PHOTO - (From left) Nigel Tan, Principal Technical Consultant, Symantec; and Raymond Goh, Senior Regional Director for Systems Engineering and Alliances in Asia South Region, Symantec.
According to security solutions provider Symantec Malaysia's latest annual internet security report, Malaysia is ranked at #38 globally, but notes there has been a significant increase of attacks via mobile devices and an increasing focus on smaller companies.
Symantec senior regional director for systems engineering and alliances in Asia South Region, Raymond Goh said the findings of its Internet Security Threat Report, Volume 17, showed that while the number of vulnerabilities decreased by 20 percent, the number of malicious attacks continued to skyrocket by 81 percent globally.
In addition, the report highlights that advanced targeted attacks are spreading to organisations of all sizes and variety of personnel, data breaches are increasing, and that attackers are focusing on mobile threats, said Goh.
"Symantec has observed a large increase in malicious Internet attacks through mobile devices, making these devices a viable platform for attackers to leverage in targeting sensitive data, especially if they are used to store corporate information," he said.
"With the increasing mobile penetration in Malaysia, organisations need to be vigilant in protecting their confidential information on these devices as cybercriminals are latching on to this growing mobility trend and taking advantage of the ubiquity of smart mobile devices to gain access to sensitive corporate information," said Goh.
"While Malaysia is ranked 38th among countries globally on Internet threat activities, we should continue to take proactive initiatives to secure and manage critical information from a variety of security risks today,' he said. "Top growing trends that organisations in Malaysia should watch out for in today's threat landscape includes advanced targeted attacks, mobile threats, malware attacks and data breaches," he added.
Targets include smaller companies
"Cybercriminals have greatly widened their reach beyond large enterprises, with nearly 20 percent of targeted attacks now directed at companies with fewer than 250 employees," said Symantec principal consultant, Asia South region, Nigel Tan.
"Smaller companies are now being targeted as a stepping stone to a larger organisation because they may be in the partner ecosystem and less well-defended," said Tan. "Targeted attacks are a risk for businesses of all sizes - no one is immune to these attacks. Therefore, having a comprehensive security policy and keeping up with industry-standard best practices would go a long way towards ensuring that Malaysian organisations stay safe in the connected world."
Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year, he said. "In addition, the number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36 percent."
"At the same time, spam levels fell considerably and new vulnerabilities discovered decreased by 20 percent," said Tan. "These statistics, compared to the continued growth in malware, paint an interesting picture. Attackers have embraced easy to use attack toolkits to efficiently leverage existing vulnerabilities."
Turning to social networks and mobile devices
"Cyber criminals are also turning to social networks to launch their attacks," said Tan. "The very nature of these networks makes users incorrectly assume they are not at risk and attackers are using these sites to target new victims. Due to social engineering techniques and the viral nature of social networks, it's much easier for threats to spread from one person to the next."
"Targeted attacks are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011," he added. "Targeted attacks use social engineering and customised malware to gain unauthorised access to sensitive information. These advanced attacks have traditionally focused on public sector and government; however, in 2011, targeted attacks diversified."
"In addition, about 1.1 million identities were stolen per data breach on average in 2011, a dramatic increase over the amount seen in any other year," said Tan. "Hacking incidents posed the greatest threat, exposing 187 million identities in 2011-the greatest number for any type of breach last year. However, the most frequent cause of data breaches that could facilitate identity theft was theft or loss of a computer or other medium on which data is stored or transmitted, such as a smartphone, USB key or a backup device. These theft-or loss-related breaches exposed 18.5 million identities."
"As tablets and smartphones continue to outsell PCs, more sensitive information will be available on mobile devices," he said. "Workers are bringing their smartphones and tablets into the corporate environment faster than many organisations are able to secure and manage them. This may lead to an increase in data breaches as lost mobile devices present risks to information if not properly protected. Recent research by Symantec shows that 50 percent of lost phones will not be returned and 96 percent (including those returned) will experience a data breach."
Sign up for CIO Asia eNewsletters.