Cybersecurity is about people too: FortiGuard strategist
By Benjamin Cher August 10, 2015
- Internal threat like disgruntled employee more dangerous, treat your people right
- Threat intelligence and sharing crucial; Asia’s readiness varies by sector
CONVERSATIONS about IT security often revolve around technology and processes, and rarely about a third critical element: People.
That’s a mistake, according to Jack Chan (pic above), a security strategist at Fortinet Inc’s FortiGuard Labs. “Security technology, processes and people – all three have to work hand-in-hand.
“Deploying defence technology to detect [malware] is important,” he said, but so is “hiring the right people and treating them in the right way so you don’t get disgruntled employees targeting your system.”
An attack from an employee would be more devastating than an external attack as the employee would probably have key inside information, Chan argued.
The threat landscape in Asia however still points towards external attacks being a greater threat, he told Digital News Asia (DNA) on the sidelines of the recent RSA Conference Asia Pacific and Japan (RSAC APJ) 2015, which featured more than 90 exhibitors and over 4,900 attendees.
In gathering its threat intelligence, Fortinet collects and collates information on malware, intrusions and botnets. Utilising big data analytics, threat intelligence can show emerging trends and attack vectors.
Chan said that this kind of data mining has allowed Fortinet to gather insights into the threat landscape and trends in Asia.
For example, in Singapore, the top malware detected was the W32/Injector, which was different from the rest of Asia where the top malware was the W32/Backdoor.Prosiak. Globally, VBS/Rammit.SMC was the ‘top hit.’
“We … share threat intelligence, whether with organisations or different ISACs (Information Sharing and Analysis Centres),” said Chan. “We share such information not only with our customers, but with the wider community.”
An ISAC is a nonprofit organisation that acts as platform and central resource for gathering information on cyberthreats to critical infrastructure – there are various ISACs devoted to public transport, financial services and others.
Fortinet is also a founding member of the Cyber Threat Alliance, which comprises cybersecurity practitioners from organisations that have chosen to work together to share threat information to improve defences. Other members include Intel Security, Palo Alto Networks, and Symantec.
APTs in Asia, BYOD challenges
Meanwhile, according to Chan, advanced persistent threats (APTs) are on the rise in Asia.
APTs are sophisticated attacks on networks designed to monitor and extract data over a long period of time.
One of the ways these attacks target endpoints is via emails, either phishing a user to give up his or her username and password, or via a link that downloads malware to the user’s system.
The increasing use of mobility, the Bring Your Own Device (BYOD) trend, and even the Internet of Things (IoT) in the enterprise – all pose challenges for security.
Detecting malware on mobile devices is now more important than before, Chan said, as these devices can now access the entire enterprise network.
The BYOD trend is also changing the security mindset at enterprises, as blanket security policies would not be as effective as they used to be.
The key is to focus on device security, Chan said, as this allows enterprises to track the use of individual devices on their networks.
“One area we are very focused on is secure WANs (wide area networks),” he said.
“While BYOD is facilitated by WANs, the ability to detect the usage of software is quite important and [needs to be] built into all security engines,” he added.
On the IoT front, with devices increasingly touting Internet connectivity, vulnerabilities and exploits lay in plain sight.
“With the IoT, anything can be on the Internet, whether it’s your fridge, your IP (Internet Protocol) camera to monitor your kids – there are vulnerabilities in different areas,” Chan said.
READ ALSO: HP study on 10 smartwatches finds ALL vulnerable to attack
Last year, networks were put at risk by vulnerabilities such as Heartbleed, and Chan said he expects to see more of such incidents this year, as well as different kinds of attacks, whether they are DDoS (Distributed Denial of Service) or web application type attacks.
In general, cyber-attacks would be “more sophisticated and probably harder for traditional perimeter defences to protect against,” he said.
Is Asia ready and prepared to defend against cyber-attacks in this new threat landscape? Chan said it depends on the sector.
“If you think about governments, banks and so on, I would say that sufficient security defence is in place,” he said.
“But definitely there are a lot of SMEs (small and medium enterprises) in Asia Pacific, and a lot of different sectors like education, where we are seeing an increasing need for security deployment,” he added.
SMEs face a greater challenge because most lack inhouse IT expertise, let alone specialist cybersecurity skills. Instead of building this capability internally however, many SMEs are now outsourcing their cyber-defence needs.
“A lot of SMEs are outsourcing their security, whether it’s a clean cloud service or a mail cleaning service,” said Chan.
But one cybersecurity challenge in Asia is not in the technology, but rather in the implementation, he argued.
An organisation can spin out an application in a short time, but it will take time for it to implement the network security features around that app, according to Chan.
More thought should also be put into what each enterprise wants to achieve for its security.
“I think we need to consider the overall concept of what we are trying to do – to identify and look at the assets we are trying to protect, whether it is a username and password, or application, or IT management,” Chan said.
“Rather than just a silver bullet to solve this problem, I think we need to take a step back and look at the bigger picture of what we’re trying to achieve, what we’re trying to protect, and what solutions are in place,” he added.
Black hat hackers will be more sophisticated in 2015: Fortinet
Growing APAC concern about wireless security in the enterprise: Fortinet survey
BYOD security: Singaporean SME staff left to their own devices
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.