How some APAC organizations aren’t prepared to deal with 21st century cyber crime

In different parts of the world, the amount of governance and legislation covering data storage, treatment and dissemination is on the increase.

Once it was just the financial industry that had to bear the increased costs of extra data precautions; now most enterprises have to abide by the same levels of care.

Reasons for this raise of data governance standards differ from region to region, but in general, governments and transgovernmental organizations (such as the European Community) are slowly realizing data is the new currency of everyday life for the connected world.

This type of emphasis placed on how data is stored and managed can be regarded as a positive step: we all want to be safe online, and we’d rather not have our details, such as transaction histories, shared with anyone.

In government departments, across the financial sector and in other sensitive areas (such as healthcare), the leading effect of the higher ‘normal’ levels of data security is to push those sectors’ need for careful cybersecurity even harder. Where standards were once reasonable, data hygiene manners must become impeccable.

Cyber attackers are drawn to where the pickings are good – hacking is, of course, a type of business. And Asia and Australasia have some of the wealthiest countries per capita in the world. The region numbers among 16 of the world’s richest 50, according to the International Monetary Fund (IMF).

Therefore, the area is particularly prone to cyberattacks. And yet it is also one of the most susceptible regions to online infringements: typically data theft, data exfiltration and financial fraud.

It’s not just the region’s relative wealth that is behind these statistics. Some commentators have pointed to the transition the region’s made from a cash society to one that’s the keenest in the world to use electronic and contactless payments.

In Europe and the US, the population has been making the transition from cash to credit cards, to electronic payment over several decades. In Asia, the move to electronic commerce has taken only a few years: a single generation.

Additionally, individual larger companies in the region tend to dominate social, financial and other markets within a single ecosystem. In China, Tencent and Alibaba, in Japan, Line predominates.

While that centrification of mini-apps into a restricted number of “walled gardens” cannot be held to be valid right across the region (it’s a big area about which to generalize), the more conglomerated disruptors do hold proportionally more sway than in other territories.

Across Europe, for instance, different countries tend to favor different apps, and while socially, Twitter and Facebook dominate, those platforms (despite their increasing efforts) do not currently combine their core social media function with other apps such as ride-sharing, mini-loans, credit, insurance, mapping and so forth.

Hackers, therefore, find Asian targets highly attractive, as a single data exfiltration can, potentially, open up more illicit avenues than in some other territories.

Asian and Australasian companies, therefore, need to be especially mindful of their data security.

Like most aspects of business, many enterprises in the region have grown their cybersecurity mitigation & prevention measures organically. CISOs and CTOs may have sourced firewalling from one supplier, then added hardened load balancers as their online offering grew, for instance. Then, perhaps a WAF may have been added as apps transitioned to the cloud, and different security measures were taken as HR functions moved to the public cloud, finance departments’ changed software, and personnel changes invoked a specific IT security policy – and so on, as the company grew.

In some mid-sized enterprises, therefore, while the overall levels of cybersecurity can be held to be, in individual instances, adequate, there is often a lack of overarching control over the whole enterprise’s data protection measures.

In very small companies, protection can usually be sourced either from a single contractor or a unified network security device. In the enterprise space, the resources exist either to employ a global giant to look after data provenance, or to develop in-house resources both in people and systems.

For mid-sized businesses, however, a piecemeal approach to IT security tends to be more common. As companies of this size attempt to make the transition into the higher leagues, it’s often cybersecurity which gets forgotten. But the reality is that systems are left open to exploitation if cybersecurity mitigation systems are not unified, made overarching and are able to scale.

Here at Tech Wire Asia, we’ve looked at four suppliers of cybersecurity for medium-sized businesses.

CARBON BLACK

The Massachusetts-headquartered Carbon Black provides a range of cybersecurity measures designed both for end user companies of various sizes and an array of training and advice options.

Endpoint protection is a particular forté of the company, which offers a cloud-based endpoint protection system, Predictive Security Cloud. Endpoint Detection & Response (EDR) solutions are powered by monitoring systems which are manned 24/7, allowing human intervention at a moment’s notice, should an attack be detected.

Cb ThreatSight proactively hunts over internal networks and data flows, and can triage possible issues, with intelligence fed by the vast data arrays at the company’s disposal: this is big data leveraged for cybersecurity.

Endpoints can have their data retrieved and examined by security systems even if the node in question is offline: this means full traceability of incursions, so potential sources of infection can be plugged.

Carbon Black’s solutions were the only products able to stop 100 percent of NSS Labs’s Advanced Endpoint Protection (AEP) tests.

Additionally, the company’s offerings can add the necessary security facet of certain governance compliance requirements, such as the strictures in place in specialist industries, such as law and finance.

HORANGI

Meaning “Tiger” in Korean, Horangi offers a range of interconnected services specifically tailored for middle-tier enterprises.

Services include a range of assessments and training for organizations wishing to keep their cybersecurity facility in-house, and amongst these offerings, Horangi offers full systems architecture reviews and policy governance advice among its proactive offerings.

To ensure the best security practice, however, the company also offers a range of measures which center around three products.

Horangi Scanner works to ensure that app development adheres to the high-security standards at the levels of source code, APIs and web applications. Additionally, Horangi Scanner does what the name suggests – it actively searches networks, servers, and infrastructure for vulnerabilities, based on proprietary intelligence and open source information.

The Hunter tool is a cross-platform solution which collates data on individual machines, pulling together running process details, log files and evidence of suspicious activity, compiling its findings for presentation by Horangi Storyfier.

This final uniting element to the Horangi offering collates and correlates all cybersecurity information gleaned from across the business and presents it in a variety of ways, according to the intended audience in the enterprise. Findings can be fed back into Github or Jira projects to address technical issues, plus the technology will also undertake valuable competitor analysis so that users can see their standing in relation to other organizations.

BARRACUDA

As well as providing its customers with a range of backup services (bare metal and cloud-based) and email filtering technology, this cybersecurity provider also protects networks right from the point where the LAN meets the edge.

The company’s Load Balancing ADC (Application Delivery Controller) can be hardware or software-based, or is available as a cloud service, and allows larger enterprises to use clusters of technology to scale in real-time according to loads placed on their systems – especially important when running web applications.

The company also extends its protection to modern app deployments using web application firewall (WAF) technology, which brings the traditional firewall paradigm fully into the 21st century, protecting public facing cloud-based apps from infiltration or attack.

Barracuda’s solutions are such that, as situations change (for instance, at times of increased threat), additional layers of protection can be added seamlessly to all installations of the company’s solutions worldwide, with no installation of new hardware or application of security patches necessary by internal IT staff. All is seamlessly controlled and disseminated by, and from, Barracuda’s own security engines.

In this way, all of Barracuda’s clients, however big or small, can benefit from real-time updates which have germinated, potentially, in a single attack on the other side of the globe.

FIREEYE

FireEye is currently investing many millions of dollars moving its headquarters to Milpitas California, and its expected growth places it firmly amongst the larger players in the cybersecurity market.

The company offers discrete services in particular specialisms, such as endpoint security and forensics, and is happy to automate and integrate existing cybersecurity provisions in organizations, creating an overarching structure which it manages.

One of its services to its clients who are large enough to have their own IT staff is FireEye ThreatSpace, which allows technical staff access to a platform on which to assess and develop their cybersecurity skills.

FireEye advertises a cloud-based security-as-a-service product which, as well as comprising a significant technology base, also comes with qualified cybersecurity staff and FireEye’s collective intelligence-gathering capabilities, to protect the enterprise.

The company employs staff with highly specialized backgrounds in penetration testing and anti-hacking measures, as part of its credo is that it needs to stay up-to-date with the latest attack methods to effectively remediate risk for its clients.