It’s not just security, it’s defence: BAE Systems
By Lum Ka Kay April 21, 2016
- Complying with increasing regulation poses a challenge for businesses
- The Unusual Suspects report lists six cybercriminal profiles
AS Malaysia moves toward becoming a digital economy, there are two main challenges that may stymie the nation’s aspiration: The regulatory burden and a low awareness of cybersecurity.
It would be especially challenging for businesses, according to Barry Johnson (pic above), Malaysia country manager of Applied Intelligence, the cybersecurity division of UK-based international defence, aerospace and security company BAE Systems.
“One of the challenges businesses generally face is the need to comply with increasing regulation. Anyone holding personal information and financial data as part of their business will now have to protect those data.
“But the increasing regulation is a burden for businesses as this means companies have to spend more to safeguard information,” he told Digital News Asia (DNA) on the sidelines of the Defence Security Asia 2016 conference in Kuala Lumpur on April 20.
The second challenge is cybersecurity awareness. Many companies do not have the mindset that they need to defend themselves, according to Johnson.
“You can’t just go buy a security product, you have to defend yourself. Security is about how you feel.
“So you might feel secure with the technology you have, but defence has to be proactive – you have to train your people and have the right technology to defend yourself.
“And all this has to come together as an operational defensive capability. It’s not just security, it’s defence,” he said.
According to Johnson, in a sanctioned test that BAE Systems performed for one of its clients, about 42% of the 250 staff fell for a phishing email that invited them to click on a link to redeem a complimentary food voucher.
“It was an ethical hacking [exercise] – those who clicked on the link were brought to a website that told them to inform the company’s IT department regarding the phishing email, and that the company would provide them the necessary cybersecurity training,” he said.
“Next, we measured how many of this 42% actually followed the business process: Zero.
“That gave the organisation a real understanding of its staff’s cultural awareness and attitude towards cybersecurity. And it also made the organisation realise that cybersecurity isn’t someone else’s problem,” he added.
But things are beginning to change, with more chief executives beginning to realise that cybersecurity is not ‘just an IT problem,’ according to Johnson.
The Unusual Suspects
BAE Systems recently revealed some of the biggest cyberthreats to Malaysian businesses in its The Unusual Suspects campaign, part of a global initiative to increase cybersecurity awareness.
The campaign profiles six prominent types of cybercriminals, showcasing their motivations and methods.
The profiles, derived from expert analysis of thousands of cyber-attacks on businesses around the world, are:
- The Mule: Naïve opportunists who may not even realise they work for criminal gangs to launder money;
- The Professional: Career criminals who ‘work’ nine-to-five in the digital shadows;
- The Nation State Actor: Individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities;
- The Activist: Motivated to change the world via questionable means;
- The Getaway: The youthful teenager who is keen to impress and can escape a custodial sentence due to his or her age; and
- The Insider: Disillusioned, blackmailed or even over-helpful employees operating from within the walls of their own company.
The problem with bug bounties, white-hat hacking … and analysts!
BAE Systems’ Applied Intelligence beefs up Asian operations
Nation’s cyber-defence needs holistic approach: Applied Intelligence