SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Enterprise security trends for APAC
Wed, 30th Mar 2016
FYI, this story is more than a year old

By 2020, four billion people will be online, 50 billion devices will be connected to the internet and data volumes will be an astounding 50 times greater than what we are seeing today.

That's according to Pierre Noel, chief security officer and advisor, Microsoft Asia, ahead of the CommunicAsia2016 Summit.

“This enormous explosion of connected devices and data flows and the complexity that comes with it, will make it more challenging than ever before for individuals, organisations and nations to protect themselves against cyberattacks - with greater complexity comes greater risk of malicious attacks and security exposure,” Noel explains.

Noel says that while there will always be new threats, new attacks and new technologies to keep an eye on, there are some security trends businesses in Asia Pacific should know about.

Mobile Malware

“As security threats continue to dominate news cycles, this year will be one where we see cybercriminals focus on targeting mobile devices by attacking underlying operating systems and releasing more malware-infected apps,” says Noel.

According to Noel, China leads the world in the number of mobile users, and malware on these devices will surface as a huge problem.

A study by Tsinghua University, Microsoft Research, and China's Ministry of Science and Technology found that only a quarter of apps in the country's local app stores are safe.

“The adoption of mobile payment systems will also lead to a surge in hack activity related to stealing information from new payment processing technologies like EMV credit cards, contactless RFID smart cards, and mobile wallets,” Noel adds.

Online extortion and hacktivism

According to TrendMicro, a Microsoft Partner, rapid growth in online extortion and hacktivism is expected this year, with more sophisticated ways of stealing information and gaining control of web-enabled devices being realised.

“Malware programmes like ransomware, are potentially one of the most dangerous types of computer malware and might be used more frequently by hacktivists in order to encrypt the victim's personal information like photos or conversations and extort money online to regain control of online accounts and devices,” Noel says.

Password recovery scams, including spear phishing and smishing

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organisation, seeking unauthorised access to confidential data.

“Spear phishing attempts are not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information,” Noel says.

He says that because phishing attacks are no longer limited to email, SMS phishing (smishing) is becoming more common, especially by hackers creating password recovery scams.

“A criminal hacker only needs a victim's email address and a mobile phone number to start a password recovery process and compromise their account,” Noel explains.

A New Approach To Cybersecurity

“Ultimately, as Microsoft CEO Satya Nadella highlighted just last November, the digital world we live in today requires a new approach to how we protect, detect and respond to security threats,” says Noel.

“Companies must evolve from a simple, ‘protect and recover' model to a more holistic protect, detect and respond posture that utilises real-time insights and predictive intelligence across networks to stay ahead of threats,” he says.

Noel says the current wave of cybersecurity evolution is centred around collecting actionable intelligence, to remain ahead of threats.

“Attacks such as Ransomware are targeted and follow certain patterns, Malware for example, tends to morph rapidly. To stay ahead of these threats, we need to make full use of the cloud to collect and analyse such information that will tell us what to expect, and where to expect it,” Noel explains.

“At the same time, it is also critical for companies to strengthen their core security hygiene; adopt modern platforms and comprehensive identity, security and management solutions; and leverage features offered within cloud services,” he says.

“It is just as important to create education and awareness across employee populations in order to build and sustain a pervasive security culture.

“While organisations across the region are in various states of readiness with regards to cybersecurity, I remain optimistic as we see more organisations, government and non-governmental companies alike, making cybersecurity a priority and cooperating closely to ensure cyber threats are identified and dealt with quickly,” says Noel.