Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The evolving state of cybersecurity in Asia

Zafirah Salim | Aug. 11, 2014
In a roundtable discussion, Hugh Thompson and Brian Contos of Blue Coat discuss the current and future state of the security threat landscape, especially in the APAC region, and share some insight as to why they think the human factor is the biggest security challenge.

Sharing the same sentiments with Contos, Thompson stressed that there is a huge human factor involved in security.

"I can't emphasise how important it is for people to make good choices. If you look at how most of how advanced persistent threats are being played out, almost always there is a human element to it," he said. "A human who is an insider in the company who has cooperated with the attacker - not willingly, don't want to cause harm to the company, but they have been tricked, cajoled, or fooled - I think they are one of the key battlegrounds in security."

Future security landscape 

When asked about some major security threats that they foresee within the next year, Thompson pointed out that there will be a lot more attacks against embedded devices and systems.

"Most of these systems have been around for a very long time. When they were designed, they were never meant to be connected to a network beyond a trusted user. But now, connectivity has slowly crept in but the problem remains that these systems were never built with security in mind," he said.

"Another one that we've already seen is that it has become so cheap and so accessible to customise malware now. For example, if you are a big bank, you might just get a targeted piece of malware that's concentrated only on you. That has become a reality even for mid-sized businesses today. The tooling exists to modify even commodity malware very easily," he added.

Lastly, Thompson mentioned that we share so much of our lives online voluntarily, but there is also a set of information that we share online involuntarily. Since public records are now becoming digitised and searchable, it becomes easier to find out so much about someone without even meeting them in person. In the business context, this is very beneficial, but from the security perspective, this brings about the shift of "advanced attacks" becoming more social.

He explains that the attacker will log on to social networking platforms, such as LinkedIn, and try to sniff out information posted online such as who are the company administrators, where did they go for lunch, where did they go for their recent holiday et cetera. Having a barrage of information about the victim at hand allows them to craft a targeted attack, be it email or a phone call, on that person.

"The tooling is now available for these cybercriminals to attack at this scale. That's going to be a huge issue and I don't think the industry has dealt very well with that up to this point," he said.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.