Political philosopher, writer and U.S. founding father Thomas Jefferson once stated that, “Education is the great equalizer.” When it comes to cyber security, this couldn’t be more true.
Modern hackers have an arsenal of exploit kits available to them on the dark web despite the repeated efforts of national and international law enforcement agencies to shut them down. Ransomware, spyware, zero-day threats, keyloggers and a myriad of other threats can easily be obtained by any person who knows where to look for them. In countries such as Brazil, hackers are actually offering tutorials and courses to aspiring cyber criminals for a price. The internet is crawling with cyber-crime, and the only way to defend against it is with a proper understanding of the threats that are out there.
It’s somewhat troubling, then, to learn that not all regions of the world are not on equal footing with cyber attackers. Specifically, the results of a recent Trend Micro survey have revealed that corporations in many Asia-Pacific (APAC) countries are not entirely aware of how cyber-attacks are executed.
The APAC knowledge gap
In early August, Trend Micro revealed that less than one in 10 companies in the APAC region “fully understand how cyber-attacks are performed.” Respondents were representative of 300 companies scattered throughout Singapore, Taiwan, India, the Philippines, Hong Kong, Japan, Australia and New Zealand.
Nearly half of these organizations admitted that there is absolutely no cyber security awareness training in their organizations. This is problematic when you consider the modern efficacy of social engineering schemes. Even tech-savvy, attentive employees can get easily lassoed into giving away their corporate login information or downloading ransomware and other forms of malware.
Take the example of PETYA, a form of ransomware that hackers spread via fake job application emails. Then there’s business email compromise, which involve posing as a company executive for the sake of manipulating insiders into handing over sensitive information, or in some cases, money. Both of these are serious problems that require some level of cyber security awareness.
Trend Micro’s survey also revealed that 59 percent of respondents cited “employees’ lack of knowledge” as the top insider threat, which isn’t shocking. Even without hackers constantly attempting to manipulate insiders, something as simple as checking a work email account on a public computer and forgetting to log out can result in a breach of company data.
The situation may get worse before it gets better
In recent months, there have been several high-profile attacks in the APAC region, the most notable of which is the Bangladesh Central Bank breach that resulted in the theft of $81 million. According to WIRED’s Kim Zetter, some reports have claimed that Bangladesh Bank’s cyber security practices were fairly lax.
“[T]he bank reportedly didn’t have firewalls installed on its networks, raising the possibility that hackers may have breached the network and found the credentials stored on the system,” Zetter wrote.
More recently, Vietnam’s two largest airports (Noi Bai in Hano and Tan Son Nhat in Ho Chi Minh City) as well as the nation’s largest airline (Vietnam Airlines) were breached. The good news is that there was no significant fallout from the attack. The bad news is that all internet-connected systems in the hubs had to be shut down, which meant that many tasks had to be manually completed.
Another marker of the times is the current escalation of mobile malware in China. At the end of 2015, Trend Micro predicted that the spread of malware on smartphones and tablets in particular would spike in 2016, and so far, this prediction has been spot on. Part of the reason for this is that smartphone users in China are turning to third-party application stores to procure their consumer apps. The reason for this is that of China’s estimated 800 million mobile users, only about 21 million of them have access to Google Play. In light of the growing influence of enterprise mobility all over the world, the possibility that professionals would be bringing these infected devices onto corporate networks is disconcerting, and further supports the notion that there is somewhat of a disconnect between businesses in the APAC region and best cyber security practices.
But it will get better, and maybe even sooner than we think
The silver lining here is that the global market for application cyber security is growing at a compound annual growth rate of nearly 11 percent, according to Market Reports Hub. The report noted that the most substantial CAGR would be witnessed specifically by the APAC market, which seems to be indicative of a progression in cyber-attack prevention in the region.
It’s also worth nothing that education will be just as important going forward as smart cyber security investing. A solutions-based approach to cyber security is no doubt essential; however, with insider threats looming large, it simply isn’t a substitute for properly training enterprise workers on cyber security best practices.
To that end, Trend Micro’s CLOUDSEC 2016 conference is being hosted in 9 APAC countries: China, India, Philippines, Singapore, Taiwan, Hong Kong, Indonesia, Australia and Republic of Korea.
“Dedicated to helping businesses improve cyber security awareness, preparedness and efficiency, Trend Micro’s CLOUDSEC 2016 conference, themed ‘Take Control,’ will guide businesses in taking control internally of people, systems and processes with insights and perspectives shared by Trend Micro senior executives and external global security experts,” a company press release stated.
And it couldn’t have come at a better time. A day before the Australia conference (which was held Sept. 1), login information from “Tens of thousands of computers from federal research network, schools and local councils,” were found to be available on the dark web.
Due to the interconnectedness of the world in which we live, a cyber security problem in one part of the globe is revenant everywhere. If APAC doesn’t address its cyber threat landscape sooner rather than later, the problem is poised to get even worse. However, as long as global efforts at improving cyber security continue to evolve at their current pace, there’s plenty of hope ahead for APAC corporations.