Tag: Cybersecurity

Cybersecurity in Hong Kong: Challenges & Solutions

Is your company ready to face tomorrow’s cyber risk?

69% of Hong Kong CIOs say that the number of detected security threats has increased compared with 12 months ago, Robert Half’s report showed.

With the surge in remote work due to the pandemic and the rise of security threats, companies need to rethink their security strategy.

Accenture highlights key measures for success in cyber resilience: stop more attacks, find and fix breaches faster, and reduce breach impact. They also identify the leaders and laggards in cyber resilience, concluding that leaders prioritize moving fast, choose turbocharging technologies, scale more. More importantly, they also train their staff more and collaborate more to increase the value of innovative technology.

However, how does the digital defence fortress look like among data centres? With the emergence of cloud computing, how could businesses be better equipped so that they are ready to secure their networks from attackers? What characterizes an efficient IT security strategy?

To answer these questions, we turn to experts. Tune in tomorrow for W.Media’s panel discussion on Cybersecurity in Hong Kong: Challenges & Solutions on April 21, 2021.

Registration for Digital Week is free and we are adding content to our event platform each day, so sign up today to get the most out of your Digital Week experience

JOIN W.MEDIA AT DIGITAL WEEK

KR | CH | JP | TW | HK

When: 20-22 April 2021

Where: Online

Digital Week is returning to do a deep dive into the Cloud & Datacenter industries of FIVE new markets: Korea, Mainland China, Japan, Hong Kong, and Taiwan. Join us as we bring together 2500+ IT leaders from across Northeast Asia, covering everything from sustainable infrastructure to cloud security to digital transformation. Digital Week lets you expand your network and engage with new markets from wherever you are.
Want to learn more about these exciting developments in data and IT? Start connecting with peers and access exclusive pre-show content when you Register Today for Free!

Tags Cybersecurity, Tech Strategy

Credit: JC Gellidon

Cybersecurity budgets cannot be compromised in a crisis: KPMG

Cyber cost optimisation is essential throughout a disaster, KPMG in Malaysia highlights, noting that corporations ought to revisit their general value effectivity and increase investment in cybersecurity as a necessary part of their digital transformation plan.

The financial uncertainty amidst the present pandemic has led to rising pressures for organisations to comprise prices.

These budgetary issues also apply to cybersecurity spending, which is usually reduced despite the ever-present risk of cybersecurity breaches.

According to KPMG Malaysia, an important part of corporations’ digital transformation plan is to revisit their general value effectivity and bolster funds channeled to cybersecurity.

Instead of investing in the newest expertise, KPMG emphasized the importance of strategically investing in a strong cyber protection function.

“Achieving value effectivity whereas sustaining sturdy cybersecurity controls is a posh job at the most effective of occasions, and much more so in the midst of a pandemic,” KPMG’s Cyber head Jaco Benadie noticed.

“While organisations considerably elevated their investments into digital adoption final 12 months to deal with the brand new regular, cybersecurity are usually relegated as an afterthought in favour of enabling buyer engagement on-line and enhancing worker mobility.”

A global threat intelligence exchange network Kaspersky reveals that it has detected a 33% rise in web threats in the country last year.

Amongst the noticeable factors behind the uptrend of web threats in Southeast Asia were the web-skimmers, which is a form of internet or carding fraud where a payment page on a website is compromised has grown by about 20%. The majority of the web threats were targeted at home users in Malaysia, 17.7%, whereas business users at 7.1%.

Citing a current incident in January, a hacktivist group had threatened to hack authorities web sites and on-line belongings, Benadie added that the federal government’s initiative to extend cybersecurity uptake amongst companies using the Malaysia Digital Economy Blueprint is definitely well-timed and showcases their dedication to double down in opposition to cyber threats.

“Not solely do organisations face mounting value pressures on account of prolonged restricted motion management orders, in addition, they want to make sure their safety can defend in opposition to adversaries within the evolving risk panorama.

“This in fact implies that they’ve to make sure they make investments adequately and are capable of strike the best steadiness of their budgets.”

JOIN W.MEDIA AT DIGITAL WEEK

KR | CH | JP | TW | HK

When: 20-22 April 2021

Where: Online

Tags Cybersecurity

Acronis acquires Synapsys, a long-time partner in South Africa.

Acronis acquires South Africa’s Synapsys to fortify cybersecurity standing

Singapore-bred, Swiss-incorporated cybersecurity giant Acronis has announced the acquisition of its long-time South African partner Synapsys, making it the company’s fourth acquisition in the past 18 months.

Synapsys is the distributor of Acronis’ Cyber Protection Solutions in South Africa and across the African continent. The company works with a network of distributors, resellers, and managed service providers (MSPs) to make product and service offerings for Acronis.

Serguei ‘SB’ Beloussov, Founder and CEO of Acronis, said that this acquisition will give users direct access to the company’s technology and support.

“Africa is becoming a strategic growth opportunity for Acronis and acquiring Synapsys provides us with a permanent presence on the continent. The move is beneficial for Acronis, the African MSP channel, and the organizations and users that need to safeguard their workloads and systems against the modern threat landscape,” he explained.

The acquisition is also in line with Acronis’ ongoing Global/Local Initiative, which aims to provide expanded in-country access to the company’s worldwide resources.

Synapsys Managing Director Peter French added that clients can look forward to a closer relationship with Acronis that will boost the cybersecurity ecosystem in the region. Upon the acquisition, French will also now serve as Acronis’ General Manager for the Middle East/Africa market.

Tags Singapore, Cybersecurity, Switzerland, Acronis, Synapsys, South Africa

Credit: Steven Lasry

Singapore government rolls out new cybersecurity programs for critical information infrastructures

Singapore is developing programmes to establish cybersecurity standards and minimize cyber risks across the supply chain for government sectors with sensitive data.

This primarily involves Critical Information Infrastructure (CII), referring to 11 sectors responsible for the delivery of the country’s essential services, including government, energy, and healthcare.

The program, called the CII Supply Chain Programme, will involve the Cyber Security Agency (CSA), CII owners, and their vendors.

It is a continuation of Singapore’s Cybersecurity Masterplan 2020, which outlines new policies for a more secure and trustworthy cybersecurity ecosystem.

Managing risk across the supply chain

Announcing the program on Mar 2, Senior Minister of State for Communications and Information Janil Puthucheary noted that while all CII owners are currently required to maintain a mandatory level of cybersecurity under the Cybersecurity Act, most organizations engage vendors to support their operation.

“Therefore, we also need to manage cybersecurity risks across the supply chain,” he said in Parliament. This requires infrastructure owners to have a better understanding of their vendors to identify systemic risks and improve their level of “cyber hygiene”.

It will provide recommended processes and sound practices for all stakeholders to manage cybersecurity risks in the supply chain, said Dr Puthucheary.

The Ministry of Communications and Information (MCI) noted that the CII Supply Chain Programme will help infrastructure owners develop guidelines to enable them to better understand and manage their vendors, such as by ranking them according to their cybersecurity posture.

More details on the programme will be announced in the third quarter of this year, MCI said.

Zero-trust cybersecurity posture

“In the longer term, our CII sectors and companies will also need to adopt a zero-trust cybersecurity posture,” he added, this is necessary to defend against supply chain attacks by “highly sophisticated threat actors”.

“In concrete terms, this means that CII owners should not trust digital activity in their networks without verification. They should also authenticate continuously, detect anomalies in a timely manner, and validate transactions across network segments,” added Dr Puthucheary.

Resources to strengthen the digital fortress

Separately, CSA will support companies in strengthening their cybersecurity with the launch of the SG Cyber Safe Programme, as part of the Safer Cyberspace Masterplan.

“First, we will provide informational resources and educational material for key roles including C-suite executives, cybersecurity teams and frontline employees, based on their specific roles and knowledge needs,” said Dr Puthucheary.

An employee cybersecurity toolkit will be introduced by the end of this year.

Cybersecurity “Trustmark” for firms

CSA will also introduce a voluntary Cyber Safe Trustmark for enterprises that have achieved a high standard of cybersecurity.

The industry consultations on the specifics of the trustmark to begin in April, and it is expected to be introduced by early next year, he added.

A recent survey has shown that there is a widening gap between cybersecurity needs and capabilities. For CII, this exposes the availability of the essential service in Singapore to hacking threats.

Singapore’s success in digitalisation has exposed new vulnerabilities, which will only grow as technologies evolve and become more complex, said Dr Puthucheary.

The Cyber Security Agency of Singapore (CSA) reported that 9,430 cybercrime cases were reported in 2019, accounting for 26.8% of overall crime in the island state.

As Singapore continues to equip itself to become Asia’s post-pandemic digital hub, it needs to ensure the “companies and people to be aware of the risks, vigilant of their manifestations, and make informed choices to protect our safety”, he added.

JOIN W.MEDIA AT DIGITAL WEEK

KR | CH | JP | TW | HK

When: 20-22 April 2021

Where: Online

Tags Singapore, Cybersecurity, Security, Supply chain

Credit: Chris Liverani

64% of Singapore workers share critical data via messaging apps: Veritas

While 24 per cent were reproved, 75 per cent said they will continue the use of these tools

64 per cent of Singapore office worker employees have admitted to sharing sensitive and business-critical company data using instant messaging (IM) and business collaboration tools. However, Singapore workers still have better cybersecurity hygiene than other countries in the APAC region, found a survey by Veritas Technologies, a global leader in data protection.

The Veritas Hidden Threat of Business Collaboration Report, which polled 12,500 office workers across ten countries, including 500 from Singapore.

Among all the workers surveyed, 54 per cent are saving their own copies of the information they share over Instant Messaging apps, while, conversely, 53% of knowledge workers delete it entirely. Either approach could leave companies open to significant fines if regulators ask to see a paper trail.

Sensitive data being shared by employees on these channels includes client information (15%), details on HR issues (13%), contracts (13%), business plans (12%), and even COVID-19 test results (10%), with only 36% employees suggesting that they hadn’t shared anything that could be compromising.

The research also reveals that, while employees are using collaboration tools to close deals, process orders and agree pay raises, many are doing this despite believing that there will be no formal record of the discussion or agreement. In fact, only 52% thought that the businesses they worked for were saving this information.

Andy Ng, Vice President and Managing Director for Asia South and Pacific Region at Veritas Technologies, said: “Many businesses have been caught off guard by the global pandemic at the start of 2020. To minimise work disruptions and keep up with the new work model, companies are rushing to bolster their data protection and discovery strategies to include the platforms where their business is actually being done.”

Indeed, due to the sudden shift to online working during the pandemic, a significant amount of business is now being conducted as routine on these channels and employees are taking agreements as binding. For example, as a result of receiving information over messaging and collaboration tools, 24 per cent of employees have accepted and processed an order, 20% have accepted a reference for a job candidate and 18% have accepted a signed version of a contract.

Sensitive data is being shared on these tools in spite of the fact that 24 per cent of knowledge workers have been reprimanded by bosses for their use of them. These admonishments may have been in vain, however, as 75 per cent of all workers responding to the survey said that they would share this kind of information in the future.

Ng said: “Our message to bosses is simple: don’t fight it – fix it. It is proving to be an uphill battle to restrict employees to ‘approved’ methods of communication and collaboration tools. It will be more effective to adopt proactive measures that will help to regain control of information sharing.”

IM apps trusted nearly as much as emails

The ability to archive business discussions as evidence is crucial to ensuring that an agreement is binding. However, many workers do not appear to trust methods of communications based on this ability.

In the survey, email is viewed as the most reliable affirmation of an agreement at 98 per cent, followed by written letter at 95 per cent and electronic signature at 93 per cent.

Worriyngly, IM was still trusted by 93 per cent, SMS text by 90 per cent and WhatsApp by 87 per cent. 63 per cent even viewed social media as reliable proof that something has been agreed

Ng said: “With work-from-everywhere, business data is sprawling across different locations. Deals are closed, orders processed and sensitive personnel information are being shared on collaboration platforms. It is a business imperative for companies to incorporate the management of this data deluge into their protection and compliance strategies. The implications could be huge if they fail to do so.”

Singapore as the more security-aware APAC country

The research also shows that countries differ in their level of cybersecurity awareness.

34 per cent of workers would accept an order over an instant messaging app and start processing it globally. But regional differences exist – 49 per cent in China would action the sale, but only 35 per cent in Singapore and South Korea would do the same

While more than 70 per cent office workers in China and South Kore save their own copies of information shared over instant messaging apps, only 54 per cent of employees in Singapore do the same.

Willingness to use business applications for personal purposes also varied significantly. 42 per cent of Singapore employees have used corporate applications for personal conversations compared to 57 per cent of employees in both China and South Korea.

30 per cent of respondents having been reprimanded by their employer for their IM use. The number increases to 40 per cent in South Korea but goes down to 24 per cent in Singapore.

Veritas recommends the following steps for businesses that want to regain control of data being shared over messaging and collaboration tools:

Standardise on a set of collaboration and messaging tools that meet the needs of the business – this will limit the sprawl.
Create a policy for information sharing – this will help control the sharing of sensitive information
Train all employees on the policies and tools that are being deployed – this will help to reduce accidental policy breaches
Incorporate the data sets from collaboration and messaging tools into the businesses’ data management strategy using eDiscovery and SaaS data backup solutions – this will empower users to make the most of the tools without putting the business at risk.

JOIN W.MEDIA AT DIGITAL WEEK

KR | CH | JP | TW | HK

When: 20-22 April 2021

Where: Online

Tags Cybersecurity, Security, Workers, employees, covid

How Big Corps & SMEs are shaping Vietnam’s digital economy

Micro, small, and medium enterprises (MSMEs) constitute 96 per cent of Vietnam’s business activities.

Meanwhile, big corporations, including multinational enterprises (MNEs), have impacted the ecosystem with their high capacity in technologies, finance, as well as their overall knowledge.

Add to the mix – government – which is still leading the digital transformation, urges businesses to step up the game and push forward the current estimated $14 billion worth digital economy of Vietnam.

First movers are big corporations and MNEs

Geopolitical issues can be added to the digitalisation push. In Vietnam, the European Union–Vietnam Free Trade Agreement (EVFTA) and the trade war between China and the U.S. are bringing new businesses coming to the country, said Tanguy Le Barber, founder of strategic consulting company Roadenn, at 2021 SEA Digital Week.

A positive effect is that when foreign companies come, they invest in local talent instead of using staff from their home countries.

Take South Korean multinational conglomerate Samsung as an example. In 2017, the company launched the Samsung Talent Program, which offered VND 8.5 billion (approximately $ 369,350) in the types of scholarships, specialised courses, and research and career opportunities for Vietnam’s information technology and electronics-telecommunications talent.

The company also has started constructing a new $220 million research and development (R&D) centre in Vietnam since 2020, increasing its research workforce in the country from 2,200 to 3,000 by 2022.

That is because it is an economic model at work, stated Bryan Carroll, CEO of TNEX, a Vietnam-based digital bank. “It’s positive, not just on GDP. This is an opportunity.”

Over the past years, capital has been pouring into the Vietnamese market. In January, foreign direct investment (FDI) capital in Vietnam reached $1.51 billion, representing a rise of 4.1 per cent year-on-year, as per a report of the Foreign Investment Agency (FIA) under the Ministry of Planning and Investment.

“It is driving the push for the digital transformation of the country,” Barber said.

Data source: World Bank

According to the e-Conomy Southeast Asia 2020 report by Google, Temasek and Bain & Company, analysts estimate Vietnam’s digital economy to reach $43 billion by 2025. But for the country to become competitive and be a major player in the region, or even worldwide, the government and local companies should understand the need for radical changes, Barber underlined.

Some prominent local corporations are taking the lead and eager to optimise their activities to regional levels. FPT Group, for example, is working with multiple partners and vendors to find options to reduce energy consumption at data centres, which then minimises negative impacts on the local environment.

“We applied a lot of new technologies to make sure that how we can reduce the PUE [Power Usage Effectiveness] down as much as we can,” said Khoa Doan, executive vice president of FPT Smart Cloud.

The same story goes with Vinfast, the first local car brand in the country, which has deployed a recognised world-leading production plant in Vietnam with automation and robotic processes.

SMEs can play alongside big players

When Internet users in Vietnam account for nearly 70 per cent of the population and spend an average of 6 hours 30 minutes online every day, SMEs in Vietnam are still not ready for digital transformation and the digital economy.

Among all small and micro-enterprises, which account for 96 per cent of firms and 40 per cent of national income (GDP), more than 45 per cent has not engaged well with technology, informed Ralf Matthaes, founder and managing director at Infocus Mekong research.

“SMEs have barriers to join this digital revolution which is happening in Vietnam,” said Carroll.In the case of cloud adoption, insiders found that most business people in Vietnam thought that adopting cloud computing means giving their data to cloud providers. The recent MaturityScape benchmark study of IDC ASEAN in 2018 also noted that 85 per cent of enterprises polled in eleven countries in Asia-Pacific, excluding Japan, are only rated at two out of five in IDC’s cloud maturity model.

“But now they are starting to understand that moving to cloud should be thought from a long-term investment point of view, which is the best solution for smaller business in Vietnam,” said Robert Tran, cybersecurity and technology risk leader at consulting company Ernst & Young Vietnam.

As the situation is changing exponentially due to the acceleration caused by the pandemic, Anthony Lim, regional principal consultant at Fortinet, said that cloud computing services availability could increase the efficiency and innovation capacity of small businesses in Vietnam.

“It will actually help a lot of small businesses get up to speed and play alongside big players,” Lim commented.

Digital Economy in Vietnam: From Government to Private Sector

As businesses are still approaching cloud computing cautiously, experts reach a consensus on the government’s role in the digital transformation stories, not only in Vietnam, but also in previous cases in the U.S., the Middle East, or Singapore.

“I don’t see so far the possibility of the transformation emanating from companies to the government. It has to be the other way around,” said Barber in a discussion at Digital Week.

In Vietnam, the Prime Minister has approved the national digital transformation programme to 2025 and orientation to 2030, which states various objectives, including developing a digital government, boosting the Vietnamese digital economy to account for 20% of GDP, and narrowing the digital gap by universalising fibre-optic Internet services, 5G mobile network, and electronic payment.

But while Singapore and Hong Kong are small city and states, most key digital infrastructure in the region, say data centres, are implemented there. Vietnam is still trailing behind with only 3.5 per cent of the total number of data centres in ASEAN, according to Frost & Sullivan’s “ASEAN and Taiwan Data Center Services Market, Forecast to 2025.”

“The reason is that their regulations [Singapore and Hongkong] are very clear and protect customer and data privacy,” said Tran. “Vietnam technically becoming a powerhouse is not a problem, but regulation could be a problem.”

Last year, in an effort to improve digital safety, the Ministry of Information and Communications of Vietnam provided guidelines on cloud computing for e-government, which Doan commented, could act as a critical reference for businesses in Vietnam in terms of understanding the requirements and standards of technical and information securities.

“How can they [organisations and companies] react and implement this direction from the government?,” said Carroll. “That comes down to the fact that digitalisation is more about people than technology.”

JOIN W.MEDIA AT VIETNAM CDC (HO CHI MINH) 2021

When: 17 June 2021

Where: Ho Chi Minh City, Vietnam

Ho Chi Minh boasts a high concentration of start-ups, making it an extremely lucrative market. The city has made a name for itself as a new entrant to Southeast Asia’s many digital hubs, ready to challenge the status quo with its reliance on self-sufficiency should be explored for the vast opportunities it offers. Considering the immense reverberations Vietnam sent out to Southeast Asia and beyond with its careful selection of 5G network partners, Cybersecurity as a holistic framework becomes pertinent. In the Vietnam Cloud & Datacenter Convention (Ho Chi Minh) (VNCDC), W.Media will be featuring two colocated conventions targeted precisely at the industry’s pressing concerns.

Join us at VNCDC today!

Tags Cloud, Digital Transformation, Vietnam, Cybersecurity, Data center

Credit: Philipp Katzenberger

Survey: Widening gap between threat intelligence capabilities and needs

While the concerns with cybersecurity have risen, threat intelligence capacities are still lagging behind, said a new report by Cybersixgill, a specialist in threat intelligence enablement, and Dark Reading, a cybersecurity news site.

The 2021 State of Threat Intelligence report found that deep and dark threat intelligence is gaining traction across the cybersecurity industry. Dark webs refer to the sites that are not accessible via public search and are often the criminal underground.

However, many from the industry are struggling with the lack of expertise regarding deep and dark web intelligence collection, the importance of intel freshness, the speed and rate of collections, as well as their overall impact on an organization’s cybersecurity programs and posture.

> Find out how HKBN is helping SMEs to combat cyberattacks

77 per cent of organisations have at least one dedicated threat intelligence analyst, and 54 per cent have more than five. Yet an overwhelming 48 per cent of organisations struggle with inaccurate data and 46 per cent with stale data.

More than half state they do not have access to closed and invite-only forums, and nearly a third said they do not receive threat intelligence from deep and dark web sources.

“The deep and dark web is the world’s third-largest economy after the US and China. In other words, if you’re a cybercriminal – you have to be there,” Meira Primes, CMO of Cybersixgill.

“Organizations are drowning in irrelevant data, false positives, and lack of ‘big picture’ understanding. Those who fail to adapt and act accordingly will not be able to advance their cyber defense strategy and protect their organization against cyber threats,” she adds.

The report surveyed 106 cybersecurity executives at large enterprises, covering various aspects of threat intelligence from common use-cases to operational challenges.

Additional findings include:

1. Multiple Breaches: 25 per cent of organisations have experienced six or more security breaches in the previous 12 months.

2. Long time to action: 35 per cent of organisations say it takes 12 hours or more to supplement new threat intelligence data with enough research to begin escalating and remediating incidents.

3. Drowning in data: 35 per cent of organisations use seven or more threat feeds at a time.

4. Time wasted on false Positives: 95 per cent of organisations waste anywhere from one hour to five days per week per analyst on false positives.

5. Obsolete data impacting almost half of the organisations: 48 per cent of organizations struggle with inaccurate threat intelligence data and 46 per cent with stale data.

6. Lack of context: 40 per cent of organisations cite lack of context as the biggest source of dissatisfaction in threat intelligence.

The report suggests that cybersecurity professionals need to shift the way they approach threat intelligence.

One way of doing so is to implement a modern methodology that includes automating the collection, analysis, research, and response in order to minimize the amount of manual labor it takes to truly operationalise threat intelligence.

In addition, the report recommends a set of baseline criteria for enterprises evaluating threat intelligence feeds. Intelligence, the research shows, should be continuous, iterative, contextual, and operationally integrative.

Tags Cybersecurity

U.K. cyber firm Bluedog to launch second security ops centre in the Philippines

The second security operations centre (SOC) will operate in Makati, a city in Manila, as Bluedog sees a growing demand for cybersecurity among local businesses who are suffering from phishing emails, attempted log-ins, and office network breach attempts, especially during lockdowns.

“We are aware that there are numerous small banks struggling with compliance, and hundreds of outsourcing firms which need to reassure overseas customers that they can meet international standards,” said Paul Lomax, co-founder of Bluedog Security Monitoring.

Twelve months to the opening of the new SOP, Bluedog will hire at least 20 new staff while maintaining its 30 workers at its first operations centres also based in Makati. Bluedog Training Academy will join the process to provide more local graduates with cyber skills to support the new operations.

Lomax added that the new SOP would make it gain steam in the race with the U.S. and Europe’s rivals as it makes security solutions accessible and affordable for more firms.

The distribution agreement with the local cybersecurity provider I.T. Security Distribution (ITSDI) will also help the company expand its customer base in the Philippines, while securing its current network in the U.K., Middle East, India, Singapore and Australia markets.

“We are pleased to offer Bluedog’s services in the Philippines and believe they could solve some key challenges for companies here,” said Luichi Robles, president of ITSDI. “Security concerns are greatest in the banking and financial services sector and Bluedog’s managed detection and response service offers an affordable solution.”

As working from home poses challenges for companies to monitor employees’ devices and allows more penetrators to take advantage of users’ negligence in downloading pirated software, Bluedog has been a pandemic winner. Its Microsoft 365 monitoring service has registered a marked number of new customers during lockdowns.

“The number of accounts we monitor is growing by around 20% per month,” Lomax stated. “The [Microsoft 365 monitoring] service—which can be activated remotely—effectively brings remote devices into the company’s network, allowing companies to detect risks ranging from suspicious account log-ins to phishing emails arriving in an employee’s inbox.”

Apart from Microsoft 365, managed detection and response (a 24-hour cybersecurity monitoring service), Azure monitoring, virtual CISO (Chief Information Security Officer) service, Microsoft 365 endpoint detection and response, and vulnerability assessment and penetration testing (VAPT) are also Bluedog’s offerings for firms.

Tags #thephilippines, Cybersecurity

Cybersecurity threats in Malaysia spiked amid remote working in 2020: Kaspersky

With 67 per cent of the Malaysian companies required their staff to work from home (WFH) during national lockdowns, a global threat intelligence exchange network Kaspersky reveals that it has detected a 33% rise in web threats in the country last year.

Kaspersky Security Network (KSN) is a complex distributed infrastructure that integrates cloud-based technologies into personal and corporate Kaspersky solutions, with cybersecurity-related data streams from millions of voluntary participants worldwide.

“We have seen several incidents of scams and social engineering tactics last year, which is aimed at tricking the human mind to steal money or information. Most of which used buzzwords related to COVID-19. Avoiding such requires a lot of calmness and vigilance, which is a tough one to have amidst the chaos that is the pandemic,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

The top five web threats in Southeast Asia in 2020 were: malware in web traffic is found during browsing scenarios – when user visits infected site or online advertisement performs unfair action; unintentional downloads of certain programs or files from the internet; downloading malicious attachments from online e-mail services; browser extensions activity; downloads of malicious components or communications performed by other malware.

For companies observing remote work, Kaspersky specialists have the following tips to help employers and businesses stay on top of any potential IT security issues and remain productive while the staff is working from home:

Ensure your employees have all they need to securely work from home and know who to contact if they face an IT or security issue;
Schedule basic security awareness training for your employees. This can be done online and cover essential practices, such as account and password management, email security, endpoint security, and web browsing.
Take key data protection measures including switching on password protection, encrypting work devices, and ensuring data are backed up.
Ensure devices, software, applications, and services are kept updated with the latest patches.
Install proven protection software, on all endpoints, including mobile devices, and switch on firewalls.
Ensure you have access to the latest threat intelligence to bolster your protection solution.
Double-check the protection available on mobile devices. It should enable anti-theft capabilities such as remote device location, locking and wiping of data, screen locking, passwords, and biometric security features like Face ID or Touch ID, as well as enable application controls to ensure only approved employees use applications.
In addition to physical endpoints, it is important to protect cloud workloads and virtual desktop infrastructure.

“It is high time for enterprises, of all shapes and sizes, to understand that online threats even against individuals should now be considered risks against companies. We need to remember, cybercriminals, never sleep. Hence our security solutions should be automated, intelligence-based, and proactive,” added Yeo.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Southeast Asia, Cybersecurity

PwC and HKBN Enterprise Solutions join hands to help SMEs combat cyberattacks

PwC Hong Kong and Hong Kong-based IT solutions firm HKBN Enterprise Solutions (HKBNES) have announced a partnership that will help small and medium enterprises (SMEs) in the island combat growing cybersecurity attacks.

Both companies have reached an agreement whereby HKBNES will provide the Big Four accounting firm a full range of cybersecurity services, including vulnerability assessment, phishing simulation, 7×24 SOC security monitoring, 7×24 remediation management to next-generation managed detection and response (MDR) services.

Kok Tin Gan, Cybersecurity and Privacy Partner at PwC Hong Kong said that the company is “excited” to be offered HKBNES’ suite of services.

“I am confident that PwC and HKBNES will co-solve the SMEs owners’ pain points by empowering more local businesses to enhance their cybersecurity readiness, helping them to build sustainable work modes and sail safe through the rough seas,” he added.

With a clientele of over 100,000 companies, Danny Li, Co-owner and Chief Technology Officer at HKBNES said that the company is here to massively scale its combined strengths with PwC.

“We’re proud to join hands with a world-class partner to bring SMEs a stack of best-in-class, enterprise-grade cybersecurity solutions at affordable rates, so that companies of all sizes can mount adequate security responses as they venture into an increasingly digitised brave new world,” he continued.

JOIN W.MEDIA AT DIGITAL WEEK

KR | CH | JP | TW | HK

When: 20-22 April 2021

Where: Online

Digital Week is returning to do a deep dive into the Cloud & Datacenter industries of FIVE new markets: Korea, Mainland China, Japan, Hong Kong, and Taiwan. Join us as we bring together 2500+ IT leaders from across Northeast Asia, covering everything from sustainable infrastructure to cloud security to digital transformation. Digital Week lets you expand your network and engage with new markets from wherever you are.
Want to learn more about these exciting developments in data and IT? Start connecting with peers and access exclusive pre-show content when you Register Today for Free!

Tags Hong Kong, Cybersecurity, PwC

South Korea is spending $607 million on cybersecurity

South Korea is pouring in $607 million by 2023 to beef up the country’s cybersecurity capabilities.

The Ministry of Information and Communications Technology made the announcement on Thursday (18th February) in response to growing cybersecurity threats, according to local newswire Yonhap News Agency.

With this, the Ministry has also revealed several measures that the government will take to bolster its cybersecurity policies.

First, by working with major cloud and data center providers, South Korea aims to develop infrastructure that will quickly respond to cyber threats, such as collecting information about cyber attacks in real-time and notifying companies of such occurrences.

Next, the Ministry plans to expand the volume of cyber threat information that it collects to include data from major social networking platforms, virtual services from different sectors such as education and healthcare, and the dark web.

The Ministry said that it hopes to reduce the rate of cybersecurity violations experienced by local companies from 2 percent to 1.3 percent by 2023.

JOIN W.MEDIA AT DIGITAL WEEK

KR | CH | JP | TW | HK

When: 20-22 April 2021

Where: Online

Tags South Korea, Cybersecurity

Image Credit: Datuk Saifuddin Abdullah/Facebook

Malaysia and Huawei are building Southeast Asia’s first 5G cybersecurity lab

Malaysia is working with Chinese tech giant Huawei to build Southeast Asia’s first 5G cybersecurity test lab.

CyberSecurity Malaysia, an agency under the country’s Ministry of Communications and Multimedia, announced the collaboration with Huawei and local telco Celcom Axiata Berhad.

Datuk Saifuddin Abdullah, Minister of Communications and Multimedia, said that the test lab will be a comprehensive test bed for 5G and Internet of Things (IoT) security, and offer cybersecurity services for mobile applications and hardware evaluation.

Dato Dr. Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia, said that the collaboration between his organisation and Huawei aims to deepen the ties between both parties.

“CyberSecurity Malaysia and Huawei are developing a strategic collaboration framework in cybersecurity governance, cybersecurity talent development and on establishing cybersecurity standards and certification in Malaysia to position itself as the first regional cybersecurity center of excellence,” he continued.

Malaysia’s willingness to work with Huawei is in line with the government’s recent announcement of MyDigital, a new digital economy blueprint that aims to transform the nation into a digitally advanced, high-income nation by 2025.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Malaysia, Digital Transformation, Huawei, Cybersecurity

Image Credit: Business Today Malaysia

Pre IPO, Malaysia’s Bank Islam accelerates digital transformation

Bank Islam, which is set to become the first publicly listed Islamic Bank in Malaysia, before its IPO, has decided to accelerate its digital transformation efforts with local telco, TM One.

Both organisations have signed a Memorandum of Understanding (MoU) which will see TM One deploy digital solutions in cloud, big data analytics, cybersecurity, and data centers to optimise the bank’s operations.

Muazzam Mohamed, CEO of Bank Islam, said that the partnership with TM One will improve the bank’s functions and services to its customers, which are important parts of the business especially ahead of its listing.

“These solutions will intensify BIMB’s information technology (IT) infrastructure and centre for digital experience (CDX) digital banking products, by allowing new buying experience, away from the traditional banking approach,” he added.

On being selected as Bank Islam’s preferred digital partner, Ahmad Taufek, Executive Vice President and CEO of TM One, said that the company is honoured to be given the opportunity to extend its digital expertise to Bank Islam. “We are fully aware that digital transformation, data security and protection are the top priorities, especially for the banking sector,”

“This befits our role as part of TM Group, as the enabler of ‘Digital Malaysia’,” he continued. With a rapid increase in tech adoption post-COVID, countries such as Malaysia Digital Economy Corporation (MDEC), the country is looking to establish itself as a digital hub in the region.

Tags Malaysia, Cloud, Digital Transformation, TM ONE, Cybersecurity, Data Centers, Data center

NTT completes its first Microsoft security project in Indonesia

NTT, a technology services provider, just completed its first Microsoft Security Project for a cellular operator in Indonesia.

The Japanese tech major provided consulting, implementation, and managed services to enhance the client’s data security and privacy.

With this project, NTT has reported improved agility in responding to security threats, uncompromised productivity and lower integration costs.

Enterprise-wide security strategy

NTT identified gaps and siloed operations in the client’s existing security policies and processes. Afterwards, they implemented a cost-saving solution to manage and protect sensitive data across multiple platforms.

Over the past 10 months, NTT also helped the client define and implement viable security policies and security tools.

Following an enterprise-wide installation of Microsoft Information Protection (MIP) solutions, including Azure Information Protection (AIP), Office 365 Data Loss Prevention (O365 DLP) and Microsoft Cloud App Security (MCAS), NTT rolled out end-user training for 5,700 employees.

NTT said it will continue to provide end-to-end managed services for one year as part of post-implementation support.

As a result, NTT expected to see lower integration and compliance cost, reduced IT complexity and improved security responses.

With the increase in tech adoption globally during COVID, telcos are coming under increasing threats of cybersecurity-related vulnerabilities. Almost all telcos in the world are ramping up their IT systems to counter cyber threats.

As users can collaborate more securely over Office 365 services, the company added, end-user friction is mitigated.

The risk of data leakage is also reduced as IT can better control sensitive data as it moves between internal and external apps.

“The need to integrate security into business and IT systems come as a top-level priority for us at NTT and our clients, having witnessed major data breaches in the past year alone. This project marks the first Microsoft security project for us in Indonesia,” said Hendra Lesmana, CEO, NTT Indonesia Solutions.

Need for stronger cybersecurity regulations in Indonesia

Cybersecurity laws and regulation are still at a nascent stage. While there are plans by the government to step up data protection, they have yet made any concrete plans. Recent data breaches in Indonesia also sounded alarms.

As Southeast Asia’s fastest-growing data centers industry develops, ensuring the security of the data will be both service providers and businesses’ priority.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Indonesia, Cybersecurity, NTT, Security

Cybersecurity spending for critical infrastructure to pass $105 billion by 2021: ABI Research

Global spending on critical cybersecurity infrastructure is set to surpass $105 billion in 2021, according to a latest report by tech market advisory firm ABI Research.

The report found that COVID-19 has had little impact on security spending, instead it has led to increased demand for secure connectivity due to the surge in remote work. Asia Pacific is home to some of the world’s fastest growing economies, and the region is also leading the world in digital innovation and transformation.

The primary challenge of the COVID-19 pandemic has been for critical infrastructure to ensure that systems and services keep running smoothly, despite an increasingly remote workforce. As such, greater emphasis has been placed on ensuring that infrastructure operations can be securely monitored and managed remotely by authorised personnel.

“There is no denying that secure connectivity has become a key focus, not least with the revelations late last year of the SolarWinds Orion hack, which has brought into sharp focus the need for better vetting of services offered by third party contractors and remote update processes,”

“The scale of the intrusion clearly illustrates how vulnerable systems can be when they have weak links, and how easily threat actors can infiltrate and escalate privileges once access has been gained. The implications for national security are significant, and critical infrastructure operators and governments worldwide are now re-evaluating and re-assessing the risks as they relate to remote management,” said Michela Menting, Digital Security Research Director at ABI Research.

The brunt of security spending is still first and foremost focused on IT networks, systems, and data security from a defensive perspective.

“This is where the primary threats are focused, and operators are keenly aware of the potential ramifications of a breach there. However, increasing efforts are being placed on offensive security investments to better prepare response mechanisms, as well as securing operational technologies as operators in many sectors go through digital transformation and start evolving toward smart and connected IoT infrastructures,” Menting explained.

Progress is nonetheless slow, as many sectors are bound by regulations which can make it difficult to change quickly. In addition, new security processes require time for testing and validation before being greenlit for use, ensuring they don’t compromise the integrity or proper functioning of existing processes.

The report also found that spending is heavy in industries such as defence, financial services, and ICT. This is because governments and critical infrastructure operators are aware of the potential national security implications of cybersecurity breaches.

Spending on energy, water, and waste management still lags behind in comparison. As governments continue to pursue smart city developments and digital transformation efforts, the underlying risks in sectors will become more apparent and should be addressed more robustly in the near future.

“By and large, security spending in critical infrastructures is wide and varied, and diverges significantly among regions due to policy and regulation but is overall embracing cybersecurity much more holistically as connectivity and digitization continue to play increasing roles in everyday operations,” Menting concluded.

The spending has also been made as a result of increased IT downtime during COVID-19, faced by companies. According to a LogicMonitor survey, almost half of the enterprises in the Asia Pacific region have experienced an increase in IT downtime during the COVID-19 pandemic.

Tags Cybersecurity, ABI Research

Cybersecurity firm ExtraHop opens new data centre facilities in Sydney

ExtraHop, a cybersecurity firm that specialises in cloud-native network detection and response, opened data centre facilities in Sydney to enhance access to its native security platform, Reveal(x) 360.

This means the company can also deliver reduced latency and higher availability, whilst ensuring that customers maintain data sovereignty.

“Organisations around the world are rethinking their approach to security as advanced threats like APTs and software supply chain attacks take a financial and reputational toll,” says ExtraHope Asia Pacific and Japan vice president David Sajoto.

He said that the company is committed to providing the customers with learning-backed detection and response capabilities that put public and private sector security teams back in the driver’s seat when it comes to protecting their organisations.

As such, they serve to ensure that their customers “have access to high-availability, low-latency security capabilities that meet local standards for data sovereignty and protection”.

This is the company’s latest move in its expansion in Australia and the broader APAC region.

In August 2020, ExtraHop appointed Australian distribution partner NEXTGEN as part of its agreement to broaden its security channel in the country.

In October 2020 the company’s ExtraHop Reveal(x) 360 achieve Amazon Web Services (AWS) Security Competency Status, meaning that ExtraHop has the required technical proficiency and ability to help customers secure applications, data, and workloads on AWS.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Cybersecurity, Australia, Data center, Sydney

Image Credit: Korean Newswire

Siemens South Korea signs cybersecurity deal with KPMG

Siemens South Korea has signed a technology research agreement with KPMG’s subsidiary company in the East Asian country, Samjong KPMG.

The Memorandum of Understanding (MoU) will see the strengthening of Samjong KPMG’s cybersecurity infrastructure. Both Siemens and Samjong KPMG will collaborate to exchange expertise and conduct joint research on different areas in cybersecurity. They include information protection, digital convergence, protection technology, and global compliance.

“As the era of the 4th industrial revolution is in full swing, the demand for security technologies for smart factories and production facilities is increasing,” commented Thomas Schmid, Head of Digital Industries at Siemens Korea.

“We look forward to generating a synergy effect by combining Siemens‘ IT-OT convergence knowledge and experience in the process industry and Samjong KPMG’s global consulting capabilities,” he added.

Established in 2013, Samjong KPMG’s cybersecurity team is the richest operation technology (OT) security team in South Korea. The team works with more than 207,000 KPMG professionals in over 153 countries to provide customers with cybersecurity solutions in South Korea.

“Based on the combination of Samjong KPMG‘s global consulting service know-how and Siemens Korea’s technology and experience, we will do our best to promote the successful OT-ICS (industrial control system) security business.” added Dae-Gil Jung, Head of Consulting Services in Samjong KPMG.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Cybersecurity, KPMG, Siemens, South Korea

Oxfam Australia responds to alerts of data breach affecting its 1.7 millions supporters

Oxfam is trying to work out what data was accessed

Oxfam Australia, a non-for-profit aid and development organization, is investigating a suspected cyberattack that has allegedly impacted the data of 1.7 million donors.

Forensic specialists have been brought to “assist in identifying whether data may have been accessed and any impact on its supporters”.

The matter has also been reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

While it is not yet known whether any data has been compromised, Bleeping Computer earlier this week reported that a threat actor had tried to sell one of the charity’s databases.

The database is alleged to contain contact and donor information, including names, email addresses and phone numbers, for about 1.7 million Oxfam Australia supporters.

In response, Oxfam responded in a statement that these allegations are not verified, stating that IT experts “[continue] to be confirming the type of data that may have been accessed and whether any of our supporters are impacted”.

“Launching the investigation and ascertaining key facts have been our priorities, but this is a complex issue and inquiries are in their early stages,” she said.

The company updated on Feb. 9 that it is “in the process of notifying all supporters for whom we have a contactable email address”, and urged donors to contact them with any questions.

This is not the first charity data breach that happened of late. The largest woodland conservation charity in the United Kingdom, Woodland Trust, has just confirmed that it was hit with a cyberattack in December 2020.

Woodland Trust experienced disruption as many systems are offline, affecting the ability to support “certain services” for members and supporters, the company said in a statement.

Charities are especially vulnerable to hackers and other malicious elements because they are sometimes perceived as easy targets.

Some charities do not adequately invest in data security and other charities lack the resources to adequately respond to such attacks. In addition, charities often have a treasure trove of sensitive information, such as payment details, as well as personally-identifiable information about donors.

This also reinforces a recent report on the rising data breaches in Australia, which mostly involves contact information and financial details, W.Media reported.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Cybersecurity, Australia, Micro Data Center, Data breaches

Image by rawpixel.com

Pandemic urged 89 per cent of Indian IT Leaders to protect organizational data from ransomware: new survey

Druva Inc., a India-based company specializing in cloud data protection and management, found in a survey that highlights the rising concerns among Indian businesses about data protection, the growing need to enhance resilience, and the role data agility plays in enabling organizational operations and connecting with customers.

The company’s inaugural 2020 Value of Data Report global survey offers insights from over 1,000 IT decision makers (ITDMs) in India, the US and UK, and underpins the importance of maximizing the value of data as businesses continue to navigate an unprecedented worldwide situation.

Of the more than 300 ITDMs surveyed in India, approximately one third (31 percent) report an increase in ransomware attacks on the organization since the pandemic began, and overall 89 percent of ITDMs being more concerned now with protecting their organizational data from ransomware than before the pandemic. However, 44 percent of organizations do not have the data they collect readily available when needed for decision making.

With data being created, stored, and shared in more ways than ever before, IT leaders in India are confronted with unprecedented challenges. The survey reveals that protecting data from outside threats, unauthorised internal access and ensuring business resiliency are becoming key priorities for organisations as they accelerate their cloud migration and digital transformation plans.

Other key India findings:

Accelerated digital transformation – 76 percent of respondents said that their digital transformation plans have accelerated due to the pandemic.
Expanding threat surface – since the pandemic began 42 percent reported an increase in video conferencing attacks, malware (40 percent), phishing (35 percent), user error / accidental tampering or deletion (32 percent) and insider attack (31 percent)
Data Recovery a concern – 67 percent reported that the time to recover data is still an issue and has increased since the pandemic
Data access crucial for business survival – 25 percent reported that their company can only go 3 to 4 hours without access to data before causing serious harm to their business

“The pandemic, and possibilities of an emergence in the coming months, has forced organizations across India to re-evaluate the health of their data, potential security vulnerabilities, and their level of preparedness”, said Milind Borate, Co-founder and Chief Development Officer, Druva. “The ability to unlock the value of data, rapidly adapt to changing demands, and delight customers will increasingly be determined by their cloud strategy. Cloud data protection plays a pivotal role in this journey, and Druva Cloud Platform is designed to help organizations accelerate their digital transformation, while ensuring data security and compliance.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags India, Digital Transformation, Cybersecurity, Data

Crypto platform Unocoin launches new exchange

Unocoin, the oldest cryptocurrency platform in India, has launched its new crypto exchange platform built for professional traders, fund managers and retail investors.

The launch, which follows Unocoin’s beta Unodax platform, marks the expansion of the company’s existing brokerage model into a full-scale exchange model. The platform comes with billing and invoicing functions to help fund managers and professional traders adhere to tax compliance and financial reporting, Unocoin said.

Unocoin, the single pool of liquidity shared by all Unocoin products, will continue to be made available for Unocoin Exchange users. Trading fees, APIs, and security features will be the same for both platforms. To facilitate the migration, the current platform, Unodax will remain accessible to users for a period of time, with transactions, balances and activity mirrored on both platforms. After 31st March 2021, all users will be seamlessly rolled over to Unocoin Exchange, with Unodax being phased out.

“We are launching the Unocoin exchange as a straightforward and user-friendly platform for experienced traders and institutional investors in India to participate in a globally expanding cryptocurrency ecosystem. In addition to a customised and secure trading platform, we will continue with Unocoin news, the Unocoin blog, and educational campaigns to help users excel in the crypto space,” said Sathvik Vishwanath, Co-founder and CEO, Unocoin.

The Unocoin Exchange comes with an improved user experience from Unodax, customised trading solutions that now serves a wider clientele. New features include a completely redesigned platform for a more intuitive experience; simplified deposit and withdrawal processes; improved charts to access more historical data; a new consolidated portfolio view called “My Wallets”; new Lending and Earn Interest functions; a wider wallet page consisting 30 different coins, the company said.

Apart from traditional limit orders and market orders, the platform is the first in India to support sophisticated order book placements, including split orders, enabling customers to place multiple orders at different prices with a single click; and ladder orders, helping customers take advantage of volatility with automatic order execution upon trigger of pre-determined price levels.

Sunny Ray, Co-founder and President, Unocoin said that by facilitating multiple functions like investments, utilisation, buying, selling, lending, and earning interest with cryptocurrency, Unocoin is offering users a unique opportunity to become shareholders in the cryptocurrency ecosystem. “As the decentralized ecosystem advances, we expect there will be many more opportunities for customers to interact with digital assets in new and unique ways,” he added.

After initial concerns as well as risks associated with this, regulatory bodies all over the world are looking at crypto currencies. In India, banking regulatory Reserve Bank of India recently issued a booklet on Payment and Settlement Systems in which it has mentioned that Private digital currencies (PDCs) / virtual currencies (VCs) / cryptocurrencies (CCs) have gained popularity in recent years.

RBI is exploring the possibility as to whether there is a need for a digital version of fiat currency and in case there is, then how to operationalise it.

Tags Cybersecurity, Cloud Hosting

Indian govt to pass India’s Privacy Protection Bill soon

India’s Privacy Data Protection Bill, which is going through multiple stakeholder considerations, will be passed soon.

“Things are still under deliberation, as the government is steadfast in its belief that data should be easy and affordable to access,” said Neeta Verma, Director General (DG), National Informatics Center (NIC), Ministry of Electronics and Information Technology (MeITY) who was addressing W.Media’s South Asia Cloud and Data Center Summit.

Legislation on data protection has gathered pace in India since the Supreme Court ruled privacy as a fundamental right in 2018. Subsequently, Justice B N Srikrishna, was tasked to come up with a draft of the Data Protection Bill.

The draft now is with the Joint Parliamentary Committee (JPC), who will eventually pass it into a law. While Dr Verma did not specify a timeline on when it will come into effect, she said that the government is deliberating all aspects, across all stakeholders, into this Bill.

With the onset of COVID-19, coupled with other likely accelerators such as 5G launch later this year, data consumption is growing at a humongous pace in countries like India. India with its 564 million internet user base is one of the most lucrative markets for internet-enabled services. For the same India needs to have the mix of physical infrastructure as well as laws that safeguard data protection for individuals and corporations, stated Dr. Verma.

Along with a policy on data (which has been referred to JPC for approval), the Indian government has also floated the framework for a data center policy, which after feedback, will be made into a law. “Data center should be accorded infrastructure status- like railways or roads and data center parks should be allowed to come up,” said Dr. Verma.

According infrastructure status, helps in attracting long-term capital from large pension funds as well as Private Equity companies, which is needed for building out a data center infrastructure in India. The government’s draft of a national Data Centre (DC) policy, focuses on simplifying existing rules, indigenous manufacturing and giving it “infrastructure” status could see big ticket investments.

Data center parks will help companies to co-locate their IT infrastructure in places which have reliable power, connectivity, amongst other factors.

Incentivisation schemes are also in the offing, stated Dr. Verma. India has a large talent pool, broadband connectivity, as well as geographically is one of the best places for becoming a global hub of data centers. “We have seen fast adoption fo cloud within government with 12,000 apps under the umbrella,”she said.

Some examples of government cloud services in India includes MyGov, e-hospitals, e-way bills, the government’s e-procurement system, Swachh Bharat mission, amongst others.

Dr. Verma is of that nowadays, data centers need to be viewed through a different lens. ‘We need to look at efficiencies in data centers in an environmentally sustainable manner-from managing power for cooling requirements to energy consumption. Data canter with managed services offers a great opportunity for India.

Tags Cybersecurity, Data center

Cyber Security breach at Australian Securities and Investments Commission (ASIC)

The Australian Securities and Investments Commission (ASIC) reported a cyber security breach related to its use of a file sharing software.

The Australian regulator in a notification said: “This incident is related to Accellion software used by ASIC to transfer files and attachments. It involved unauthorised access to a server which contained documents associated with recent Australian credit licence applications.”

While the investigation is ongoing, it appears that there is “some risk” that some limited information may have been viewed by the threat actor. At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded, it added. ASIC’s IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation.

Interestingly the Accellion file sharing software was recently at the centre of a similar incident at the Reserve Bank of New Zealand. As a precaution, and to protect information and systems, ASIC has disabled access to the affected server. The regulator is working on alternative arrangements for submitting credit application attachments which will be implemented shortly. No other ASIC technology infrastructure has been impacted or breached, it pointed out.

Meanwhile, relevant agencies and those impacted have been notified, it said.

Recently, the SUNBURST malware attacks against SolarWinds have heightened companies’ concerns about the risk to their digital environments. Malware installed during software updates in March 2020 had allowed advanced attackers to gain unauthorized access to files that may include customer data and intellectual property.

Matt Gyde, President and CEO, Security Division at NTT Limited had recently said that threat actors have exploited disruption during the COVID-19 crisis to launch an accelerated wave of cyberattacks around the world. The SolarWinds incidents were orchestrated by sophisticated operators and exploit the broad distribution of commonly-used software packages, he said.

Tags Cybersecurity, Cloud/IT, breaches

APAC’s Secure Content Management (SCM) market to reach $2.2 billion by 2024: Frost & Sullivan

The Secure Content Management (SCM) market is expected to achieve an 11.4% compound annual growth rate (CAGR) to reach $2.2 billion in total web and email security revenues by 2024, revealed in an analysis by Frost & Sullivan.

Cloud-based deployments are projected to lead growth as more enterprises move their emails to the cloud and rely on the internet, including remote working, especially during COVID-19.

The overall email security market is maturing with slowing but steady growth. Heavily driving its cloud-based deployments are cloud-based email adoption, such as Office 365 and G Suite, and increasing regional remote workforces.

The larger but less mature Web security market is also benefiting significantly from the latter. Moreover, enterprises are more reliant on Web applications and moving their workloads into the public cloud, necessitating cloud centricity.

Malicious email and web links remain the most popular attack vectors

Malicious email and web links remain the most popular attack vectors in APAC countries. Threats include more advanced and sophisticated targeted phishing emails, business email compromises, and malicious content.

“The addition of multiple functionalities into core capabilities is transforming web and email security options as organizations seek better compatibility with their cloud migration journeys and cost-savings simultaneously. Various integrations, including data loss prevention (DLP), cloud access security broker (CASB), and email/browser isolation, are blurring distinctions among cybersecurity solutions,” said Vivien Pua, Industry Analyst, ICT at Frost & Sullivan.

“The larger but less mature web security market is also benefiting significantly from cloud-based deployment security solutions given their scalability, flexibility, and lower cost.”

Pua added: “Larger enterprises often require dedicated web and email security to effectively detect, prevent, and remediate threats. These companies with larger financial resources generally prioritize performance and will opt for standalone solutions or best-of-breed options. Conversely, small and medium businesses (SMBs) are more open to integrated solutions or Software-as-a-Service (SaaS) offerings, which offer them the necessary protection level, despite their limited security budgets.”

Strategic recommendations for further revenue opportunities

Cybersecurity vendors should explore these strategies, Frost & Sullivan recommended:

Assist enterprise customers who are migrating to cloud email by integrating and/or transferring their email security to cloud-based deployments.
Offer cloud-delivered integrated cybersecurity solutions to meet the business needs of remote workforces.
Prepare on-premises deployments or hybrid deployment solutions for enterprises reliant on traditional operating procedures or that face regulatory compliance issues regarding on-the-cloud deployments.
Explore new product development and acquisitions to match the security demands of the current and future threat climate.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Cloud, Cybersecurity, APAC

Oz Def Min to exit Global Switch data centre biz by 2025

The Department of Defence in Australia has reneged on its planned 2020 exit from Global Switch’s Sydney-based data centre by up to five years after plans to move all of its data from the facility fell short last year.

The department extended its deal with the Chinese-owned facility under a $53.5 million contract last October.

Defence had planned to shift all of its secret files back into a government-owned data centre at the end of its 10-year lease agreement Global Switch in September 2020, as revealed by the ABC.

The decision to leave was prompted by a purchase of half of the centre’s parent company by a Chinese consortium in 2017, despite assurances from the company that its files are secure.

The move was slated to cost up to $200 million when planning began around three years ago.

But the new property lease gives Defence access to Global Switch’s Ultimo facility until September 2025.

Meanwhile, other federal government agencies, including he Australian Taxation Office and, more recently, the Australian Securities and Investments Commission, have either moved – or are in the process of moving – out of Global Switch by 2022.

Australian Defence has also extended a separate property lease with Global Switch until September 2025 under an existing deal at a cost of $8 million.

A spokesperson told iTnews “the size of the Defence holdings made it impractical to migrate all the holdings from the data centre prior to the expiry of the Defence lease in September 2020”.

The department did, however, migrate some of its data holdings to an undisclosed “alternative data centre”.

“This was completed in mid-2020,” the spokesperson said, adding that “Defence has developed a plan to migrate its remaining holdings to cover the next three to five years, as supported by the government”.

Defence also uses other data centres, including Canberra Data Centres (CDC) for its billion-dollar enterprise resources planning (ERP) modernisation hosted on Microsoft Azure.

Asked whether sensitive data was stored at the data centre, Defence said it still “has data holdings at GSU [Global Switch Ultimo]”, adding that the facility is subject to Foreign Investment Review Board controls.

Last month, the Australian Strategic Policy Institute found that over half of all current federal government contracts were with one data centre provider, widely understood to be CDC, iTNews reported.

“Contracts with the dominant provider totalled $620 million, or 79 percent,” it said in its ‘devolved data centre decision report’ [pdf] after analysing 87 current data centre contracts on AusTender.

Founded in 1998 and led by Chief Executive Officer John Corcoran, Global Switch, owns, operates and develops data centers in Europe and Asia Pacific. The company’s footprint currently spans about 390,000 square meters and its tenants include government organizations, mobile carriers and financial institutions, its website shows. The company posted revenue of about 439 million pounds in 2019, its annual report showed.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Cybersecurity, Government Cloud, Data Centers, Australia, Data center, Defence

South Australian government chooses Atos as cloud provider

The government of South Australia has selected German cloud and cybersecurity company Atos to support the organisation with its digital transformation journey.

In a three-year agreement signed by both parties, the South Australian government agencies will leverage Atos’ Managed Platform Services (MPS) to deliver better data processing and cloud migration solutions.

Mike Green, Managing Director of Atos Australia, said that the company is “proud” to be chosen as a trusted partner of the government.

“We believe that hyperscale Cloud services can make a different kind of public service possible. We are excited to transfer that knowledge, experience and deep insights to embark on this journey towards a safe and citizen-centric future in South Australia,” he added.

South Australia’s capital city, Adelaide, is the fifth most populous city in Australia and is consistently ranked as one of the most liveable cities in the world.

Earlier in January, the government outlined a bold and ambitious tech strategy for the South Australian Government that brings together technology, cybersecurity and digital services.

The government is actively collaborating and partnering with agencies to achieve positive outcomes for the state. These include: developing a more resilient and innovative cyber security industry centred in Adelaide’s innovation hub, Lot Fourteen, through the Australian Cyber Collaboration Centre (A3C); and addressing and reducing the cyber and digital skills gap by developing education, training and pathways through cyber security traineeships for government, development of cyber school curriculum, and other skills growth activities.

Another initiative includes to improve online accessibility of government services for people living with disadvantage or a disability and improve the state’s cyber security posture by implementing the South Australian Cyber Security Framework (SACSF) across government and improve the industry’s awareness of the SACSF.

Tags Cloud, Cybersecurity, Australia, Atos, South Australia

Source: Australian Associated Press

NTT Limited to offer free cyber sec solutions to mitigate SolarWinds attack

Technology services company NTT Limited will offer “specialised sensor” capability to help them determine their risk and potential means to mitigate attacks related to the recent SolarWinds incidents. This will be offered to specific clients, free-of-charge, the company said in a statement.

In December 2020, a supply chain attack through SolarWinds’ commonly-used network management software allowed malware to be distributed to at least 18,000 organizations around the world. Additional threats have also since been identified, potentially exposing many organisations’ applications and data.

In response to these supply chain attacks, NTT will provide companies that believe themselves to be at risk of compromise with their 30-day trial of its Specialized Sensor for SolarWinds Detection and Alerting across all platforms other than Azure, at no charge.

This offering includes:
Deployment of a specialized sensor in AWS and Google Cloud Platform environments for the detection of Indicators of Compromise (IOCs) specific to the SolarWinds breach.
Near real time notification to a client’s security organization in the event a compromise is detected.
An actionable incident report delivered automatically, immediately upon detection of IOCs linked to the SolarWinds compromise.

On 8 December 2020, cybersecurity company FireEye reported a breach and exfiltration of their Red Team tools. Ultimately, FireEye realized the breach had come via supply-chain attack carried out by the implantation of malicious code in the SolarWinds update server for the Orion Platform.

Sunburst attack

The attack on SolarWinds, dubbed Sunburst, loaded a Trojan into the SolarWinds software update. This malicious update infected SolarWinds Orion Platforms, thus compromising the networks of SolarWinds’ clients. The sophistication of the attack has led analysts to assert that the cyber event was most likely attributed to Russian nation-state threat actors.

On Friday, December 18th, Microsoft released a statement confirming that its network had been compromised by the malicious software updates from SolarWinds. FireEye and Microsoft were two of many companies affected by the attack. US-based organizations were targets of nearly 80 per cent of the attacks. Apart from them, organisations based in Belgium, Canada, Israel, Mexico, Spain, and the United Arab Emirates (UAE) were also affected.

In response to the US attacks, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to US government agencies directing them to immediately disconnect or power down SolarWinds Orion products. US government agencies believed to have been breached so far include the Treasury Department, the Justice Department, the Energy Department, and the National Nuclear Security Administration, among others. The full extent of the attack is unknown. It is highly probable that more victims will be discovered since damage from this breach is still being assessed and new tactics, techniques, and procedures (TTPs) could be discovered.

Matt Gyde, President and CEO, Security Division at NTT Limited is of the view that threat actors have exploited disruption during the COVID-19 crisis to launch an accelerated wave of cyberattacks around the world. “The SolarWinds incidents were orchestrated by sophisticated operators and exploit the broad distribution of commonly-used software packages. NTT has now moved to proactively offer clients a way to identify potential problems in their technology infrastructure and take the steps needed to close those gaps,” he said.

Organisations can then engage with NTT for in-depth review, analysis, recommendations, and remediation including a rapid incident compromise assessment. NTT can also provide ongoing managed security services such as Security Operations Center as a Service (SOCaaS) and develop a Strategy for Supply Chain Security Assurance, to help clients monitor their technology assets and reduce risk from future threats.

Tags Cloud Migration, Cybersecurity

Cyberattacks cost Vietnam $1 billion in 2020

How costly could cybersecurity threats get?

A recent study by Vietnam’s Bach Khoa Antivirus Center (Bkav) found out that the country suffered a staggering loss of $1 billion (24 trillion Vietnamese Dong) due to cyberattacks.

Carried out in December 2020, the study revealed that the COVID-19 pandemic has much to do with the financial loss. As organisations and employees in Vietnam continue to work remotely, due to restrictions placed on travel, as well as social distancing norms, cyber criminals have lapped up this opportunity. They have got into home as well as enterprise devices and have infiltrated, altered, and stole data.

Major e-commerce platforms and banking institutions in Southeast Asia are continuing to be hit hard by cyber threats, with personal information of thousands of users being stolen.

Supply chain attacks on Vietnamese businesses are also common. Such attacks target a product’s manufacturing line by installing hardware-based spying components, resulting in significant financial losses.

On top of that, Bkav’s threat detection system picks up over 15,000 spywares installed in smartphones monthly. These are also to steal sensitive information and private messages from smartphone users in Vietnam.

Ho Chi Minh wants to stop cybercrime

This is perhaps why Vietnam’s largest city, Ho Chi Minh has set up a cybercrime division to combat such threats. A real-time malware detector website is also launched to remove any threats immediately.

However, Bkav’s Vice President of Anti-Malware, Vu Ngoc Son, pointed out the existence of fileless malware threats that hide in a system’s configuration parameters. As they leave no sign of presence, they are likely to still threaten many businesses in Vietnam, he said.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Tags Vietnam, Cybersecurity

Spike in remote work postings since Covid-19: LinkedIn says

During the pandemic, Asia-pacific regions saw a spike in remote work job postings, according to data from LinkedIn.

Linkedin’s statistics show that both remote work postings and applications have increased significantly in 2020. From March to May 2020 alone, India’s remote job applications grew to a multiple of 4.65 times, closely followed by Australia and China, outperforming the global average with an increase of only 2.28 times.

Indirectly, this is expected to drive demand for robust cloud-based platforms and AI-driven cybersecurity solutions. The steady increase of cloud solutions provides employers and employees with access to data and collaborative platforms regardless of their physical locations.

The increasing availability of fast, steady and reliable broadband connection and cloud computing, lay the infrastructural groundwork for remote working, reported Statista, a German company specializing in market and consumer data.

Cloud-based service providers meeting the growing demand

With the demand for remote work expected to be outlasting the pandemic, Statista forecasts that spending on cloud-based business applications, collaboration tools, cybersecurity, and remotely managed IT services are projected to grow by almost 100 billion U.S. dollars over the next few years; on the other hand, spending for on-premises service is predicted to stagnate.

Growing hand in hand is the revenue from the cloud email and collaboration market, which is set to double in size and worth by 2024 from 2020.

Data centers are crucial to the virtual workplace as the key point of access for data and assets, utilized by remote workers when they log in to the network. Thus, how streamlined and secure the process is will determine the experience of a virtual working arrangement.

Leading cloud solutions businesses are ramping up their data center capacity to meet the demand. For example, Zoom Video Communications, Inc. also expanded its co-located data center in Singapore, where it has already had a presence for 2 years.

AppDynamics, part of Cisco Systems, which focuses on managing performance and availability of applications across cloud computing environments and inside the data center, recently started to offer its Software-as-a-Service (SaaS) offering in Asia.

This enables customers to access AppDynamics solutions via a local cloud location and accelerate their digital transformations.

Tags Cloud, Cybersecurity, Data Centers, Data center

Southeast Asian firms more aware of cyber hygiene: Palo Alto study says

Southeast Asian countries, including Indonesia, are becoming more aware of the importance of cybersecurity and protection from cyber threats, a survey by a technology corporation revealed.

Surung Sinamo, Country Manager of Palo Alto Networks Indonesia who conducted the report, said in an online forum on Wednesday: “They (countries) are becoming more aware of the importance of preventing and thwarting cyber attacks that can potentially disrupt businesses, as we have seen in the last few years.”

Conducted from 6 to 15 Feb, 2020, right before the spread of coronavirus widened, the survey involved 400 leaders of tech companies from Indonesia, the Philippines, Thailand, and Singapore.

Palo Alto believes the survey’s findings remain relevant amid the pandemic as more work is being done virtually.

“There are a lot of virtual meetings, companies have accelerated their need (for such meetings) to ensure that their businesses and workers are protected,” Sinamo said.

Of the 100 companies surveyed by Palo Alto in Indonesia, 4 out of 5, or 84% businesses, had increased their budget for cybersecurity in 2020, higher than the average in the region, with 73% of the companies reporting higher cybersecurity budgets.

Almost half of the 84% companies that responded said they allocated most of their total tech budget for cybersecurity, with 71 % saying they increased the budget as cyber threats are becoming more sophisticated.

Furthermore, 70% of the respondents said that cyber attacks had increased, and 69% felt the need to boost their security capacities, including through automation.

76 % of the respondents saw solutions such as antiviruses and anti-malware as important aspects of cybersecurity, while 61% said they had also invested in cloud-based servers, even higher than the global trend (link to W.media article).

Meanwhile, 56 % of the Indonesian companies used software-defined wide area network security and 51% opted for firewalls.

The growing awareness of cybersecurity was also reflected in measures to review standard operational procedure policies annually. These were carried out by 92% of the respondents.

However, 44% reported they were still not confident about their cybersecurity despite that the majority has increased their security investment.

This suggested a demand for more reliable security options among Southeast Asian firms.

Tags Cybersecurity

WhatsApp pushes privacy policy deadline to May 15

WhatsApp has pushed back its new privacy policy deadline to May 15, after it came under intense pressure from users.

The deadline was for accepting the tweak to its terms of service, involving sharing data with Facebook servers. Instead, Facebook in a blog said that it would go to people gradually to review the policy at their own pace before new business options are available on May 15.

“We’re now moving back the date on which people will be asked to review and accept the terms. No one will have their account suspended or deleted on February 8. We’re also going to do a lot more to clear up the misinformation around how privacy and security works on WhatsApp. We’ll then go to people gradually to review the policy at their own pace before new business options are available on May 15, ” it said.

Earlier this month, WhatsApp users received a notification that it was preparing a new privacy policy and terms, and it reserved the right to share some user data with the Facebook app.

This sparked a global outrage and resulted in people moving to alternative apps such as Telegram and Signal. Telegram in a notification said that since the last few days around 25 million new users joined the platform.

“WhatsApp was built on a simple idea: what you share with your friends and family stays between you. This means we will always protect your personal conversations with end-to-end encryption, so that neither WhatsApp nor Facebook can see these private messages. It’s why we don’t keep logs of who everyone’s messaging or calling. We also can’t see your shared location and we don’t share your contacts with Facebook, it said. With these updates, none of that is changing. Instead, the update includes new options people will have to message a business on WhatsApp, and provides further transparency about how we collect and use data. While not everyone shops with a business on WhatsApp today, we think that more people will choose to do so in the future and it’s important people are aware of these services. This update does not expand our ability to share data with Facebook,” it added.

“There is a need for stronger, comprehensive legislation and propels the privacy-conscious users to address the legal vacuum left unattended otherwise. In view of the fast-evolving online commercial industry, it is imperative to establish an Authority that helps identify and penalize offenders so as to materialize Privacy in letter and spirit and save it from being left as a half-baked promise,” stated Sonam Chandwani, the Managing Partner at KS Legal & Associates.

Although WhatsApp attempted to assure sophisticated and secure data sharing practices with Facebook with no impact on private communication across the world, the privacy update allows Whatsapp businesses to choose to receive secure hosting services from Facebook to help manage their communications with their customers on WhatsApp.

“However, the recent notification has led to a severe loss of confidence in Whatsapp by its loyal users. Further, the privacy laws in India are lacking in the fight against rising data breaches and cyber attacks in an increasingly digitized business space amidst the pandemic,” said Chandwani.

Tags Data protection, Cybersecurity, Data center