The Asia Pacific region has had a particularly difficult year when it comes to cyber crime. According to Security Asia, some of the high profile attacks in the region include cyber attacks on the database of 55 million voters at the Philippines Commission on Elections, the National Payment Corporation of India, the Bangladesh Central Bank, and massive data leaks as shown by the Yahoo data incidents. This small sample includes attacks on the financial industry, government and technology.
A Frost and Sullivan’s 'Asia Pacific Cyber Security practice' reports that Singapore lost about US$19 million through Business Email Compromise (BEC) attacks during the first nine months of 2016. Growing at 20% YoY, this type of cyber crime is predicted to overtake Ransomware in 2017. The report goes on to speculate that BEC attacks can potentially become the main type of cyber threat in Asia Pacific.
We know that DDoS attacks have become a menace and are being enabled by the growing global popularity of IoT and its corresponding lack of device security. Internet attacks accomplished by creating huge volumes of traffic from thousands of unsecured, connected devices such as traffic cameras have the potential to shut down urban intelligent transport systems, airport traffic control systems and other critical infrastructures.
Cyber attacks including BEC, Ransomware and DDoS attacks are growing and becoming a big business in APAC as well as other regions around the world. Many areas in the APAC region that are technologically advanced are actually more vulnerable due to the volume of connected devices and systems. Intelligent transit, WiFi and WiMax, digital street surveillance, web enabled government services are all great conveniences to local populations. However as the population adjusts and learns to depend on these new technologies, they become more vulnerable to attacks.
One of the newer cyber attack modes is using drones to scan for unsecured WiFi networks. Singapore University of Technology and Design has demonstrated that it is possible to launch cyber attacks using only a drone and a smart phone. As drone technology develops and improves, the criminals will certainly use it as another tool in their criminal arsenal.
So, there is no shortage of scary stories about cyber crime and its potential for mass carnage against large populations. The question is what are we going to do about it? Whose responsibility is it to protect us from this devious and largely anonymous threat? The answer is ours.
Governments must increase information sharing and cooperation. Laws and enforcement agencies must work hard to catch up and keep up with this fast evolving threat. Device makers must design security measures into connected equipment. Sure, yes, and absolutely for all those ideas. However, right here, right now in the Asia Pacific Region, businesses and individuals must be educated and vigilant against these crimes.
Business networks need to establish and enhance their cyber security departments. Security budgets must expand to include the introduction of new appliances that help anticipate attacks by learning normal network patterns and isolating anomalies.
Appliances such as Data Loss Protection, Intrusion Protection and Next Generation Firewalls must be deployed through independent TAPs on network links. Other specialized appliances should also be considered for specific vulnerabilities. There are appliances that will isolate all emails with an attachment to a “sandbox” and test the attachment for malware prior to sending it on to the recipient. This is a potential defense for BEC attacks. It is always prudent to regularly backup and store critical data off-line.
TAPs and Packet Brokers can help manage the maze of specialized appliances by allowing fail-safe connection to links, mapping what data goes where, and filtering out packets and ports that are not relevant to each appliance. These security devices simplify deployment and make it easy to make additions and changes to your security stack as new technologies advance.
So, don’t moan about the drone. Enhance your security profile, educate your employees, and deploy strong defenses to block breaches rather than repairing the damage after a devastating attack.