'Zero day attacks' and other advanced threats are changing the cyber security landscape in Asia and beyond, says Anshuman Singh, Group Product Manager, Barracuda Networks.
How has the threat landscape changed over the years? What are the threats uppermost in the minds of security professionals?
The monetisation of hacking has permanently changed the threat landscape for the foreseeable future.
Cyber security is no longer an arena where paid professionals square off against talented hobbyists. It is now a battleground where trained professionals duke it out in a never-ending race to find and exploit or patch every possible hole in security infrastructure. Hackers are banding together and forming teams that carry out coordinated attacks. This has also led to them using more advanced and sophisticated attack vectors.
Right now, a big concern for many security professionals are "zero day attacks", which are undiscovered exploits and bugs in the software or hardware stack. Testing and securing software can be a challenge and finding all the bugs in your own software is not a guaranteed thing.
Defending against advanced persistent threats is another large concern. In the past, most hackers were individuals operating independently. With the advent of cyber warfare and the rapid monetisation of hacking, larger highly collaborative groups are able to actively coordinate efficient and organised attacks on companies.
Also, while DDoS attacks have been around for the longest time, they are morphing from being only a network layer phenomenon to being an application layer construct. Today they are an even bigger threat to businesses especially with increasing amounts of business transactions being moved online. Every time ecommerce functions go down, you are losing potential revenue gains. The problem is so severe that financial institutions have even started switching to "always on" DDoS mitigation.
What are some of the most active threats in the Asia Pacific region?
There are advanced persistent threats (APTs) where a group or organisation actively targets a specific entity. These groups normally have a high level of ability and the resources available to persistently attack a single company. Companies at risk of being the target of APTs tend to be those that hold a large amount of personally identifiable information. These include the likes of banks and other financial institutions as well as institutes of higher learning.
Another active threat in APAC would be botnets. As Asian nations continue to improve their networks and the computing power of personal computers catch up with those in other developed nations, it is likely that we will see more computers in the region being targeted by bot herders. Nations with faster Internet speeds and higher computing power tend to be more attractive targets for bot herders looking to increase their botnet armies.
Sign up for CIO Asia eNewsletters.