During an interview with Computerworld Malaysia , networking security and [intrusion prevention [IPS] specialist Sourcefire's Malaysia country manager, Ivan Wen advises that a new threat-centric approach was needed by the banking industry to try and manage the rapidly-increasing number and complexity of cyber crime as more people use Internet banking and other online financial services.
Photo - Ivan Wen, Country Manager of Sourcefire Malaysia.
Firstly: how serious is cyber crime in Malaysia and Asia Pacific compared to the U.S. or Japan and what are the trends?
Across APAC, cyber attacks have grown in frequency, severity and complexity. Many businesses count the number of attacks they face in the tens of thousands every week or month. Over the last two years, Malaysia's threat landscape has been relatively active. The region's malware infection rates and botnet drones were well above the worldwide average and Malaysia had the world's highest concentration of phishing sites. According to the recent MYCERT incident statistics, enterprise fraud and intrusion attempts have risen significantly with approximately 40-50 percent year on year growth.
These challenges are forcing companies to invest in innovative security technologies that enable visibility, automation and intelligence before lasting damage can occur to business and reputation. There are no silver bullets and security is no longer simply a question of building the walls around your business.
Increasingly, it is about looking at security from a defender's perspective, mapping an attack to a continuum consisting of three phases: before the attack, during an attack and after an attack.
How many people are using Internet banking in Malaysia, what is the status of cyber crime and fraud in Malaysia?
Internet banking has grown steadily in Malaysia since it was first introduced in June 2000, and is now offered by 29 banks in Malaysia. As of September last year, there were 12.8 million registered users, rising from 3.2 million in 2006 and eight million in 2009.
Within the region, the highest reported cyber crime was fraud, followed by cyber invasion attempts, spam, denial of service, content-related offences, malicious code and cyber defamation. Across Asia, we continue to see attacks, which deploy targeted, sophisticated approaches. While the motivation and, in most cases, the tactics employed by those responsible for these attacks are different, what has become increasingly apparent is that we now need to look at security in a new way.
To combat these attacks, defenders need a new threat-centric approach to security to address the full attack continuum - before, during and after an attack - with continuous visibility into indicators of compromise and retrospective security to quickly contain and stop the damage.
Sign up for CIO Asia eNewsletters.