Enterprise Security in Asia 2015

Screen Shot 2016-05-05 at 12.19.09 PM

The enterprise love affair with technology is showing no signs of dissipating. From bring-your-own-devices to the ever-present tipping point of the Internet of Things, the business world has bounced back from the financial crisis and is aggressively pursuing advanced enterprise architecture. A large proportion (65%) of businesses are now using cloud technology of some sort. In fact, so ubiquitous is cloud now that the debate has evolved from public vs private to customized cloud solutions on a per case basis.

The democratization of cloud across the enterprise has heralded in a new era of consumer interaction with businesses, one that is defined by the sheer scale of information that organizations now hold about their customers, their purchases, and each other.

How big is this “big data”? There are now more than 2 trillion objects stored in Amazon S3, which equates to five objects for every star in our known galaxy.

That is a phenomenal amount of information, and a figure that is only being augmented by the evolution of apps. The shift in consumer expectations around apps has caused dissolution of the traditional enterprise infrastructure perimeter. Increased mobility and investment means applications are migrating to the cloud, which is in turn heralding a brave new world of connectivity, interaction, data and analytics.

The Ugly

Business success has always been a breeding ground for criminal activity, and today’s hyper connected, cloud-based society is the perfect environment for nefarious activity to evolve and thrive. The ugly truth is that as fast as enterprises are investing in their network infrastructures, cyber criminals are finding new and innovative ways to attack, breach and steal.

The wealth of information stored on corporate servers, whether locally or in the cloud has made them a lucrative target for anyone wishing to access valuable data. From customer credit card numbers to employee details to proprietary business information, data is power.

The very distributed and disparate nature of today’s widespread cloud computing solutions makes it increasingly difficult for enterprises to maintain rigorous oversight of their information. CIOs who previously oversaw a closed, local infrastructure are now dealing with corporate information stored over countless devices, 3rd parties and jurisdictions.

The result is a bonanza of opportunity for cybercriminals. In 2014 alone, 42.8 million security incidents were detected by businesses, up 48% from 2013. This equates to some 117,339 incidents a day, or almost 5,000 incidents every hour.

Last year the Hong Kong Productivity Council announced a 52% surge in cyber security incidents, and identified over 8,300 “invisible bot machines” in Hong Kong in the fourth quarter of 2013.

There’s also the noticeable rise in more sophisticated schemes such as ransomware, particularly the increasingly abundant crypto ransomware. Usually deployed through phishing emails, the malware encrypts user files and demands payment (usually via Bitcoin) in return for the decryption key to recover the data.

The Hong Kong Computer Emergency Response Team Coordination Center (HKCERT) has seen a spike in such incidents in recent months, and is now alerted to at least five incidents a month, although the true figure is thought to be much higher.

The motives behind this swell in cybercrime isn’t always for financial gain either. While the Sony Pictures and JP Morgan breaches grabbed headlines last year for the leaking of vast amounts of personal data, Asia has recently found itself the target of political activism. Occupy Central in Hong Kong caused hacker groups, the media and governmental organizations to trade digital blows while DDoS attacks rose to their highest level in years during the Popvote.

The Bad
Cybercrime is estimated to cost the global economy US$455bn. Criminals are evolving faster than many enterprise risk strategies. The bad news is that DDOS attacks are getting larger in scale and audacity across APAC, targeting ever larger amounts of data and not differentiating between SMEs and global multinationals. Businesses today are playing a cat-and-mouse game with criminals, one the criminals are becoming increasingly sophisticated at winning.

The largest cyberattacks in history were DDoS attacks on independent media sites in Hong Kong during the Occupy Central referendum votes in June 2014, which peaked at 500 Gbps. In fact, increasingly powerful botnet attacks have helped drive the scale of DDOS attacks up 115% since 2011. And, criminals aren’t just getting more sophisticated, they are getting hungry too. More than 1 billion data records breaches were recorded worldwide from just 1,500 attacks in 2014.

There is a real sense that the “wild west” days of the early internet have come full circle, and the enterprise is now in a position where it has rushed to adopt cloud technology without fully planning its security and risk strategy. The problem is that the margin for error in the cutthroat corporate world is thinning all the time, and one mistake can mean the difference between leading the market and fading from it completely. As long as there is valuable data stored in cloud-based platforms, there is a risk that it will be targeted by cybercriminals.

The Good
The World Economic Forum predicted in January 2014 that delays in adopting cybersecurity capabilities could result in a loss of $3 trillion in economic value by 2020 globally. Attacks will increase in sophistication and breaches will grow more severe and more devastating.

The good news is that effective solutions do exist. F5’s new Silverline service is built to ensure organizations across APAC remain safe from DDoS attacks and business continues as usual.

It employs a network of scrubbing centres around the world to ensure that attacks are mitigated and data integrity is maintained through a unique, powerful hybrid architecture.

Enterprises also benefit from F5’s Security Operations Center facility, which houses a team of highly specialized security researchers and analysts to provide up-to-date global intelligence.

When coupled with the new Silverline Web Application Firewall offering, business can now safely and securely manage a full portfolio of on-premises, cloud, and hybrid security services.

NO COMMENTS