Digital transformation initiatives = greater risks
By Digital News Asia January 1, 2016
- Need to do business while maintaining current levels of risk management
- The default threat today is inside organisations, requires advanced detection
THE ongoing digital transformation initiatives in many organisations may bring many benefits but are also exposing them to greater risks, according to Cambridge-based cybersecurity firm Darktrace.
In 2016, Asia Pacific organisations will continue to embrace digital transformation – from network-connected smart TVs, photocopiers and air-conditioners in the boardroom for greater convenience, to the wider adoption of virtualisation and cloud, which enables employees to work anytime and anywhere, using smartphones, tablets and even smart watches, the company said in a statement.
Smart city initiatives in China, India and Singapore, alongside established projects like Songdo in South Korea, will drive a significant increase in the number of connected units or devices across the region, which is expected to increase from 3.1 billion to more than 8.6 billion by 2020.
This presents organisations with both a business opportunity and business risk, Darktrace said.
“Connected units or devices in industrial zones, office parks and shopping malls will no doubt improve efficiency, as well as reduce the cost of energy, spatial management and building maintenance, but this will come at the cost of increased vulnerability,” said its Asia Pacific managing director Sanjay Aurora (pic above).
“Therefore, the most urgent concern is how to conduct business while maintaining the current levels of risk management, as networks become more open and complex, and more devices become interconnected.
“Businesses are expected to be able to keep information safe within flexible structures, but at the same time, they can no longer completely ‘fortify’ their online environments,” he added.
Sanjay cited the example of cloud servers, which remove some of the issues related to building and maintaining a large numbers of servers.
“However, the cloud also allows mistakes to be made at an unprecedented scale and magnitude,” he added.
As attackers increasingly obtain legitimate credentials from employees, customers, suppliers or contractors and exploit network access in ways that are difficult to predict, insider threat is likely to be the most significant and potentially damaging risk in 2016, Darktrace said.
Industry reports have also revealed a surge in cyber-espionage across South-East Asia in the first half of 2015, as the region becomes a larger economic player on the global stage.
“The US Office of Personnel Management hack in June and the recently reported VTech hack are sharp reminders that attackers are having an impact on trusted organisations at scales almost unimaginable,” said Sanjay.
“These incidents have shown us yet again that once perimeter defences have failed, many organisations remain blind to in-progress attacks for long periods of time, until the business and reputational damage becomes impossible to contain.
“We have also observed breaches within organisations that have gone unnoticed for up to 200 days, before the vulnerability was brought to light.
“On that note, companies need to accept the new reality – the threat is, by default, inside organisations, and must be kept in check by continual monitoring and advanced detection,” he added.
Machine learning the key
According to Gartner, information security has become a priority for businesses, with worldwide spending on information security projected to reach US$76.9 billion by the end of 2015, Darktrace said.
The research firm highlighted the emergence of new technologies, which provide contextual information and security intelligence, as key to improving organisations’ understanding of today’s evolving internal and external threats.
Due to talent shortages, more than half of Asia Pacific organisations are seeking data-driven security capabilities to plug the gap.
“Whether we’re talking about startups, SMEs (small and medium enterprises), MNCs (multinational corporations) or public sector organisations, the importance of digital information – as well as the need for pragmatic knowledge in securing systems and data – remains consistent,” said Sanjay.
“Across the board, we’re seeing a high incidence of threat actors unlawfully claiming and using intellectual property. These threat actors, who are also targeting young and innovative companies, could very well walk away with entire businesses.
“Cyberthreats are not just an expensive annoyance, but can deal devastating blows to creative concepts and competitive positions,” he added.
In 2015, the capability of machines to provide a full view of and automatically learn what is normal and abnormal within a network, as well as identify in-progress cyber-attacks, has been an important innovation for the cyberdefence sector, Darktrace said.
This is especially when it becomes humanly impossible to keep up with every component within an organisation’s expanding network.
“In 2016, companies that aim to be successful in proactive cybersecurity will need to embrace this model of ‘immune system’ technology, which continually looks out for network abnormalities and alerts the security team in real-time, before serious damage is done,” said Sanjay.
Security pros must understand business
Regionally, cyber-attacks are estimated to have cost Asia Pacific businesses US$81 billion in the past 12 months, Darktrace said, citing The Grant Thornton International Business Report.
To safeguard revenue, reputation and intellectual property, the issue of cybersecurity has become a common topic during boardroom discussions, with policies being constantly developed to address ongoing cyber threats.
According to a PwC report, 45% of boards now participate in the formulation of security strategy, with that number set to increase in 2016.
“In 2016, cybersecurity will move further toward the boardroom as a corporate issue and become a continual process of risk mitigation, rather than a problem left for the IT department to independently resolve,” said Sanjay.
“As a result, security professionals must become more conversant with business risks and business objectives, rather than remain as narrow and deep technological experts,” he added.
Darktrace enters Asia Pacific security appliance market
China-based group using new tactic to plant backdoors: FireEye
RSA CTO on risk, changing mind-sets and staying ahead
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.