During an interview with Computerworld Malaysia, security solutions firm WatchGuard's Asia Pacific vice president Scott Robertson outlined the increasing trend of industrial espionage in today's cyber threat landscape.
Photo - Scott Robertson, Vice President, Asia Pacific, WatchGuard.
Could you a brief rundown of the issues behind the increase of industrial espionage?
Industrial espionage is rapidly becoming a "popular" cyber crime especially in commerce and industry. It is described as an unfair trading practice and publicly identified as a crime, especially in economies where intellectual property is valued highly.
Industrial espionage is the act of misappropriating company critical, proprietary and valuable information, most frequently with regards to innovation where significant money and time has been invested.
This investment may have been to develop new technologies, manufacturing, methodologies or products and practices. As a result of increasing competition and the fact that many economies are rapidly becoming digital economies, industrial espionage has been rising steadily. Any leverage in manufacturing, time to market and costs savings is a competitive advantage for companies in this current economic position.
In Malaysia, as enterprises embrace technology and e-commerce to compete in the world stage where China is seen as the manufacturing factory of the world, Malaysian manufacturers are finding that they are being targeted. Mission critical information and data is being extracted through illegal access as a result of hacking into the company's information system, made easier today through the multiple information platforms that enterprises use to communicate.
Being able to manage the e-mail, social media and other online platforms, is becoming extremely critical to information security for enterprises. Malaysian companies, especially, must recognise that e-mail and other online communications tools including social media open up vulnerabilities that may give easy access to malicious malware, agents and hackers.
Are you able to include any local (regional and/or Malaysian) examples of such incidents?
The most recent and high profile incident was when hackers gained access to Malaysian government agencies sites and initiated a Denial of Service (DOS) actions. This is a worrying development as these hackers could have easily gained access to government or mission critical sites to take control of vital utilities including the power grid, water and sewage and telecommunications.
In what ways can enterprises mitigate or prevent such breaches when dealing with their staff, especially when managing the practice of BYOD [bring your own device]?
The key to mitigating breaches is to ensure that the policies around security are well managed and addressed. Educating and maintaining a strict management policy on information that can be transacted, exchanged or transferred is critical.
Obviously the appropriate applications, including threat management solutions, are vital to managing security. Threat management solutions enable companies to manage the various ports, especially social media and e-mail servers effectively. By plugging the company's BYOD programme into this agreed system, the company will be better placed to manage threats and breaches.
Another notable fact about breach occurrence is that, according to industry data, 95 percent of all breaches is due to misconfigured firewalls, which means users can't figure out how to use the gear they currently have. This is the number one cause of problems when it comes to a breach, rather than 'poor performance' or 'lacking of advanced features'.
Could you illustrate the effectiveness of your solution/recommended approach with some recent examples (preferably in this region including Malaysia, if appropriate)?
For example, the most recent Java security vulnerability (virus) was swiftly picked up by anti-virus software vendors Kaspersky and AVG. The other vendors; Trend Micro and McAfee were slower to market with the announcements and patches for their customer base.
As a result many enterprises whose threat management applications and firewalls depended on Trend Micro and McAfee were left exposed and vulnerable to the breach despite having a firewall in place.
WatchGuard works with multiple software vendors both collaborating and embedding their technologies into the threat management applications and firewalls.
Sign up for CIO Asia eNewsletters.