Over the past decade, there has been a dramatic increase in cyberthreats with a new generation of cybercriminals infiltrating IT environments and devices for financial gain. Patient, skilled and frequently stealthy, this new breed of hackers has cost the global economy over US$450 billion in 2016.
The global WannaCrypt or WannaCry ransomware attack was a severe wake-up call for everyone, heralding what might potentially be a new dawn of cyberthreats. Less than a month after the WannaCry pandemic, a South Korean web hosting firm was hit by a ransomware attack and ended up paying US$1 million in ransom to the cybercriminals.
However, this is not the first time that trust has come under attack. Each time we are faced with this, we – individuals, organizations and governments – come together collectively to formulate our response and use technology and the law enforcers to deal with this challenge.
Our response is crucial to how we embrace and prepare for an inevitable digital world. Today, we are setting the foundation blocks for a stronger defence against cybercriminals in hyper-connected cities.
In June, Microsoft’s annual Cyber Trust Experience event highlighted our company’s contribution and approach in this area. Held in the Transparency Centre and Cybersecurity Centre in Singapore, we hosted 20 technology and business journalists from across the region. This full-day session provided the attendees with an in-depth look at our key security initiatives, latest insights on the Asia Pacific’s threat landscape, and how organizations and individuals can better protect, detect and respond to security threats.
Let us look at some of the highlights from the event:
Achieving trust and compliance in the global cloud
Jeff Bullwinkel, Associate General Counsel and Director of Corporate, External and Legal Affairs, Microsoft Asia Pacific and Japan, delivered this year’s keynote. He discussed how the cloud is powering the 4th Industrial Revolution, why every business will be a cloud business, and how a lack of trust in the post-Snowden world is holding back the development of the cloud.
Jeff highlighted how Microsoft was looking to rebuild a new and stronger foundation of trust for the cloud. He also elaborated on each of the element in our trust framework – security, transparency, privacy and compliance – and reiterated Microsoft’s commitment to protect customers.
Insights and learnings from today’s cyberthreat landscape
Helming the second keynote of the day was Keshav Dhakad, Assistant General Counsel and Regional Director, Digital Crimes Unit (DCU), Microsoft Asia. He discussed the evolution of cyberattacks and how cybercriminals’ motivation is evolving from mischief to profits to causing damage and disruption, as well as the implications of this shift.
Keshav elaborated on the cyberattack techniques that hackers use and highlighted key learnings that individuals and organisations need to be aware of in the wake of the recent WannaCrypt attack. He concluded his session with a live demonstration of the DCU’s Cyberthreat Intelligence Program, which showed the real-time data of malware and attacks that are being tracked in Asia Pacific.
Pirated software fueling malware infections in Asia
The morning segment ended with the unveiling of the findings from the National University of Singapore (NUS) study on the cybersecurity risks from non-genuine software. The results and insights of this Microsoft-commissioned research were delivered by Dr. Biplab Sikdar, Associate Professor, Department of Electrical and Computer Engineering, NUS.
Key findings of the research include:
- 100% of tested torrent hosting websites opened with multiple popup windows with suspicious advertisements.
- 92% of new and unused computers that had pirated software installed were pre-infected with malware.
- Infected CDs and DVDs with pirated software contained an average of five pieces of malicious programs, with some containing as many as 38 malware instances in just one disc.
Dr. Sikdar shared how pirated software is being used by cybercriminals as an effective vehicle to spread malware and why they can enable hackers to exploit computer vulnerabilities and bypass breach security measures with ease. He also illustrated the specific risks that users expose themselves to when using non-genuine software. He closed his presentation with best practices that individuals and organizations can follow to safeguard themselves.
Securing a modern enterprise
Michael Montoya, Chief Cybersecurity Advisor, Microsoft Asia, kicked off the afternoon segment with his keynote on the evolving cybersecurity challenges that organizations faced today and how organizations can strengthen their cyber defense, improve detection capabilities, and respond better to threats and incidents.
Michael observed that threats are increasing in volume and sophistication and organizations need to recognise that it is impossible to stop all cyberattacks. As such, they will need to balance investments across prevention, detection, and response. Michael shared, in detail, how Microsoft can bolster the enterprises’ security posture through a comprehensive platform, unique intelligence, and broad partnerships.
Cybersecurity as a board issue
After hearing about enterprise security insights and technologies from Michael, the journalists had the chance to learn more about the attitude and perception that the C-level executives have towards cybersecurity from the other external speaker we invited for this year’s Cyber Trust Experience – Daryl Pereira, Head of Cyber Security, KPMG in Singapore. His presentation focused on global and regional cybersecurity trends, including cyberattack being ranked the top-three corporate risk priority globally and how CEOs in Asia Pacific are not as prepared for a cybersecurity incident as their counterparts in the US and EU.
Daryl said three in four CEOs today see investment in cybersecurity as an opportunity to find new revenue stream and innovate, and he elaborated on how organizations can bolster their security stance using KPMG’s Cyber Maturity Assessment framework. Lastly, he shared several guidelines that board and C-suite executives can follow to better protect their organizations.
Building a national strategy for cybersecurity
Jeffrey Avina, Regional Director, Government Affairs, Microsoft Asia Pacific & Japan, delivered the day’s final address, which was on cybersecurity developments at the government level. He spoke about the impact of cyberattacks and how they are not only causing massive financial losses, but are also capable of curtailing innovation, undermining trust and disrupting vital operations that keep our daily lives going.
Jeffrey shared seven practices that governments can consider when building a national strategy for cybersecurity. On top of investing in research and technology, educating the public and building up incident response capabilities, Jeffrey discussed the importance of establishing cybersecurity priorities and identified several elements that regulators and infrastructure providers need to pay attention to when managing the risks of a nation’s ICT ecosystem.
Trust is at the core of Microsoft
The speakers touched on a diverse range of cybersecurity topics throughout the Cyber Trust Experience event, but building trust was the common theme that permeated across all the sessions. This enormous focus on trust reflects its importance for Microsoft. It is at the core of our mission of empowering every person and every organization on the planet to achieve more.
People don’t use technology they don’t trust. To achieve our mission and enable digital technologies to play a positive and larger role in our lives, Microsoft is taking a principled approach with strong commitments to make sure that our customers can trust the digital technology that they use today and will use tomorrow.