MANY Malaysian businesses are putting the purchase of new IT solutions on hold because of the unfavourable economic climate, as well as the impending implementation of the Goods and Services Tax (GST) in the country.
According to Barracuda Networks Inc
regional manager in Malaysia Thiban Darmalingam, some companies are even slashing their budgets on new IT solutions by at least 50%.
“Companies know that they need IT security, but are anxious about the [April 1] implementation of the GST.
“At the same time, they are being whipped by the foreign currency exchange rate and global economic uncertainties,” he told a media briefing in Kuala Lumpur on Jan 15.
New York Stock Exchange-listed Barracuda Networks provides security, networking and storage via network appliances and cloud services.
These uncertainties and the economic climate have “resulted in everyone adopting a ‘wait-and-see’ mentality,” Thiban said, adding that this applies to companies across the board, including banks.
“When I approach companies, many of them say they will only spend for what they really need, such as renewal of licences, maintenance and so forth – anything else, and it is put on hold,” he said.
However, despite all this, Thiban (pic)
said he remained optimistic about Barracuda Networks’ growth outlook this year.
He said that Malaysian banks, which are now under pressure to secure their automated teller machines (ATMs) after last year’s ATM hacking incident
, are starting to knock on the company’s doors.
“One-and-a-half years ago, I approached a Malaysian banking client with a web application security solution. At the time, they told us that they didn’t need the solution because they felt they were secure.
“Recently, I received a call from the client and they said that they wanted to start allocating a budget for this,” claimed Thiban, who declined to reveal the name of the bank.
He also believes that companies, due to cost constraints, will start looking at outsourcing part of the IT security function.
Many companies, even banks, may not want to make outright purchases and may prefer using managed service providers, especially for non-critical areas that they don’t want to own or don’t want to hire extra staff for.
“This is making managed service providers smile,” said Thiban.
He said that Barracuda Networks has a good relationship with various managed service providers, and he believes this would be one of the growth areas for the company this year.
Trends for 2015
As far as security is concerned, Thiban said that Barracuda Networks sees a few specific trends in taking root in 2015.
He said that as companies move from the physical to the virtual to the public cloud and on to Software-as-a-Service (Saas), attack surfaces will change.
“An infrastructure upgrade may add multiple attack surfaces. For example, companies that migrate from an on-site Microsoft Exchange Server to Office 365 have added a new attack surface across multiple threat vectors, such as email and web application,” he explained.
There will also be an increase in attacks related to mobile access and web applications. Thiban said.
“The mobile Internet is particularly vulnerable to phishing and social engineering attacks. Mobile devices are constantly moving between secure corporate networks and unsecure home or public WiFi,” he explained.
Barracuda Networks also expects to see a continuous rise in web application attacks and Distributed Denial of Service (DDoS) incidents.
Thiban said that the web application vector is the attack surface that is currently the least understood by IT administrators, and is generally the most exposed.
“Many companies attempt to secure this threat vector with the wrong technology, like a network firewall, which can protect Layer 4 protocols and even do a deep packet inspection.
“However, truly protecting web application layer attacks generally requires terminating the HTTP or HTTPS protocols, and often rewriting traffic to identify and mitigate threats.
“Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks.
“This type of misunderstanding leaves the threat vector exposed to attack and gives the administrator a false sense of security,” Thiban added.
DDoS attacks grow, era of botnets: Akamai’s Prolexic report
Targeted attacks the ‘new normal,’ says Trend Micro exec
Security industry to pay more attention to cyber-espionage: InfoWatch CEO
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.