"Social media is a great way to feel the ground, about consumer feedback, their thoughts, comments, etc. It's a good channel to reach out to customers," said Chng. "Organisations should embrace social media and mobile: coming up with the right policies and procedures. It's useless to block access to social media; it's about the right awareness."
In concluding Chng had some advice to information security professionals to implement an effective strategy:
- Link information security strategy to business strategy in critical areas of growth, innovation, optimisation, and protection.
- Demonstrate how information security can deliver business results—instead of looking at the existing landscape and how they can rework it, information security functions should undertake a fundamental redesign, allowing for innovation and incorporating new technologies.
- Execute the transformation by enabling the organisation to successfully and sustainably change the way information security is delivered through good leadership, proper business-IT alignment, execution of programmes, and adoption.
- Conduct a deep dive into the opportunities—and the risks—presented by social media, big data, cloud and mobile technologies.
Protecting the enterprise
Next to take the stage was Clement Lee, Security Consultant, Check Point Software Technologies, South Asia. Lee took the opportunity to present the Check Point 2013 Security Report, which contained findings from Check Point customers, threat cloud, SensorNet, and 3D reports, using existing Check Point gateways to identify the kinds of threats. The survey gathered responses from 888 companies, 1,494 gateways, and 120,000 of monitoring hours. Lee spent time to look at three main issues: threats to the organisation, the rise of risky enterprise applications, and data loss incidents in the network.
Photo: Clement Lee
"2012 was the year of hacktivism," said Lee, pointing to the appearance of the Anonymous group known for its brand of political activism, such as the Arab Spring uprising, expose of the Foxconn dire working conditions, and other revelations. More importantly, the survey found that 63 percent of organisations were infected with bots, which is one of APT's metamorphosis.
Based on Check Point's statistics, once a bot has broken into an organisation's system, it always on to communicate with its remote command and control centre on the average of every 21 minutes. Appallingly, exploit kits are easy to buy, said Lee. Rental costs (basic subscription) for a day costs about US$50, going up to US$500 for a month, to US$700 for three months. Such kits have been available since 2005.
How does malware get into an organisation's network? To that question, Lee pointed out that users might have gone to undesirable websites to be infected, as evidenced by Check Point's own findings that show, on average, a host accesses a malicious site every 23 minutes. About 53 percent of customers saw malware downloads, and most attacks originated from the US (based on customer reports).
Sign up for CIO Asia eNewsletters.