Investing in anti-virus software is no longer enough to counter cyber attacks on vital data systems, especially if national security is at stake.
This was what Trend Micro security experts said as they urged the Philippine government to draw up a defense plan against cyber attacks. "Look at what your neighbors are doing and what they are investing in to combat computer attacks," they said, adding that the country has to go beyond anti-virus software.
Fresh from their investigations of recent cyber attacks in South Korea and Taiwan, Trend Micro's global monitoring team said they have observed an alarming rise in advanced persistent threats (APTs).
"Advanced persistent threats are stealthier and more sophisticated than ever, using insidious social engineering techniques to quietly penetrate your organization to deploy customized malware that can live undetected for months," the team said.
"Then when you are least expecting it, cyber criminals can remotely and covertly steal your valuable information--from credit card data to the more lucrative intellectual property or government secrets--potentially destroying your competitive advantage, or, in the case of government, even putting national security at risk," it warned.
At a roundtable meeting with some lT security media, Richard Sheng, senior director of enterprise security at Trend Micro Inc., Asia Pacific, cited email as still a top attack vector in targeted attacks.
Every customized attack will need a customized defense strategy and a well-defined incidence response plan, he said, "We are blind against the attacks," he pointed out. "In the region, there is a lack of awareness, of understanding how data breaches take place nowadays."
He added that in the case of targeted attacks, "you have to assume you will be compromised."
In a recent gathering of government agencies representatives held at Solaire Casino and Resort in Pasay City, Sheng said that to stop spear-phishing for instance, enterprises need to integrate Sandbox technology into their email gateway.
Describing the usual practice cyber criminals use, he said: "A spear-phishing email is sent to an employee. The email contains a malicious attachment. However, with network-based Sandbox analysis, Trend Micro Deep Discover Inspector (DDI) solution then detects the suspicious email and identifies its attachment as a Trojan downloader."
Sheng continued: "Today's most damaging attacks are targeted specifically at your people, your systems, your vulnerabilities, and your data. Trend Micro, he said, provides proactive security that fits the threat landscape and supports varying IT infrastructure, partner ecosystems, and customer needs.
At the heart of Trend Micro's ability to deliver timely threat intelligence, service and support to its global customer base is TrendLabs, its global technical support and research and development headquarters that is based in Ortigas, Pasig.
Sheng said the Philippines has a "homecourt advantage" because the company need not fly its experts in. Established in the country in 1998, TrendLabs now houses over 1,000 cloud security and anti-malware experts, including support engineers all deployed in round-the-clock operations.
Sign up for CIO Asia eNewsletters.