Constant vigilance: 5 of the biggest digital security threats to watch out for
IN 2015, India was named as the ransomware capital of Asia, after a Symantec report ranked it 9th among the list of countries most heavily-impacted by ransomware worldwide. The problem initially spread through the gaming community – soon, businesses became a viable and more profitable target.
This underscores the growing concern about digital security that both individual users and business organizations need to address. Web security is among the more contentious aspects of the digital security business. Users often prefer the convenience and efficiency that quick access to online services can offer, but many are oblivious to the potential risks. For example, while cloud services are generally advertised to be secure, there are still attack vectors that malicious parties can deploy to gain access to data.
This is hardly news for technology companies in the region. However, both big enterprises and small businesses should keep vigilant about the state of their organizations’ security. Even the weakest link in the chain can cause their downfall.
Here are some potential threats to look out for:
With the increasing amounts of data that users share with service providers, there is always the danger of this information falling into the wrong hands. Unfortunately, the more convenience we gain online, the more we also expose to potential breaches. This includes private and identifiable data like email addresses, telephone numbers, home addresses, credit card numbers and more.
— Varonis (@varonis) July 19, 2016
With businesses running their operations on virtual infrastructure, IT managers potentially have reduced control over their physical servers – so the best course of action would be to subscribe to capable and reputable providers who can vouch for the security of data.
However, this is hardly a comfort. In the recent years, we have witnessed huge data breaches, including the 2013 breach of Yahoo! Japan, which exposed over 20 million accounts. Given that personally-identifiable information can be connected across different services, users should be wary that their digital assets could already be floating in the deep, dark corners cyberspace, ready to be sold to the highest bidder.
Picture your office computers as , perpetrating distributed denial-of-service (more on this later) attacks on different servers across the world. This is growing to be a valid concern, especially with the popularity of app and media downloads. Even innocent-looking websites can stealthily install backdoor Trojan viruses as you browse them.
This goes for both desktop and mobile devices. Take for example, Coolpad, a smartphone manufacturer in China. Last year, it was discovered that its smartphone had a big security flaw that enabled its OS to download apps, send and receive calls, and manage messages on behalf of the company. It also uploaded user data to the company’s servers without consent.
Distributed Denial-of-Service (DDoS)
DDoS has been the weapon of choice for groups as amateurish as script kiddies, online hacktivists and even rogue states. In 2015, DDoS attacks grew by 180 percent, and it is still the most popular type of cyber attack vector.
The repercussions can be serious, and it can cause a halt in services for days on end. The attack on Thai government websites earlier this year, for example, made services inaccessible for at least an entire day.
Of course, the contention here is that even simple traffic spikes can cause overloads and outages. It is then the responsibility of the service provider to ensure a highly-capable infrastructure that can stand up to both malicious attacks and organic spikes.
Baidu, one of China’s bigger social media services by subscriber count, recognizes the need to beef up its infrastructure. It acquired a local startup called Anguanbao last April, which specifically fights DDoS.
The issue of ransomware is so bad that it has become a profitable black market business in cyberspace. Ransomware developers (who operate in groups) distribute their code to unsuspecting users through seemingly legitimate apps, which can render entire computer systems inaccessible.
One such example is TeslaCrypt, which locks users out of their data until they pay the developers a ransom to decrypt the contents of their own hard drives. The TeslaCrypt ransomware has since closed shop, although dozens of others still thrive. The so-called malware-as-a-service industry could potentially be worth millions, by some estimates.
Digital fraud remains among some of the more difficult attacks to fight against, especially since it involves the human factor. This involves anything from marketing scams to the sale of stolen PayPal accounts and credit card information.
Fraud has become such an issue that Chinese authorities announced it will assign police officers to the country’s biggest Internet service providers just to monitor and weed out potential fraud, and continue to warn developers against such illegal activities. Again, this underscores the delicate balance between achieving a safe and secure internet, while ensuring freedom of speech and information.
PriceWaterhouseCoopers analysts estimate the global cyber insurance market to grow to US$5 billion in premiums this year and US$7.5 billion by 2020. The ever-increasing demand for data, coupled with the rise of IoT, means that organizations need to be very vigilant about the integrity and security of their data and digital assets. The question is how to achieve this with just the right amount of effort and investment.