The 2014 security outlook for Malaysia: Symantec
By Eric Hoh January 3, 2014
- Watch out for more ransomware, mobile cybercrime, app scams, social media exploits and espionage
- ‘Internet Of Everything’ opening doors to unchartered territory, enterprises and consumers beware
THE year 2013 provided much to talk about in terms of information protection. What will be in store for 2014? The following are some trends to look out for as we move into the new year.
Privacy issues littered the headlines in 2013, raising fundamental questions about the amount of personal information being shared and collected every day by service providers, professional groups and social networking sites.
In October 2013, Symantec traced one of the largest data breaches globally in a number of years, where 150 million identities were exposed due to this one breach. This more than doubled the number of identities exposed in 2013, when compared with our previous numbers through September.
Of the reported breaches last year, the top three types of information exposed were a person’s real name, government ID number, and birth date.
In Malaysia, the Personal Data Protection Act 2010 or PDPA which came into force on Nov 15, 2013, will have a big impact on how organisations manage and use their customer data. Companies need to stay ahead of legislative changes and compliance issues and act now to protect themselves.
Organisations using personal data collected will have to comply with the Act within three months from the date of enforcement. The first year in enforcement of the Act is a critical period as organisations start to understand the requirements of the Act and take measures in compliance.
Also, as the Trans Pacific Partnership (TPP) negotiations progress, access to information and international patent legislation will remain an area of focus. Legislative and compliance issues are also reaching the consumer – individuals need to care about encryption and privacy laws, and what information is being used for this new frontier.
Cybercrime also made headlines in 2013 and will continue to be problematic for consumers and enterprises, both large and small. Whether it is ransomware, mobile cybercrime, app scams, exploiting niche social networks, corporate espionage or the move from mass cyber-threats to more sophisticated and targeted attacks, there is no doubt that cybercrime will continue to be an issue that consumers and enterprises will need to look out for.
With the proliferation of smart mobile devices, information protection will continue to be a hot topic in 2014.
What will emerge is an increasingly complex online security landscape, due to the consumerisation of smart devices and data aggregation of connected devices. In Malaysia, this issue will be crucial, with its more than 140% penetration of mobile phones.
These mobile devices will be connected to the Internet and in some cases, running an embedded operating system. Sounds farfetched, but the marketplace is already alive with them, and they will just get smarter and more connected.
For cybercriminals, the lure of all these connected devices storing information and data is too sweet to resist. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras.
The security spotlight will shine not only on organisations, but also manufacturers of these devices and systems, as well as programmers who develop software for them. Users will expect notification of vulnerabilities, followed by patches.
The ‘Internet Of Everything’ is opening new doors to unchartered territory. Enterprises and consumers should take action now to safeguard their information and devices with robust security software.
In addition, there is a fine line between business and personal use as professionals and consumers use their mobile devices for business and leisure.
The 2013 Norton Report indicates that almost half of respondents are forgetting – or worse, ignoring – security on their smartphones and tablets, even as they understand its importance for their PCs.
This security threat is further exacerbated when companies have not yet developed tight policies regarding the use of personal mobile devices or company computing assets, placing both employee and employer at higher risk.
Gartner has stated that most companies only have policies for employees accessing their networks through devices that are owned and managed solely by the company, and suggests that policies balance flexibility with confidentiality and privacy requirements.
Protecting the enterprise will continue to be a constant challenge. The online security landscape is fluid and cyber-attacks have evolved in how they penetrate the enterprise.
According to Symantec’s 2013 Internet Security Threat Report, there was a 42% increase in targeted attacks, but more worryingly, 31% of those were targeted at businesses with fewer than 250 employees. Small businesses are at the greatest risk from sophisticated attacks.
On enterprise data centre front, Software-Defined Data Centres (SDDCs) is a trend to watch as the software-defined infrastructure becomes tangible.
Many believe 2014 will be a year of education as customers come to understand the benefits of software-defined anything – compute, networking and storage – and overcome any challenges around trust and security.
The future data centre will look different from today. Heterogeneous and distributed data centres, information and workloads everywhere, shared resources, abstraction of hardware from software, delivery as hybrid clouds, and velocity of change.
This new environment poses some new challenges – visibility, access control, aggregation of responsibility. Future data centres need insights and real-time dynamics to mitigate risks.
As social media and mobile devices proliferate, we’re in the midst of an information explosion – the ‘big data bang’ is here. Every minute, we create store and access complex data at an unprecedented scale; in fact, 90% of the world’s data was created in the last two years. Many companies project that their information will grow at an incredible clip of 60% to 70% within one year.
This free flow of data has created immense opportunities. But it’s also opened the doors to new risks.
As the Internet of Things, the cloud, real-time analytics and other technologies step out of our imaginations and into our lives, so too do a host of sophisticated threats that we must address, or risk progress.
Eric Hoh is the vice president for Asia South Region at Symantec Corporation, a global provider of security, backup and availability solutions.
Countdown officially begins for PDPA compliance
Lack of clarity and info on TPP a major concern
Smarter, shadier and stealthier cyber-crime forces dramatic change
VMware wants to get you out of ‘Hotel California’