itb-nz logo
Story image

Cyber security now about mitigating risk

Digital transformation, insider threat and machine learning will have a significant impact on cyber security in APAC over the coming months, according to Sanjay Aurora, Darktrace managing director APAC.

“In 2015, we saw countries like Singapore and New Zealand introducing cyber security toolkits for SMEs - this is a good step in educating employees beyond the IT department on the sophistication and seriousness of today's threats,” Aurora says.

“In 2016, cyber security will move further toward the boardroom as a corporate issue and become a continual process of risk mitigation, rather than a problem left for the IT department to independently resolve.

“As a result, security professionals must become more conversant with business risks and business objectives, rather than remain as narrow and deep technological experts," he says.

Digital transformation: An opportunity and a risk

In 2016, APAC organisations will continue to embrace digital transformation - from network-connected smart TVs, photocopiers and air-cons in the boardroom for greater convenience, to the wider adoption of virtualisation and cloud, which enables employees to work anytime and anywhere using smartphones, tablets and even smart watches, Aurora says.

Smart City initiatives throughout Asia, alongside established projects like Songdo in South Korea, will drive a significant increase in the number of connected units or devices across APAC, which is expected to increase from 3.1 billion to more than 8.6 billion by 2020. This presents organisations with both a business opportunity and business risk, he says.

"Connected units or devices in industrial zones, office parks and shopping malls will no doubt improve efficiency, as well as reduce the cost of energy, spatial management and building maintenance, but this will come at the cost of increased vulnerability.

"Therefore, the most urgent concern is how to conduct business while maintaining the current levels of risk management, as networks become more open and complex, and more devices become interconnected.

“Businesses are expected to be able to keep information safe within flexible structures, but at the same time, they can no longer completely 'fortify' their online environments,” he says.

"Cloud servers, for example, will remove some risks relating to the build and configuration of a large numbers of servers and their ongoing maintenance.

“However, the cloud also allows mistakes to be made at an unprecedented scale and magnitude.

“A recent error that exposed more than a million healthcare records reminds us that using the cloud without proper cyber security safeguards can result in widespread damage," he says.

Insider threats: Most significant potentially damaging risk

As attackers increasingly obtain legitimate credentials from employees, customers, suppliers or contractors and exploit network access in ways that are difficult to predict, insider threat is likely to be the most significant and potentially damaging risk in 2016, according to Aurora.

"The US Office of Personnel Management hack in June and the recently reported VTech hack are sharp reminders that attackers are having an impact on trusted organisations at scales almost unimaginable.

“These incidents have shown us yet again that once perimeter defences have failed, many organisations remain blind to in-progress attacks for long periods of time, until the business and reputational damage becomes impossible to contain," says Aurora.

"We have also observed breaches within organisations that have gone unnoticed for up to 200 days, before the vulnerability was brought to light.

“On that note, companies need to accept the new reality - the threat is, by default, inside organisations, and must be kept in check by continual monitoring and advanced detection," he says.

Machine Learning: Key to proactive cyber security

According to Gartner, information security has become a priority for businesses, with worldwide spending on information security projected to reach US$76.9 billion by the end of 2015.

The research firm highlighted the emergence of new technologies, which provide contextual information and security intelligence, as key to improving organisations' understanding of today's evolving internal and external threats.

Due to talent shortages, more than half of APAC organisations are seeking data-driven security capabilities to plug the gap.

"Whether we're talking about start-ups, SMEs, MNCs or public sector organisations, the importance of digital information - as well as the need for pragmatic knowledge in securing systems and data - remain consistent.

“Across the board, we're seeing a high incidence of threat actors unlawfully claiming and using intellectual property. These threat actors, who are also targeting young and innovative companies, could very well walk away with entire businesses.

“Cyber threats are not just an expensive annoyance, but can deal devastating blows to creative concepts and competitive positions," says Aurora.

"In 2015, the capability of machines to provide a full view of and automatically learn what is normal and abnormal within a network, as well as identify in-progress cyber-attacks, has been an important innovation for the cyber defence sector, especially when it becomes humanly impossible to keep up with every component within an organisation's expanding network.

“In 2016, companies that aim to be successful in proactive cyber security will need to embrace this model of 'immune system' technology, which continually looks out for network abnormalities and alerts the security team in real-time, before serious damage is done," Aurora says.

Security professionals must become more familiar with business risk

Regionally, cyber-attacks are estimated to have cost APAC businesses US$81 billion in the past 12 months, according to Aurora.

To safeguard revenue, reputation and intellectual property, the issue of cyber security has become a common topic during boardroom discussions, with policies being constantly developed to address ongoing cyber threats.

Furthermore, 45% of boards now participate in the formulation of security strategy, with that number set to increase in 2016.

Link image
How to effectively accelerate 5G device workflow
Achieving a first-to-market advantage in 5G requires innovative network emulation solutions that accelerate the device workflow. Find the 5G network emulation software that's right for you.More
Story image
From 1G to 5G: How innovations in cellular have shaped our lives
As we look to the present decade from 2020 onwards, 5G will be at the forefront. The race for 5G is not about merely deploying new infrastructure, but getting the first-mover advantage in who can build and take the leadership role in the host of new applications and services that 5G will enable.More
Story image
Security training and tech: Empowering staff in a hybrid work environment
As employees travel back and forth between home and the workplace, are they walking through the door with cyber threats sitting on their devices?More
Story image
Firms that use social as a 'megaphone' miss out on transformation - Hootsuite
Organisations often limit social to the marketing department, but instead it should be connected into the ‘lifeblood and workflow’.More
Story image
Intelligent Automation – accelerate today and automate for tomorrow
It’s a message that encapsulates the benefits of productivity and innovation, by letting technology take care of menial tasks and giving valuable time back to every business.More
Story image
IBM, Alphabet and well-funded startups in the race for quantum supremacy
"It may not come as a surprise that quantum computing one day replaces artificial intelligence as the mainstream technology to help industries tackle problems they never would have attempted to solve before.”More