Photo - Albert Chai, Country Manager, Cisco Malaysia.
As Cisco's latest Annual Security report confirms the increasing sophistication of cyber-attacks, Malaysian companies should work more closely with government agencies like CyberSecurity Malaysia, said the networking solutions firm.
Cisco Malaysia's country manager, Albert Chai, said the report points to a widening gulf between security perception and actual readiness. The Cisco Security Capabilities Benchmark survey showed that 60 percent of the respondents are not patching and only 10 percent of Internet Explorer users run the latest version, yet 90 percent of respondents said they are 'confident' in their cybersecurity capabilities.
Organisations in Malaysia need a simpler, scalable, threat-centric approach that addressed security across the entire attack continuum - before, during, and after an attack. To achieve this, it is critical for public and private sector to continue working closely in continued enhancements in preventing breaches and protecting users' privacy and keeping their data safe and secure, he said.
"Security concerns are still among the prominent challenges that we face in driving the widespread adoption of Internet of Everything (IoE) in Malaysia," said Chai. "The recent hacking cases involving an aviation company and popular social media sites did little to boost confidence in the security of data uploaded online where confidential information is left vulnerable to thefts."
"As today's cyber-attacks become increasingly sophisticated, organisations need a simpler, scalable, threat-centric approach that addresses security across the entire attack continuum - before, during, and after an attack," he said.
"For this to happen, companies in Malaysia must work hand in hand with government agencies such as CyberSecurity Malaysia to ensure that a systematic approach is taken to address security concerns thereby enabling the country to reap the value of increasing connectivity," said Chai.
"A close partnership between the public and private sector will enhance the continuous effort in preventing breaches and protecting users' privacy and keeping their data safe and secure," he said.
All hands on deck
John N. Stewart, senior vice president, chief security and trust officer, Cisco, said: "Security needs an 'all hands on deck' approach, where everybody contributes, from the board room to individual users. We used to worry about DoS, now we also worry about data destruction."
"We once worried about IP theft, now we worry about critical services failure," said Stewart. "Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight. Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind."
"Online services must be run with resiliency in mind, and all of these moves must happen now to tip the scales and protect our future. It requires leadership, cooperation, and accountability like never seen before in our industry," he said.
"Attackers have become more proficient at taking advantage of security gaps," said Cisco principal engineer, security business group, Jason Brvenik. "We observed that 56 percent of all OpenSSL versions still remain vulnerable to Heartbleed and that major attacks are only leveraging 1 percent of high-urgency vulnerabilities at any given time."
"Despite this, we see less than half of the security teams surveyed using standard tools like patching and configuration management to help prevent security breaches." said Brvenik. "Even with leading security technology, excellence in process is required to protect organisations and users from increasingly sophisticated attacks and campaigns."
The report said that cyber criminals were expanding their tactics and adapting their techniques to carry out cyber-attack campaigns in ways that make it harder to detect and analyse.
The top three trends last year that Cisco's threat intelligence has identified are:
- Snowshoe Spam: Emerging as a preferred strike method, attackers are sending low volumes of spam from a large set of IP addresses to avoid detection, creating an opportunity to leverage compromised accounts in multiple ways.
- Web Exploits Hiding in Plain Sight: Widely used exploit kits are getting dismantled by security companies in short order. As a result, online criminals are using other less common kits to successfully carry out their tactics - a sustainable business model as it does not attract too much attention.
Sign up for CIO Asia eNewsletters.