Four cyber security predictions for 2017
2016 was a challenging year for organisations particularly as cyber adversaries achieved high-profile success, mainly with ransomware.
Being aware of security concerns doesn’t mean avoiding new technology altogether. It’s about being sensible and trying to stay ahead of cybercriminals by understanding current and potential threats and what can be done to mitigate the risk.
Here are four predictions for 2017.
1) Industrial control systems may turn against you
Industrial control systems (ICS) are an integral part of any business, especially in Asia-Pacific.
Most businesses outsource their building management requirements so they don’t necessarily know whether the third-party provider has adequate security in place. It’s not impossible for a malicious actor to execute an attack that could cause significant damage.
For example, an attacker could turn the heating up in a company’s server room or data centre to 50°C and then disable all the building access points so no one can get in to physically remove hardware to a safer location. The hardware would eventually overheat, causing significant disruption to a business, its customers and its partners.
What you need to consider:
Organisations need to gain an overarching view of their potential weak spots through third parties as well as their own network. Additionally, they need to put a plan in place that would help counter any potential attacks.
Have you checked what non-IT equipment your business depends on and what security they have enabled? Are they connected to the internet, managed by a third party?
When outsourcing to a third party, what level of security assurance do they have in place? Are they able to provide information to you on how they secure themselves and, ultimately, how they secure and manage your network and systems?
2) The Internet of Things (IoT) devices will be a target for cybercrime
Market research firm Gartner predicts that the number of connected ‘things’ will rise from 6.5 billion in 2015 to almost 21 billion by 2020.
Connected devices will also be a target for cybercrime, even more so because people place enormous trust in third-party vendors being safe. These endpoint devices provide thousands of potential entry points to an organisation’s network. They need to be secured. In 2016, we saw the first real challenges appear where compromised devices were connected together in a botnet to launch attacks against banks and key parts of the internet infrastructure.
What you need to consider:
It is important to understand that the IoT is not a possibility or a project of the future – it is a current reality. Make a point to ask suppliers involved in security assurance how they can assure the security of the devices they provide.
Any devices using factory settings for security are simply asking to be compromised. IT managers must change those standard administrator passwords to avoid being targeted.
These devices should also be regularly checked to see if they adhere to the company’s security policy.
3) We may see a ransomware vortex with a nasty surprise
Ransomware involves attackers locking up a business’s data and demanding a ransom for its release. If you thought 2016 was bad for ransomware – where attackers access data and ransom it back to the victim – then 2017 will be worse. We can expect to see a higher attack volume, using more sophisticated technologies. If the discovery of Locky ransomware was anything to go by, financial malware will continue on an upward trajectory in 2017.
What you need to consider:
If you have fewer than 72 hours to respond, do you have a comprehensive backup strategy and response ready to counter these attacks?
When was the last time you tested and verified the backup? Have you applied basic file blocking to prevent threats from entering your organisation?
4) We will have serious data trust issues
People will continue to be too trusting or fooled into thinking something is safe when it really isn’t. For example, confidential data can be exposed, or made available, that looks like it comes from an organisation, when it was actually planted by a malicious party. Either way, there’s a business reputational risk and a monetary price to pay.
So What Can Be Done?
Businesses need to look at two key things: where their sensitive data resides and what data is critical to the business to operate
Who amongst our employees has access to our sensitive data? Simply knowing who has access to documents or big data stores stops short of understanding to what they have access.
A key way to reduce risk to sensitive information is to also understand how the data is protected. Is there protection in place, and does it meet the right level to mitigate risk for something that could be mission-critical to a business?
Sean Duca is VP and Regional CSO, Asia Pacific, at Palo Alto Networks
Why Alibaba Cloud is doubling down in Southeast Asia
Alibaba has announced expansion of its cloud business within Southeast Asia, with the introduction of a digital upskilling programme for locals alongside acceleration of its data centre openings.
This doubling down of its cloud business in Southeast Asia comes as the company faces stiff competition at home in China from rivals including Pinduoduo Inc and Tencent and seeks to up its game in a region considered to be the fastest-growing in cloud adoption to compete with leading global cloud providers AWS, Google and Microsoft.
Alibaba Cloud, the cloud computing arm of Chinese e-commerce giant Alibaba and second biggest revenue driver after its core e-commerce business, finally turned profitable for the first time in the December 2020 following 11 years of operation, thanks largely to the pandemic which has spurred businesses and consumers to get online.
Southeast Asia growing demand for cloud
In 2020, there was a noticeable increase in interest towards cloud in SE Asia, with the population embracing digital transformation during the pandemic and SMEs across the region showing increased demand for cloud computing.
Such demand has led to the expectation that Southeast Asia is now the fastest-growing adopter of cloud computing with the cloud market expected to reach US$40.32bn in Southeast Asia by 2025 according to IDC.
And there are plenty of players vying for a slice of the cloud pie. While AWS, the cloud arm of Amazon, is the leading player in Southeast Asia (and across all of APAC apart from China), Microsoft and Google are the next two most dominant players in Southeast Asia with Alibaba coming in fourth.
“There is no doubt that during the past year we have seen the acceleration of digital transformation efforts across all industries,” explains Ahmed Mazhari, President, Microsoft Asia. “Asia now accounts for 60% of the world’s growth and is leading the global recovery with the digitalization of business models and economies. Cloud will continue to be a core foundation empowering the realization of Asia’s ambitions, enabling co-innovation across industries, government and community, to drive inclusive societal progress.”
Alibaba’s commitment to Southeast Asia
At its annual Alibaba Cloud Summit, the Chinese company announced Project AsiaForward, an initiative designed to upskill local developers, small-to-medium-sized companies and connect businesses with venture capital. Alibaba said it would set aside US$1bn over the next three years to develop digital skills in the region, with the aim of helping to develop 100,000 developers and to help grow 100,000 tech startups.
But that’s not all. The company, which recently opened its third data centre in Indonesia, serving customers with offerings across database, security, network, machine learning and data analytics services, also announced it would unveil its first data centre in the Philippines by the end of 2021.
Furthermore, that it would establish its first international innovation centre, located in Malaysia, offering a one-stop shop platform for Malaysian SMEs, startups and developers to innovate in emerging technologies.
“We are seeing a strong demand for cloud-native technologies in emerging verticals across the region, from e-commerce and logistics platforms to FinTech and online entertainment. As the leading cloud service provider and trusted partner in APAC, we are committed to bettering the region’s cloud ecosystem and enhancing its digital infrastructure,” says Jeff Zhang, President, Alibaba Cloud Intelligence.
What other cloud providers are pledging in the region
This pledge by Alibaba to upskill both individuals and businesses follows Microsoft’s announcement in April that it was planning to upskill Malaysia’s population and would invest US$1bn over the next five years to build a new data centre centre in Malaysia.
This is the latest in a long line of pledges to the region by the US tech giant, which is fast accelerating the growth of its cloud datacenter footprint in Asia, expanding form seven 11 markets, and recently adding three new markets across Asia – Malaysia, Indonesia and Taiwan. Back in February, it announced plans to establish its first datacenter region in Indonesia and to skill an additional 3 million Indonesians to achieve its goal of empowering over 24 million Indonesians by the end of 2021.
And recent research by IDC shows that Microsoft’s most recent datacenter expansions in Malaysia, Indonesia and Taiwan alone are set to generate more than US$21bn in new revenues and will create 100,000 new jobs in the next four years.
Also last month, Tencent announced it has launched internet data centres in Bangkok, Hong Kong, Tokyo to add to its second availability zone opened in Korea last year and plans to add an internet data center in Indonesia, and Google has also been pushing into the enterprise space in Southeast Asia for several years now.
Expanding data centers allows cloud providers to boost their capacity in certain countries or regions.