It is no longer unusual to hear news on cyber attacks almost every month. Just last week, it was reported that 'The Messiah' hacked a part of The Straits Times' website, and groups claiming to be part of the international activist group Anonymous defaced dozens of websites belonging to Australian businesses and Philippine government agencies.
All these incidents indicate that no organisation is safe from cyber attacks. Organisations should thus continually review their security policies and solutions to minimise the risk of being attacked. Jeff Hurmuses, vice president of APAC at Barracuda Networks, and Scott Robertson, vice president of Asia Pacific at WatchGuard Technologies, share their views on the types of common security attacks and how they occur. They also address why it is important for organisations to be more proactive in protecting themselves from cyber attacks.
Jeff Hurmuses, vice president of APAC at Barracuda Networks
Scott Robertson, vice president of Asia Pacific at WatchGuard Technologies
Q: What type of security attacks are more commonly seen today in the Asia Pacific region? Is it the same for other parts of the world? Why?
Jeff Hurmuses (JH): There are two types of common threats. One where the hacker is trying to hack into any server / computer with the intent of making it either a part of a larger botnet or as a host for serving malware or a part of that chain. The second type of threat is a focused threat where the attacks are targeted towards a specific organisation.
As Asian nations continue to improve their networks and the computing power of personal computers catch up with those in other developed nations, it is likely that we will see more computers in the region being targeted by bot herders. Nations with faster Internet speeds and higher computing power tend to be more attractive targets for bot herders looking to increase their botnet armies.
There are advanced persistent threats (APTs) where a group or organisation actively targets a specific entity. These groups normally have a high level of ability and the resources available to persistently attack a single company. Companies at risk of being the target of APTs tend to be those that hold a large amount of personally identifiable information. These include the likes of banks and other financial institutions as well as institutes of higher learning.
Data theft is also rife in the region. Hackers are interested in the data that you hold. Customers' credit card numbers, their social security numbers and other parts of personally identifiable information (PII) is of interest as these pieces of information can be sold in the cyber black market.
Sign up for CIO Asia eNewsletters.