There is a large, "black market" of sorts where criminal elements of cyber space can purchase zero day exploits for five figure sums. Many, zero days last an average of 365 days before they are rendered useless through patches. If we can find them earlier and patch them quicker, their value may drop, making the quest to find exploits less profitable.
How would BYOD impact businesses in the Asia Pacific region? What is BYOD's implications in terms of risk management, data protection, and data management?
BYOD programmes are clearly having a large impact on the IT landscape and one of the largest concerns over this so called mobile revolution is the security implications that BYOD policies bring into focus.
Businesses in APAC are looking towards BYOD as a means of improving employee morale as well as a way to keep costs down by reducing spending on IT devices such as smartphones and tablets. However, this opens a whole can of worms for the IT department.
Supporting BYOD means adding layers of complexity to your mobile support and security strategy. There are varying device types, different networks, mobile data security features as well as multiple OS platforms to contend with as well as the loss of control over the device itself.
Companies must ask themselves just how much control they have over their employees' devices and their networks. Can you remotely wipe company data if the device is lost or if the employee quits? Are you able to quickly install firewalls, intrusion detection and prevention systems on devices quickly and efficiently? Do you have the manpower to effectively monitor for anomalous traffic 24x7 on your networks? All these factors affect risk management, data management and protection.
Earlier, companies could control the security policies that were enforced on the devices that connected to its network. Even for the laptops that were carried home by the employees a basic level of security could be enforced. Now, with BYOD, the device is owned by the employee and it may not have the latest anti-virus software installed on it.
So when the person is outside the company network they can be tricked into downloading a malware on the system and then the system just becomes a conduit for bringing in the malware into the network. Now, just securing the perimeter is not sufficient, as attacks could be launched from within the networks from compromised devices.
What do organisations in Asia Pacific lack in terms of security awareness and strategy?
This answer depends on what sort of organisation we are discussing. If it is an organisation that operates overseas in Europe, the UK or the US, they are quite likely to be well versed in terms of data security compliance. However, being compliant does not necessarily mean being secure. It is simply the most basic sort of security one should have in place.
Sign up for CIO Asia eNewsletters.