With 2013 already being called the year of the hack, what are your views on the prevailing security landscape in APAC and globally?
That term is being used more and more as a result of such high profile security incidents around the world. We have seen millions of user accounts and passwords breached and global organizations publically disclosing they have been compromised, asking their users to reset their passwords. This year continues to see increased growth in targeted attacks that disrupt services and attacks that fraudulently obtain significant amounts of intellectual property.
The worrying change in the last six months is the increased use of attacks that destroy infrastructure, the systems they attack and the evidence of the attack. This makes it very hard for the organization that has been breached. Ransomeware is a significant problem that is growing around the world, but in Asia-Pacific it’s becoming a very concerning type of attack.
What are the major trends that you see and how have they evolved? What are the key threat vectors this year and the implications for security? Some of the major security trends I believe are as follows:
- Targeted attacks prompt a growing need for incident response plans: Cybercriminals will continue targeted attacks that proved successful at disrupting services and fraudulently obtaining significant amounts of intellectual property. We are likely to see significant increase in targeted attacks and targeted malware. This type of attack is more difficult to protect against, especially when cybercriminals destroy evidence of the attack. Dealing with the clean-up distracts IT administrators who don’t immediately realize they have been hacked. It also adds to the difficulty in ensuring effective incident response as hackers attack hardware as they exit the network. Protecting against this trend will be a major challenge — particularly for enterprise and government organizations.
- Ransomware will start to impact Asia-Pacific: Ransomware will be prevalent in 2013. It is carried out by encrypting files on a victim’s computer, which can only be unlocked by paying the criminals a “fine”. To date, ransomware has been a bigger issue internationally and we have not experienced frequent occurrences in Asia- Pacific, however this is changing.
- Non-Windows attacks will continue to increase: Non- Windows attacks will continue to increase in 2013. Android devicesare now the highest selling mobile devices in the Asia-Pacific market and hackers will take advantage of that by developing mobile malware. Consumers aren’t the only ones at risk of mobile threats. Enterprises, particularly those embracing Bring Your Own Device policies (BYOD), are also at risk. The mobile malware growth rate is similar to that of Windows malware some time ago, which shows it is a genuine threat.
- Signed malware will increase in prevalence Signed malware was prevalent in 2012 and this trend is likely to continue in over the coming 12 months. Signed malware is present when a hacker obtains a digital certificate from an organization and appends it to malware, allowing the malware to pass through an organisation’s operating system. Stuxnet is a high profile example of this threat. This type of threat will be harder to stop because it appears more legitimate.
- IT managers will start embracing security process automation: The cyber security function remains one of the only IT functions that has not yet taken advantage of the speed, visibility and comprehensive capabilities provided by automation. With the increasing number, variety and complexity of the threats faced by organizations, many security technologies still require significant hands-on management. IT managers will need to embrace security automation in order to keep up with the threats they face.
In your experience, how are enterprises responding to these threats?
Enterprises are responding to these threats differently depending on the vertical. Banks for example have some of the strongest security architectures and very talented staff to deal with these issues and minimize any impact. There are other verticals where security is treated somewhat less important and where there are significant issues. Security needs to be taken very seriously. You need to look at your security processes, architectures and technologies and assess if they can deal with the current threats and adjust accordingly.
How have black-hat strategies and techniques evolved to leverage vulnerabilities/ opportunities provided by new tools, platforms and services?
The economics of cyber attacks and the money there is to be made, continue to drive attackers. They evolve and learn new ways to carry out their campaigns and malicious attacks to make money, to access information they seek or to carry out their hacktivist goals. Whilst there is significant focus and discussion around the opportunity that new tools, platforms and services can bring to attackers, in most cases they do not need to leverage these new technologies, there are enough weaknesses in the current technologies. Traditional attack techniques ike SQL injection and the use of old malicious applications are still extremely successful. In a significant amount of the incident response work we do, attackers have penetrated networks with little in the way to stop them so they do not need to invent new ways to attack an average organization.
Emphasis is beginning to be placed on detection over prevention as per several industry reports. Your thoughts on this cynical bent that security practitioners seem to be taking.
I do not agree that more emphasis is being placed on advanced malware detection rather than defense, but certainly the focus on advanced attacks has increased. You could argue that some of this is vendor driven, given the hype around APTs. There is a need for both, you need to prevent every attack possible, but you also need to focus on the reality that there are attackers who have the skills and the motivation to target you as an organization and you need to detect this type of advanced attack.
Attribution is extremely important today, and I believe very misunderstood. You need to know who is attacking you, why they are attacking you and how they are doing it. How they are doing it allows you to focus on prevention but who and why is very important so you understand the motivation and how you can manage the issue.
What is your opinion on the implications for security from ‘the Internet of Things’phenomenon?
The Internet of Things brings massive innovation and benefits that we can all enjoy and use positively. With this change and innovation does come a responsibility to look at security with a pragmatic view. We need to look at security in some very different ways. Traditionally security could be likened to the well-known game, Whack-AMole, the focus is looking for the next piece of malware and stopping it and doing this time and time again. Looking at the Internet of Things, dealing with malware is still very important, but so are other areas of security like trust and identity. Behaviour, for instance, becomes important, which may also be linked to identity. For example, is this machine doing what is expected, and is the person connecting to the machine trusted and is it really thatperson. Many aspects of security will remain the same, but there is also a need for new security architectures to be leveraged to ensure security and integrity.