SEA not ready for a cyber-attack … nope, not really
By Benjamin Cher May 18, 2016
- SEA faces complex challenges that are unique to the region
- It may leapfrog, or just get bogged down by infrastructure challenges
CYBERSECURITY is an ongoing arms race between defenders and attackers, and with new technologies, increasingly complex threats and expanding attack surfaces, the traditional protection method is no longer effective.
Yet this is still the strategy of choice in South-East Asia, according to Intel Security’s Security Connected vice president and chief technology officer Michael Sentonas (pic above).
“People are still focused on protection … and thinking that you need to solve all problems with protection technology,” he says, in a recent conversation with Digital News Asia (DNA) in Singapore.
“I challenge that strategy. While protection is important, it only deals with malware. People need to think more and more about breaches regardless of how those breaches happen,” he adds.
For example, a cybercriminal may use stolen credentials to access confidential data – traditional protection technology cannot help here, where detection is the key.
But governments in the region have been talking a lot about the need for cybersecurity. Are the authorities not ready to deal with today’s threat landscape?
“The easy answer would be ‘no,’ but things are more complex,” says Sentonas.
“Singapore, for example, works quite actively to protect the Singaporean public and the businesses in the country,” he says, adding however that Singapore cannot act alone.
“Everybody globally has a part to play, and that’s the challenge, Singapore can do everything it want to be a more secure nation, but if you have attackers coming from other parts of the world, looking for vulnerabilities, some of those areas will fall,” he argues.
South-East Asia, with its widely disparate levels of economic progress but booming online penetration, presents its own set of problems.
“If you think about the … the top 20 telcos in the world, a significant number are based here in South-East Asia,” says Sentonas.
“If you look at the populations of Indonesia, Malaysia and Thailand, and the number of connected users, that poses a challenge,” he adds.
Some of these connected users would be coming online for the first time, which poses a challenge for authorities.
“You have people connecting to the Internet for the first time using a smartphone, which doesn’t have any security on it, and that causes problems,” says Sentonas.
“There certainly are issues in South-East Asia we see that we don’t see anywhere else in the world,” he adds.
Leapfrogging into … danger!
One advantage that many industry pundits tout is that, not having to deal with much legacy technology, South-East Asia would be able to leapfrog into newer technologies.
But Sentonas cautions against thinking that this would be a panacea in terms of cybersecurity.
“In Asia, we’ve got emerging countries that are building infrastructure today with the latest technology we have,” he says.
“But if that new infrastructure being rolled out has no security, then they haven’t effectively leapfrogged anything,” he adds.
While the latest systems may be more advanced and efficient, without security, they merely introduce a larger attack surface.
“While we roll out new technology for the benefit it provides, we need to have a pragmatic view of the potential negatives,” says Sentonas.
“Leverage technology for the benefit it gives you, but just understand that there are people in this world that look to take advantage of potential flaws … to carry out malicious attacks,” he adds.
Cybersecurity: Some will choose failure over change
Emerging economies getting with the cybersecurity programme: RSA
Governments not that clueless about cybersecurity after all
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.