By: Keshav Dhakad, Regional Director, Digital Crimes Unit, Microsoft Asia
Rising Cybercrime Attacks & Losses
Cybercrime costs the global economy an estimated market value of US$3 trillion, with 71 percent of companies admitting that they fell victim to successful cyberattacks in 2015. Organizations are also taking stock of the past year and gearing up for a challenging economic environment in 2017. As a result, we can expect to see cybersecurity and the importance of having trusted software and systems continuing to be a top concern for business leaders due to its impact on corporate reputation, accountability of the senior management, and the bottom line.
This will particularly be a growing concern in the Asia Pacific region, where we expect to see rapid urbanization and a growing middle class. There will be 4.7 billion Internet users in 2025 and nearly half of them will come online between 2012 and 2025, comprised entirely from emerging economies, according to our Cyber 2025 Model report.
Further adding to the risk in the Asia Pacific region are factors such as a below par IT maturity and management, lack of cybersecurity skills and capabilities, low awareness around cybercrime, non-prioritization on cybersecurity, and heavy usage of non-genuine software (6 out of 10 computers in Asia-Pacific run on non-genuine software, according to 2016 BSA Global Software Survey). This will be especially true for high-risk sectors such as financial, healthcare, manufacturing, IT, retail, critical infrastructure and public services.
Malware Trends in Asia Pacific
According to the latest Microsoft Security Intelligence Report[i], in the first half of 2016, one of the most commonly encountered threats was the non-generic malware called Gamarue.
This worm is commonly distributed via exploit kits and social engineering and can also be attached to spam mails. Gamarue’s variants can give a malicious hacker control of the infected computers and have been observed stealing information from the devices and communicating with command-and-control (C&C) servers managed by attackers. Gamarue also makes unwanted and malicious changes to the local computer’s security settings. Gamarue was especially prevalent in Southern and Southeast Asia, with India and Indonesia together accounting for about 25 percent of all Gamarue encounters during the period.
The region has also been the target of cybercriminal gangs, one of which we uncovered and have codenamed PLATINUM. Based on our investigations, we know PLATINUM has been active since 2009 and primarily targets governmental organizations, defence institutes, intelligence agencies, and telecommunication providers in South and Southeast Asia. The group has gone to great lengths to develop covert techniques that allow them to conduct cyber-espionage campaigns for years without being detected.
Protecting Your Company Against Cyberattacks
The foundation to a robust cybersecurity posture is having strong IT and Internet hygiene processes as 90 percent of the common types of attacks and malware infection attempts are managed successfully with basic protocols. These include timely security patching, usage of a current and genuine operating system, access management, employee awareness and training as well as 24/7 monitoring of threats. With nothing calling 100 per cent security, every business must have an “assume breach” corporate posture, which enables an “active defense” strategy and investments to actively look for vulnerabilities, as compared to “passive defense”, which is mostly reactionary and delayed action.
Here’s a checklist of what organizations need to ensure they have a robust cybersecurity posture to withstand and respond effectively to most cyberattacks and malware infections:
- Keep your house in order: The question is not whether cyber-criminals are going to attack, it’s just a matter of when. That said, the usage of IT assets which are old, unprotected, or are non-genuine in nature, substantially increase the chances for a cyberattack. For example, pirated and counterfeit software are known to come with embedded malware infections. The case for having a strong IT (software & hardware) asset procurement, usage, maintenance and periodic upgradation is more critical than ever before.
- Start from within: Poor cyber hygiene of IT users, negligent employee behaviour or weak credentials/password protection within an organization, adds a high degree of vulnerability for system compromise. With more and more personal devices being used at the workplace, the higher the chance they are infected, including unprotected interconnected devices (Internet of Things) which can be easy targets for cybercriminals to inflict damage, like the Mirai botnet attack.
- Monitor all systems in real time: Invest in modern threat protection technologies to monitor, detect and remove common and advanced cyber threats in real time, and develop in-house expertise to undertake threat analytics. Some studies have suggested that the average time to discover a cyber threat from the time of infiltration in Asia-Pacific is 510+ days, which far exceeds the global average rate of 140-200 days.
- Trusted IT supply chain & regular review: Only use genuine, current and updated software – have a trusted supply chain across software, hardware, IOT, BYOD (bring your own device) and regularly review and assess cybersecurity investments and performance of both software and hardware deployment, including customer and vendor access to the corporate network.
- Having a Big Data culture: Develop a big-data analytics culture involving data classification, multifactor authentication, encryption, rights management, machine learning for behavioural analytics and log analytics to spot user anomalies and irregular/suspicious patterns, which could provide potential clues in advance to prevent impending or ongoing security breaches.
- Use a Trusted Public Cloud: Contrary to the misconceptions, a trusted public cloud provider brings to the companies a hyper-scale and enterprise-grade data security and privacy protection. Today’s public cloud data centers provide the deepest data security capabilities in a centralized way, which is not replicable (or financially prohibitive) in an individual enterprise environment. However, choosing a provider which has a global standing on providing a comprehensive security compliance and privacy certifications for its cloud services and data centers, including being transparent about its commitments, is the key. On the other hand, using trusted cloud services also reduces IT, security & privacy management, maintenance & compliance costs to very low levels.
Cybersecurity cannot be a piecemeal effort and each organization must have a 360-degree security framework. This includes having a comprehensive Protect-Detect-Respond posture and commensurate investments and resources, coupled with regular assessment and review of its cybersecurity practices to protect its identity, data, apps, devices and infrastructure.
For more details about Microsoft’s security innovations, please visit: https://www.microsoft.com/en-us/security/default.aspx
[i] Microsoft Security Intelligence Report provides 6-month worldwide threat assessments, covering over 100 countries and sharing individual country summaries of threat statistics and security trends. The report can be accessed at www.microsoft.com/security/sir.
This article has been published on Security Asia.