EDITOR ’ S QUESTION
HOW SHOULD APAC ORGANIZATIONS RESPOND AND STEP UP TO PROTECT THEIR CRITICAL DATA AND ASSETS ?
GEORGE MOAWAD , ANZ COUNTRY MANAGER AT GENETEC
While most of the world has
been in some form of lockdown over the last few months , cyberattackers have certainly not been taking a break .
While 2019 was the worst recorded year for global data breaches , with 1.5 billion data breaches , up 284 % on the previous year , 2020 sadly looks set to eclipse these figures thanks to the shift to remote working which left many systems more exposed with remote connections .
In April alone , the number of devices worldwide exposing Remote Desktop Protocols ( RDP ) to the Internet increased by over 40 %. This is problematic because RDP has a history of security issues and requires additional protective measures , which were likely to have been overlooked in the scramble to maintain business as usual as the region went into lockdown .
We ’ ve already seen a spike in phishing and fake COVID-19 apps poisoned with ransomware , as well as an increase in the number of state actors leveraging the pandemic crisis to further their own aims .
In APAC this was most evident when in June Australian Prime Minister Scott Morrison announced that organizations , including government and businesses , were being targeted by a sophisticated foreign ‘ statebased ’ hacker . Meanwhile in the Ukraine , a fake email purporting to be sent from the country ’ s Ministry of Health , which was in fact sent from outside the country , about confirmed Coronavirus infections caused riots across the country .
“
WE ’ VE ALREADY SEEN A SPIKE IN PHISHING AND FAKE COVID-19 APPS POISONED WITH RANSOMWARE , AS WELL AS AN INCREASE IN THE NUMBER OF STATE ACTORS LEVERAGING THE PANDEMIC CRISIS TO FURTHER THEIR OWN AIMS .
However , daunting these external threats may be , in my opinion the biggest threat to the CIO actually comes from within the organization itself in the form of a ‘ set and forget ’ mentality . A single unsecure device such as a security camera with a default password or out of date firmware is all it takes to give a foothold for malicious activity which could put the entire organization at risk .
Don ’ t discount the seriousness of this example either : our own research conducted last year found that as many as 68 % of security cameras had out of date firmware , with more than half of these containing a known vulnerability . In other words , 37 % of the cameras were vulnerable to a cyberattack . That ’ s way too many .
I ’ d also recommend CIOs keep an eye on a tangential emerging threat – the rise of what we refer to as ‘ cyber extortion negotiation services ’ from insurance companies .
This is actually a new form of insurance which covers the costs for negotiators to liaise with hackers to reduce ransomware demands .
While this may be seen by some as a ‘ good ’ option for business , it ’ s worth keeping in mind that these services may incentivise cybercriminals and , accordingly , increase the operational , reputational and human cost of these types of crippling attacks . Forewarned is forearmed – don ’ t take chances .
32 INTELLIGENTCIO www . intelligentcio . com