geography in the world. These cyber criminals worldwide are acting with near impunity as the chances of getting caught and prosecuted are minimal. Many countries in Asia have Computer Crimes Acts and associations like the Monetary Authority of Singapore — who help to not only combat the issue, but to also dissuade attacks by making them harder to successfully execute. However, even these focused efforts are not able to bridge the malware gap. It doesn’t matter where cyber criminals are physically located, they will always go after the easiest targets.
[*Based on M86 analysis of several different sources including the FBI/IC3 cyber crime statistics, 2011, FBI 2005 as well as a recent 2011 UK Government report (Detica).]
Why is the digital security environment becoming increasingly complex and sophisticated and how can the world’s governments unite to act against the cyber criminals?
There are two sides to this. Yes, the attacks and the layers of defence required to combat them are becoming more complex. However, for the cyber criminals, it is now easier than ever to get their hands on easy-to-use and fully supported tool kits, which are readily available on the Internet, that allow them to create and launch harmful and costly attacks.
The Internet is a platform which has a minimal level of governance and regulation, and it is very difficult for governments to agree upon jurisdictional boundaries. There is no dedicated "Internet Law Enforcement Agency" who is actively tracking, capturing and prosecuting those organisations involved in cyber crime.
What are the traditional geographic and political weaknesses that cyber criminals are now using to breach and compromise enterprise digital security?
Sign up for CIO Asia eNewsletters.