by CommunicAsia2016 Summit speaker, Pierre Noel, Chief Security Officer and Advisor, Microsoft Asia
By 2020, four billion people will be online, 50 billion devices will be connected to the internet and data volumes will be an astounding 50 times greater than what we are seeing today.
This enormous explosion of connected devices and data flows and the complexity that comes with it, will make it more challenging than ever before for individuals, organizations and nations to protect themselves against cyberattacks – with greater complexity comes greater risk of malicious attacks and security exposure.
While there will always be new threats, new attacks and new technologies to keep an eye on, here are some security trends businesses in Asia Pacific ought to watch for this year:
1. Mobile Malware
As security threats continue to dominate news cycles, this year will be one where we see cybercriminals focus on targeting mobile devices by attacking underlying operating systems and releasing more malware-infected apps.
China leads the world in the number of mobile users, and malware on these devices will surface as a huge problem. A study by Tsinghua University, Microsoft Research, and China’s Ministry of Science and Technology found that only a quarter of apps in the country’s local app stores are safe.
The adoption of mobile payment systems will also lead to a surge in hack activity related to stealing information from new payment processing technologies like EMV credit cards, contactless RFID smart cards, and mobile wallets.
2. Online extortion and hacktivism
According to TrendMicro, a Microsoft Partner, rapid growth in online extortion and hacktivism is expected this year, with more sophisticated ways of stealing information and gaining control of webenabled devices being realized.
Malware programs like ransomware, are potentially one of the most dangerous types of computer malware and might be used more frequently by hacktivists in order to encrypt the victim’s personal information like photos or conversations and extort money online to regain control of online accounts and devices
3. Password recovery scams, including spear phishing and smishing
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information.
Since phishing attacks are no longer limited to email, SMS phishing (smishing) is becoming more common, especially by hackers creating password recovery scams. A criminal hacker only needs a victim’s email address and a mobile phone number to start a password recovery process and compromise their account.
A New Approach To Cyber Security
Ultimately, as Microsoft CEO Satya Nadella, highlighted just last November, the digital world we live in today requires a new approach to how we protect, detect and respond to security threats. Companies must evolve from a simple, “protect and recover” model to a more holistic protect, detect and respond posture that utilizes real-time insights and predictive intelligence across networks to stay ahead of threats.
The current wave of cybersecurity evolution is centered around collecting actionable intelligence, to remain ahead of threats. Attacks such as Ransomware are targeted and follow certain patterns, Malware for example, tends to morph rapidly. To stay ahead of these threats, we need to make full use of the cloud to collect and analyze such information that will tell us what to expect, and where to expect it.
At the same time, it is also critical for companies to strengthen their core security hygiene; adopt modern platforms and comprehensive identity, security and management solutions; and leverage features offered within cloud services. It is just as important to create education and awareness across employee populations in order to build and sustain a pervasive security culture.
While organizations across the region are in various states of readiness with regards to cybersecurity, I remain optimistic as we see more organizations, government and non-governmental companies alike, making cybersecurity a priority and cooperating closely to ensure cyber threats are identified and dealt with quickly.