Photo - Eric Hoh, Vice President for Asia South Region, Symantec Corporation
The impact of PDPA
Privacy issues have littered the headlines in 2013, raising fundamental questions about the amount of personal information being shared and collected every day from service providers and professional groups to social networking sites. Just in October 2013, Symantec traced one of the largest data breaches globally in a number of years, where 150 million identities were exposed due to this one breach. This has more than doubled the number of identities exposed so far in 2013, when compared to our previous numbers through September. Of the reported breaches so far in this year, the top three types of information exposed are a person's real name, government ID number, and birth date.
In Malaysia, the Personal Data Protection Act 2010 which came into force on 15 November 2013, will have a big impact on how organisations manage and use their customer data. Companies need to stay ahead of legislative changes and compliance issues and act now to protect themselves. Organisations using personal data collected will have to comply with the Act within three months from the date of enforcement. The first year in enforcement of the Act is a critical period as organisations start to understand the requirements of the Act and take measures in compliance.
Also, as the Trans Pacific Partnership negotiations progress, access to information and international patent legislation will remain an area of focus. Legislative and compliance issues are also reaching the consumer-individuals need to care about encryption and privacy law and what information is being used for this new frontier.
Cyber crime has also made headlines in 2013 and will continue to be problematic for consumers and enterprises, both large and small. Whether it is ransomware, mobile cyber crime, app scams, exploiting niche social networks, corporate espionage or the move from mass cyber threats to more sophisticated and targetted attacks, there is no
doubt that cyber crime will continue to be an issue that consumers and enterprises will need to lookout for.
With the proliferation of smart mobile devices, information protection will continue to be a hot topic in 2014. What will emerge is an increasingly complex online security landscape, due to the consumerisation of smart devices and data aggregation of connected devices. In Malaysia, this issue will be crucial with more than 140 percent penetration of mobile phones.
These mobile devices will be connected to the Internet and in some cases, running an embedded operating system. Sounds far-fetched but the marketplace is already alive with them, and they will just get smarter and more connected. For cyber criminals, the lure of all these connected devices storing information and data is too sweet to resist.
Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. The security spotlight will shine not only on organisations, but also manufacturers of these devices and systems, as well as programmers who develop software for them. Users will expect notification of vulnerabilities, followed by patches. The Internet Of Everything is opening new doors to unchartered territory. Enterprises and consumers should take action now to safeguard their information and devices with robust security software.
A fine line
In addition, there is a fine line between business and personal use as professionals and consumers use their mobile devices for business and leisure. The 2013 Norton Report indicates that almost half of respondents are forgetting-or worse, ignoring-security on their smart phones and tablets, even as they understand its importance for their PCs. This security threat is further exacerbated when companies have not yet developed tight policies regarding the use of personal mobile devices or company computing assets, placing both employee and employer at higher risk.
Gartner has stated that most companies only have policies for employees accessing their networks through devices that are owned and managed solely by the company, and suggests that policies balance flexibility with confidentiality and privacy requirements.
Protecting the enterprise will continue to be a constant challenge. The online security landscape is fluid and cyber attacks have evolved in how they penetrate the enterprise.
According to Symantec's 2013 Internet Security Threat Report, there was a 42 percent increase in targeted attacks, but more worryingly, 31 percent of those were targeted at businesses with fewer than 250 employees. Small businesses are at the greatest risk from sophisticated attacks.
On enterprise data centre, understanding Software-Defined Data Centres (SDDC) is a trend to watch as the software-defined infrastructure becomes tangible. Many believe 2014 will be a year of education as customers come to understand the benefits of software-defined anything-compute, networking and storage-and overcome any challenges around trust and security.
The future data centre looks different from today. Heterogeneous and distributed data centres, information and workloads everywhere, shared resources, abstraction of hardware from software, delivery as hybrid clouds, and velocity of change. This new environment poses some new challenges-visibility, access control, aggregation of responsibility. Future data centres need insights and real-time dynamics to mitigate risks.
As social media and mobile devices proliferate, we're in the midst of an information explosion-the Big Data bang is here. Every minute, we create store and access complex data at an unprecedented scale. In fact, 90 percent of the world's data was created in the last two years. Many companies project that their information will grow at an incredible clip of 60 percent to 70 percent within one year. This free flow of data has created immense opportunities. But it's also opened the doors to new risks. As the Internet of Things, the cloud, real-time analytics and other technologies step out of our imaginations and into our lives, so too do a host of sophisticated threats that we must address, or risk progress.
Sign up for CIO Asia eNewsletters.