South Korea is spending $607 million on cybersecurity

South Korea is pouring in $607 million by 2023 to beef up the country’s cybersecurity capabilities.

The Ministry of Information and Communications Technology made the announcement on Thursday (18th February) in response to growing cybersecurity threats, according to local newswire Yonhap News Agency.

With this, the Ministry has also revealed several measures that the government will take to bolster its cybersecurity policies.

First, by working with major cloud and data center providers, South Korea aims to develop infrastructure that will quickly respond to cyber threats, such as collecting information about cyber attacks in real-time and notifying companies of such occurrences.

Next, the Ministry plans to expand the volume of cyber threat information that it collects to include data from major social networking platforms, virtual services from different sectors such as education and healthcare, and the dark web.

The Ministry said that it hopes to reduce the rate of cybersecurity violations experienced by local companies from 2 percent to 1.3 percent by 2023.

Malaysia and Huawei are building Southeast Asia’s first 5G cybersecurity lab

Malaysia is working with Chinese tech giant Huawei to build Southeast Asia’s first 5G cybersecurity test lab.

CyberSecurity Malaysia, an agency under the country’s Ministry of Communications and Multimedia, announced the collaboration with Huawei and local telco Celcom Axiata Berhad.

Datuk Saifuddin Abdullah, Minister of Communications and Multimedia, said that the test lab will be a comprehensive test bed for 5G and Internet of Things (IoT) security, and offer cybersecurity services for mobile applications and hardware evaluation.

Dato Dr. Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia, said that the collaboration between his organisation and Huawei aims to deepen the ties between both parties.

“CyberSecurity Malaysia and Huawei are developing a strategic collaboration framework in cybersecurity governance, cybersecurity talent development and on establishing cybersecurity standards and certification in Malaysia to position itself as the first regional cybersecurity center of excellence,” he continued.

Malaysia’s willingness to work with Huawei is in line with the government’s recent announcement of MyDigital, a new digital economy blueprint that aims to transform the nation into a digitally advanced, high-income nation by 2025.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Pre IPO, Malaysia’s Bank Islam accelerates digital transformation

Bank Islam, which is set to become the first publicly listed Islamic Bank in Malaysia, before its IPO, has decided to accelerate its digital transformation efforts with local telco, TM One.

Both organisations have signed a Memorandum of Understanding (MoU) which will see TM One deploy digital solutions in cloud, big data analytics, cybersecurity, and data centers to optimise the bank’s operations.

Muazzam Mohamed, CEO of Bank Islam, said that the partnership with TM One will improve the bank’s functions and services to its customers, which are important parts of the business especially ahead of its listing.

“These solutions will intensify BIMB’s information technology (IT) infrastructure and centre for digital experience (CDX) digital banking products, by allowing new buying experience, away from the traditional banking approach,” he added.

On being selected as Bank Islam’s preferred digital partner, Ahmad Taufek, Executive Vice President and CEO of TM One, said that the company is honoured to be given the opportunity to extend its digital expertise to Bank Islam. “We are fully aware that digital transformation, data security and protection are the top priorities, especially for the banking sector,”

“This befits our role as part of TM Group, as the enabler of ‘Digital Malaysia’,” he continued. With a rapid increase in tech adoption post-COVID, countries such as Malaysia Digital Economy Corporation (MDEC), the country is looking to establish itself as a digital hub in the region.

NTT completes its first Microsoft security project in Indonesia

NTT, a technology services provider, just completed its first Microsoft Security Project for a cellular operator in Indonesia.

The Japanese tech major provided consulting, implementation, and managed services to enhance the client’s data security and privacy.

With this project, NTT has reported improved agility in responding to security threats, uncompromised productivity and lower integration costs.

Enterprise-wide security strategy  

NTT identified gaps and siloed operations in the client’s existing security policies and processes. Afterwards, they implemented a cost-saving solution to manage and protect sensitive data across multiple platforms.

Over the past 10 months, NTT also helped the client define and implement viable security policies and security tools.

Following an enterprise-wide installation of Microsoft Information Protection (MIP) solutions, including Azure Information Protection (AIP), Office 365 Data Loss Prevention (O365 DLP) and Microsoft Cloud App Security (MCAS), NTT rolled out end-user training for 5,700 employees.

NTT said it will continue to provide end-to-end managed services for one year as part of post-implementation support.

As a result, NTT expected to see lower integration and compliance cost, reduced IT complexity and improved security responses.

With the increase in tech adoption globally during COVID, telcos are coming under increasing threats of cybersecurity-related vulnerabilities. Almost all telcos in the world are ramping up their IT systems to counter cyber threats.

As users can collaborate more securely over Office 365 services, the company added, end-user friction is mitigated.

The risk of data leakage is also reduced as IT can better control sensitive data as it moves between internal and external apps.

“The need to integrate security into business and IT systems come as a top-level priority for us at NTT and our clients, having witnessed major data breaches in the past year alone. This project marks the first Microsoft security project for us in Indonesia,” said Hendra Lesmana, CEO, NTT Indonesia Solutions.

Need for stronger cybersecurity regulations in Indonesia

Cybersecurity laws and regulation are still at a nascent stage. While there are plans by the government to step up data protection, they have yet made any concrete plans. Recent data breaches in Indonesia also sounded alarms.

As Southeast Asia’s fastest-growing data centers industry develops, ensuring the security of the data will be both service providers and businesses’ priority.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Cybersecurity spending for critical infrastructure to pass $105 billion by 2021: ABI Research

Global spending on critical cybersecurity infrastructure is set to surpass $105 billion in 2021, according to a latest report by tech market advisory firm ABI Research.

The report found that COVID-19 has had little impact on security spending, instead it has led to increased demand for secure connectivity due to the surge in remote work. Asia Pacific is home to some of the world’s fastest growing economies, and the region is also leading the world in digital innovation and transformation.

The primary challenge of the COVID-19 pandemic has been for critical infrastructure to ensure that systems and services keep running smoothly, despite an increasingly remote workforce. As such, greater emphasis has been placed on ensuring that infrastructure operations can be securely monitored and managed remotely by authorised personnel.

“There is no denying that secure connectivity has become a key focus, not least with the revelations late last year of the SolarWinds Orion hack, which has brought into sharp focus the need for better vetting of services offered by third party contractors and remote update processes,”

“The scale of the intrusion clearly illustrates how vulnerable systems can be when they have weak links, and how easily threat actors can infiltrate and escalate privileges once access has been gained. The implications for national security are significant, and critical infrastructure operators and governments worldwide are now re-evaluating and re-assessing the risks as they relate to remote management,” said Michela Menting, Digital Security Research Director at ABI Research.

 

The brunt of security spending is still first and foremost focused on IT networks, systems, and data security from a defensive perspective.

“This is where the primary threats are focused, and operators are keenly aware of the potential ramifications of a breach there. However, increasing efforts are being placed on offensive security investments to better prepare response mechanisms, as well as securing operational technologies as operators in many sectors go through digital transformation and start evolving toward smart and connected IoT infrastructures,” Menting explained.

Progress is nonetheless slow, as many sectors are bound by regulations which can make it difficult to change quickly. In addition, new security processes require time for testing and validation before being greenlit for use, ensuring they don’t compromise the integrity or proper functioning of existing processes.

The report also found that spending is heavy in industries such as defence, financial services, and ICT. This is because governments and critical infrastructure operators are aware of the potential national security implications of cybersecurity breaches.

Spending on energy, water, and waste management still lags behind in comparison. As governments continue to pursue smart city developments and digital transformation efforts, the underlying risks in sectors will become more apparent and should be addressed more robustly in the near future.

“By and large, security spending in critical infrastructures is wide and varied, and diverges significantly among regions due to policy and regulation but is overall embracing cybersecurity much more holistically as connectivity and digitization continue to play increasing roles in everyday operations,” Menting concluded.

The spending has also been made as a result of increased IT downtime during COVID-19, faced by companies. According to a LogicMonitor survey, almost half of the enterprises in the Asia Pacific region have experienced an increase in IT downtime during the COVID-19 pandemic.

Cybersecurity firm ExtraHop opens new data centre facilities in Sydney 

ExtraHop, a cybersecurity firm that specialises in cloud-native network detection and response, opened data centre facilities in Sydney to enhance access to its native security platform, Reveal(x) 360.

This means the company can also deliver reduced latency and higher availability, whilst ensuring that customers maintain data sovereignty.

“Organisations around the world are rethinking their approach to security as advanced threats like APTs and software supply chain attacks take a financial and reputational toll,” says ExtraHope Asia Pacific and Japan vice president David Sajoto.

He said that the company is committed to providing the customers with learning-backed detection and response capabilities that put public and private sector security teams back in the driver’s seat when it comes to protecting their organisations.

As such,  they serve to ensure that their customers “have access to high-availability, low-latency security capabilities that meet local standards for data sovereignty and protection”.

This is the company’s latest move in its expansion in Australia and the broader APAC region.

In August 2020, ExtraHop appointed Australian distribution partner NEXTGEN as part of its agreement to broaden its security channel in the country.

In October 2020 the company’s ExtraHop Reveal(x) 360 achieve Amazon Web Services (AWS) Security Competency Status, meaning that ExtraHop has the required technical proficiency and ability to help customers secure applications, data, and workloads on AWS.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Siemens South Korea signs cybersecurity deal with KPMG

Siemens South Korea has signed a technology research agreement with KPMG’s subsidiary company in the East Asian country, Samjong KPMG.

The Memorandum of Understanding (MoU) will see the strengthening of Samjong KPMG’s cybersecurity infrastructure. Both Siemens and Samjong KPMG will collaborate to exchange expertise and conduct joint research on different areas in cybersecurity. They include information protection, digital convergence, protection technology, and global compliance.

“As the era of the 4th industrial revolution is in full swing, the demand for security technologies for smart factories and production facilities is increasing,” commented Thomas Schmid, Head of Digital Industries at Siemens Korea.

“We look forward to generating a synergy effect by combining Siemens‘ IT-OT convergence knowledge and experience in the process industry and Samjong KPMG’s global consulting capabilities,” he added.

Established in 2013, Samjong KPMG’s cybersecurity team is the richest operation technology (OT) security team in South Korea. The team works with more than 207,000 KPMG professionals in over 153 countries to provide customers with cybersecurity solutions in South Korea.

“Based on the combination of Samjong KPMG‘s global consulting service know-how and Siemens Korea’s technology and experience, we will do our best to promote the successful OT-ICS (industrial control system) security business.” added Dae-Gil Jung, Head of Consulting Services in Samjong KPMG.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Oxfam Australia responds to alerts of data breach affecting its 1.7 millions supporters 

Oxfam is trying to work out what data was accessed

Oxfam Australia, a non-for-profit aid and development organization, is investigating a suspected cyberattack that has allegedly impacted the data of 1.7 million donors.

Forensic specialists have been brought to “assist in identifying whether data may have been accessed and any impact on its supporters”.

The matter has also been reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

While it is not yet known whether any data has been compromised, Bleeping Computer earlier this week reported that a threat actor had tried to sell one of the charity’s databases.

The database is alleged to contain contact and donor information, including names, email addresses and phone numbers, for about 1.7 million Oxfam Australia supporters.

In response, Oxfam responded in a statement that these allegations are not verified, stating that IT experts “[continue] to be confirming the type of data that may have been accessed and whether any of our supporters are impacted”.

“Launching the investigation and ascertaining key facts have been our priorities, but this is a complex issue and inquiries are in their early stages,” she said.

The company updated on Feb. 9 that it is “in the process of notifying all supporters for whom we have a contactable email address”, and urged donors to contact them with any questions.

This is not the first charity data breach that happened of late. The largest woodland conservation charity in the United Kingdom, Woodland Trust, has just confirmed that it was hit with a cyberattack in December 2020.

Woodland Trust experienced disruption as many systems are offline, affecting the ability to support “certain services” for members and supporters, the company said in a statement.

Charities are especially vulnerable to hackers and other malicious elements because they are sometimes perceived as easy targets.

Some charities do not adequately invest in data security and other charities lack the resources to adequately respond to such attacks. In addition, charities often have a treasure trove of sensitive information, such as payment details, as well as personally-identifiable information about donors.

This also reinforces a recent report on the rising data breaches in Australia, which mostly involves contact information and financial details, W.Media reported.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Pandemic urged 89 per cent of Indian IT Leaders to protect organizational data from ransomware: new survey

Druva Inc., a India-based company specializing in cloud data protection and management, found in a survey that highlights the rising concerns among Indian businesses about data protection, the growing need to enhance resilience, and the role data agility plays in enabling organizational operations and connecting with customers. 

The company’s inaugural 2020 Value of Data Report global survey offers insights from over 1,000 IT decision makers (ITDMs) in India, the US and UK, and underpins the importance of maximizing the value of data as businesses continue to navigate an unprecedented worldwide situation. 

Of the more than 300 ITDMs surveyed in India, approximately one third (31 percent) report an increase in ransomware attacks on the organization since the pandemic began, and overall 89 percent of ITDMs being more concerned now with protecting their organizational data from ransomware than before the pandemic. However, 44 percent of organizations do not have the data they collect readily available when needed for decision making.

With data being created, stored, and shared in more ways than ever before, IT leaders in India are confronted with unprecedented challenges. The survey reveals that protecting data from outside threats, unauthorised internal access and ensuring business resiliency are becoming key priorities for organisations as they accelerate their cloud migration and digital transformation plans.

 Other key India findings: 

  • Accelerated digital transformation – 76 percent of respondents said that their digital transformation plans have accelerated due to the pandemic.
  • Expanding threat surface – since the pandemic began 42 percent reported an increase in video conferencing attacks, malware (40 percent), phishing (35 percent), user error / accidental tampering or deletion (32 percent) and insider attack (31 percent)
  • Data Recovery a concern – 67 percent reported that the time to recover data is still an issue and has increased since the pandemic  
  • Data access crucial for business survival – 25 percent reported that their company can only go 3 to 4 hours without access to data before causing serious harm to their business

“The pandemic, and possibilities of an emergence in the coming months, has forced organizations across India to re-evaluate the health of their data, potential security vulnerabilities, and their level of preparedness”, said Milind Borate, Co-founder and Chief Development Officer, Druva. “The ability to unlock the value of data, rapidly adapt to changing demands, and delight customers will increasingly be determined by their cloud strategy. Cloud data protection plays a pivotal role in this journey, and  Druva Cloud Platform is designed to help organizations accelerate their digital transformation, while ensuring data security and compliance. 

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Crypto platform Unocoin launches new exchange

Unocoin, the oldest cryptocurrency platform in India, has launched its new crypto exchange platform built for professional traders, fund managers and retail investors.

The launch, which follows Unocoin’s beta Unodax platform, marks the expansion of the company’s existing brokerage model into a full-scale exchange model. The platform comes with billing and invoicing functions to help fund managers and professional traders adhere to tax compliance and financial reporting, Unocoin said.

Unocoin, the single pool of liquidity shared by all Unocoin products, will continue to be made available for Unocoin Exchange users. Trading fees, APIs, and security features will be the same for both platforms. To facilitate the migration, the current platform, Unodax will remain accessible to users for a period of time, with transactions, balances and activity mirrored on both platforms. After 31st March 2021, all users will be seamlessly rolled over to Unocoin Exchange, with Unodax being phased out.

“We are launching the Unocoin exchange as a straightforward and user-friendly platform for experienced traders and institutional investors in India to participate in a globally expanding cryptocurrency ecosystem. In addition to a customised and secure trading platform, we will continue with Unocoin news, the Unocoin blog, and educational campaigns to help users excel in the crypto space,” said Sathvik Vishwanath, Co-founder and CEO, Unocoin.

The Unocoin Exchange comes with an improved user experience from Unodax, customised trading solutions that now serves a wider clientele. New features include a completely redesigned platform for a more intuitive experience; simplified deposit and withdrawal processes; improved charts to access more historical data; a new consolidated portfolio view called “My Wallets”; new Lending and Earn Interest functions; a wider wallet page consisting 30 different coins, the company said.

Apart from traditional limit orders and market orders, the platform is the first in India to support sophisticated order book placements, including split orders, enabling customers to place multiple orders at different prices with a single click; and ladder orders, helping customers take advantage of volatility with automatic order execution upon trigger of pre-determined price levels.

Sunny Ray, Co-founder and President, Unocoin said that by facilitating multiple functions like investments, utilisation, buying, selling, lending, and earning interest with cryptocurrency, Unocoin is offering users a unique opportunity to become shareholders in the cryptocurrency ecosystem. “As the decentralized ecosystem advances, we expect there will be many more opportunities for customers to interact with digital assets in new and unique ways,” he added.

After initial concerns as well as risks associated with this, regulatory bodies all over the world are looking at crypto currencies. In India, banking regulatory Reserve Bank of India recently issued a booklet on Payment and Settlement Systems in which it has mentioned that Private digital currencies (PDCs) / virtual currencies (VCs) / cryptocurrencies (CCs) have gained popularity in recent years.

RBI is exploring the possibility as to whether there is a need for a digital version of fiat currency and in case there is, then how to operationalise it.

Indian govt to pass India’s Privacy Protection Bill soon

India’s Privacy Data Protection Bill, which is going through multiple stakeholder considerations, will be passed soon.

Things are still under deliberation, as the government is steadfast in its belief that data should be easy and affordable to access,” said Neeta Verma, Director General (DG), National Informatics Center (NIC), Ministry of Electronics and Information Technology (MeITY) who was addressing W.Media’s South Asia Cloud and Data Center Summit.

Legislation on data protection has gathered pace in India since the Supreme Court ruled privacy as a fundamental right in 2018. Subsequently, Justice B N Srikrishna, was tasked to come up with a draft of the Data Protection Bill.

The draft now is with the Joint Parliamentary Committee (JPC), who will eventually pass it into a law. While Dr Verma did not specify a timeline on when it will come into effect, she said that the government is deliberating all aspects, across all stakeholders, into this Bill.

With the onset of COVID-19, coupled with other likely accelerators such as 5G launch later this year, data consumption is growing at a humongous pace in countries like India. India with its 564 million internet user base is one of the most lucrative markets for internet-enabled services. For the same India needs to have the mix of physical infrastructure as well as laws that safeguard data protection for individuals and corporations, stated Dr. Verma.

Along with a policy on data (which has been referred to JPC for approval), the Indian government has also floated the framework for a data center policy, which after feedback, will be made into a law. “Data center should be accorded infrastructure status- like railways or roads and data center parks should be allowed to come up,” said Dr. Verma.

According infrastructure status, helps in attracting long-term capital from large pension funds as well as Private Equity companies, which is needed for building out a data center infrastructure in India. The government’s draft of a national Data Centre (DC) policy, focuses on simplifying existing rules, indigenous manufacturing and giving it “infrastructure” status could see big ticket investments.

Data center parks will help companies to co-locate their IT infrastructure in places which have reliable power, connectivity, amongst other factors.

Incentivisation schemes are also in the offing, stated Dr. Verma. India has a large talent pool, broadband connectivity, as well as geographically is one of the best places for becoming a global hub of data centers. “We have seen fast adoption fo cloud within government with 12,000 apps under the umbrella,”she said.

Some examples of government cloud services in India includes MyGov, e-hospitals, e-way bills, the government’s e-procurement system, Swachh Bharat mission, amongst others.

Dr. Verma is of that nowadays, data centers need to be viewed through a different lens. ‘We need to look at efficiencies in data centers in an environmentally sustainable manner-from managing power for cooling requirements to energy consumption. Data canter with managed services offers a great opportunity for India.

Cyber Security breach at Australian Securities and Investments Commission (ASIC)

The Australian Securities and Investments Commission (ASIC) reported a cyber security breach related to its use of a file sharing software.

The Australian regulator in a notification said: “This incident is related to Accellion software used by ASIC to transfer files and attachments. It involved unauthorised access to a server which contained documents associated with recent Australian credit licence applications.”

While the investigation is ongoing, it appears that there is “some risk” that some limited information may have been viewed by the threat actor. At this time ASIC has not seen evidence that any Australian credit licence application forms or any attachments were opened or downloaded, it added. ASIC’s IT team and cyber security advisers engaged by ASIC are undertaking a detailed forensic investigation.

Interestingly the Accellion file sharing software was recently at the centre of a similar incident at the Reserve Bank of New Zealand. As a precaution, and to protect information and systems, ASIC has disabled access to the affected server. The regulator is working on alternative arrangements for submitting credit application attachments which will be implemented shortly. No other ASIC technology infrastructure has been impacted or breached, it pointed out.

Meanwhile, relevant agencies and those impacted have been notified, it said.

Recently, the SUNBURST malware attacks against SolarWinds have heightened companies’ concerns about the risk to their digital environments. Malware installed during software updates in March 2020 had allowed advanced attackers to gain unauthorized access to files that may include customer data and intellectual property.

Matt Gyde, President and CEO, Security Division at NTT Limited had recently said that threat actors have exploited disruption during the COVID-19 crisis to launch an accelerated wave of cyberattacks around the world. The SolarWinds incidents were orchestrated by sophisticated operators and exploit the broad distribution of commonly-used software packages, he said.

APAC’s Secure Content Management (SCM) market to reach $2.2 billion by 2024: Frost & Sullivan 

The Secure Content Management (SCM) market is expected to achieve an 11.4% compound annual growth rate (CAGR) to reach $2.2 billion in total web and email security revenues by 2024, revealed in an analysis by Frost & Sullivan.

Cloud-based deployments are projected to lead growth as more enterprises move their emails to the cloud and rely on the internet, including remote working, especially during COVID-19.

The overall email security market is maturing with slowing but steady growth. Heavily driving its cloud-based deployments are cloud-based email adoption, such as Office 365 and G Suite, and increasing regional remote workforces.

The larger but less mature Web security market is also benefiting significantly from the latter. Moreover, enterprises are more reliant on Web applications and moving their workloads into the public cloud, necessitating cloud centricity.

Malicious email and web links remain the most popular attack vectors 

Malicious email and web links remain the most popular attack vectors in APAC countries. Threats include more advanced and sophisticated targeted phishing emails, business email compromises, and malicious content.

“The addition of multiple functionalities into core capabilities is transforming web and email security options as organizations seek better compatibility with their cloud migration journeys and cost-savings simultaneously. Various integrations, including data loss prevention (DLP), cloud access security broker (CASB), and email/browser isolation, are blurring distinctions among cybersecurity solutions,” said Vivien Pua, Industry Analyst, ICT at Frost & Sullivan.

“The larger but less mature web security market is also benefiting significantly from cloud-based deployment security solutions given their scalability, flexibility, and lower cost.”

Pua added: “Larger enterprises often require dedicated web and email security to effectively detect, prevent, and remediate threats. These companies with larger financial resources generally prioritize performance and will opt for standalone solutions or best-of-breed options. Conversely, small and medium businesses (SMBs) are more open to integrated solutions or Software-as-a-Service (SaaS) offerings, which offer them the necessary protection level, despite their limited security budgets.”

Strategic recommendations for further revenue opportunities

Cybersecurity vendors should explore these strategies, Frost & Sullivan recommended:

  • Assist enterprise customers who are migrating to cloud email by integrating and/or transferring their email security to cloud-based deployments.

  • Offer cloud-delivered integrated cybersecurity solutions to meet the business needs of remote workforces.

  • Prepare on-premises deployments or hybrid deployment solutions for enterprises reliant on traditional operating procedures or that face regulatory compliance issues regarding on-the-cloud deployments.

  • Explore new product development and acquisitions to match the security demands of the current and future threat climate.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Oz Def Min to exit Global Switch data centre biz by 2025

The Department of Defence in Australia has reneged on its planned 2020 exit from Global Switch’s Sydney-based data centre by up to five years after plans to move all of its data from the facility fell short last year. 

The department extended its deal with the Chinese-owned facility under a $53.5 million contract last October

Defence had planned to shift all of its secret files back into a government-owned data centre at the end of its 10-year lease agreement Global Switch in September 2020, as revealed by the ABC.

The decision to leave was prompted by a purchase of half of the centre’s parent company by a Chinese consortium in 2017, despite assurances from the company that its files are secure. 

The move was slated to cost up to $200 million when planning began around three years ago.

But the new property lease gives Defence access to Global Switch’s Ultimo facility until September 2025.

Meanwhile, other federal government agencies, including he Australian Taxation Office and, more recently, the Australian Securities and Investments Commission, have either moved – or are in the process of moving – out of Global Switch by 2022.

Australian Defence has also extended a separate property lease with Global Switch until September 2025 under an existing deal at a cost of $8 million.

A spokesperson told iTnews “the size of the Defence holdings made it impractical to migrate all the holdings from the data centre prior to the expiry of the Defence lease in September 2020”.

The department did, however, migrate some of its data holdings to an undisclosed “alternative data centre”.

“This was completed in mid-2020,” the spokesperson said, adding that “Defence has developed a plan to migrate its remaining holdings to cover the next three to five years, as supported by the government”.

Defence also uses other data centres, including Canberra Data Centres (CDC) for its billion-dollar enterprise resources planning (ERP) modernisation hosted on Microsoft Azure.

Asked whether sensitive data was stored at the data centre, Defence said it still “has data holdings at GSU [Global Switch Ultimo]”, adding that the facility is subject to Foreign Investment Review Board controls.

Last month, the Australian Strategic Policy Institute found that over half of all current federal government contracts were with one data centre provider, widely understood to be CDC, iTNews reported. 

“Contracts with the dominant provider totalled $620 million, or 79 percent,” it said in its ‘devolved data centre decision report’ [pdf] after analysing 87 current data centre contracts on AusTender.

Founded in 1998 and led by Chief Executive Officer John Corcoran, Global Switch, owns, operates and develops data centers in Europe and Asia Pacific. The company’s footprint currently spans about 390,000 square meters and its tenants include government organizations, mobile carriers and financial institutions, its website shows. The company posted revenue of about 439 million pounds in 2019, its annual report showed.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

South Australian government chooses Atos as cloud provider

The government of South Australia has selected German cloud and cybersecurity company Atos to support the organisation with its digital transformation journey.

In a three-year agreement signed by both parties, the South Australian government agencies will leverage Atos’ Managed Platform Services (MPS) to deliver better data processing and cloud migration solutions.

Mike Green, Managing Director of Atos Australia, said that the company is “proud” to be chosen as a trusted partner of the government.

“We believe that hyperscale Cloud services can make a different kind of public service possible. We are excited to transfer that knowledge, experience and deep insights to embark on this journey towards a safe and citizen-centric future in South Australia,” he added.

South Australia’s capital city, Adelaide, is the fifth most populous city in Australia and is consistently ranked as one of the most liveable cities in the world.

Earlier in January, the government outlined a bold and ambitious tech strategy for the South Australian Government that brings together technology, cybersecurity and digital services.

The government is actively collaborating and partnering with agencies to achieve positive outcomes for the state. These include: developing a more resilient and innovative cyber security industry centred in Adelaide’s innovation hub, Lot Fourteen, through the Australian Cyber Collaboration Centre (A3C); and addressing and reducing the cyber and digital skills gap by developing education, training and pathways through cyber security traineeships for government, development of cyber school curriculum, and other skills growth activities.

Another initiative includes to improve online accessibility of government services for people living with disadvantage or a disability and improve the state’s cyber security posture by implementing the South Australian Cyber Security Framework (SACSF) across government and improve the industry’s awareness of the SACSF.

NTT Limited to offer free cyber sec solutions to mitigate SolarWinds attack

Technology services company NTT Limited will offer “specialised sensor” capability to help them determine their risk and potential means to mitigate attacks related to the recent SolarWinds incidents. This will be offered to specific clients, free-of-charge, the company said in a statement.

In December 2020, a supply chain attack through SolarWinds’ commonly-used network management software allowed malware to be distributed to at least 18,000 organizations around the world. Additional threats have also since been identified, potentially exposing many organisations’ applications and data.

In response to these supply chain attacks, NTT will provide companies that believe themselves to be at risk of compromise with their 30-day trial of its Specialized Sensor for SolarWinds Detection and Alerting across all platforms other than Azure, at no charge.

This offering includes:
Deployment of a specialized sensor in AWS and Google Cloud Platform environments for the detection of Indicators of Compromise (IOCs) specific to the SolarWinds breach.
Near real time notification to a client’s security organization in the event a compromise is detected.
An actionable incident report delivered automatically, immediately upon detection of IOCs linked to the SolarWinds compromise.

On 8 December 2020, cybersecurity company FireEye reported a breach and exfiltration of their Red Team tools. Ultimately, FireEye realized the breach had come via supply-chain attack carried out by the implantation of malicious code in the SolarWinds update server for the Orion Platform.

Sunburst attack

The attack on SolarWinds, dubbed Sunburst, loaded a Trojan into the SolarWinds software update. This malicious update infected SolarWinds Orion Platforms, thus compromising the networks of SolarWinds’ clients. The sophistication of the attack has led analysts to assert that the cyber event was most likely attributed to Russian nation-state threat actors.

On Friday, December 18th, Microsoft released a statement confirming that its network had been compromised by the malicious software updates from SolarWinds. FireEye and Microsoft were two of many companies affected by the attack. US-based organizations were targets of nearly 80 per cent of the attacks. Apart from them, organisations based in Belgium, Canada, Israel, Mexico, Spain, and the United Arab Emirates (UAE) were also affected.

In response to the US attacks, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to US government agencies directing them to immediately disconnect or power down SolarWinds Orion products. US government agencies believed to have been breached so far include the Treasury Department, the Justice Department, the Energy Department, and the National Nuclear Security Administration, among others. The full extent of the attack is unknown. It is highly probable that more victims will be discovered since damage from this breach is still being assessed and new tactics, techniques, and procedures (TTPs) could be discovered.

Matt Gyde, President and CEO, Security Division at NTT Limited is of the view that threat actors have exploited disruption during the COVID-19 crisis to launch an accelerated wave of cyberattacks around the world. “The SolarWinds incidents were orchestrated by sophisticated operators and exploit the broad distribution of commonly-used software packages. NTT has now moved to proactively offer clients a way to identify potential problems in their technology infrastructure and take the steps needed to close those gaps,” he said.

Organisations can then engage with NTT for in-depth review, analysis, recommendations, and remediation including a rapid incident compromise assessment. NTT can also provide ongoing managed security services such as Security Operations Center as a Service (SOCaaS) and develop a Strategy for Supply Chain Security Assurance, to help clients monitor their technology assets and reduce risk from future threats.

Cyberattacks cost Vietnam $1 billion in 2020

How costly could cybersecurity threats get?

A recent study by Vietnam’s Bach Khoa Antivirus Center (Bkav) found out that the country suffered a staggering loss of $1 billion (24 trillion Vietnamese Dong) due to cyberattacks.

Carried out in December 2020, the study revealed that the COVID-19 pandemic has much to do with the financial loss. As organisations and employees in Vietnam continue to work remotely, due to restrictions placed on travel, as well as social distancing norms, cyber criminals have lapped up this opportunity. They have got into home as well as enterprise devices and have infiltrated, altered, and stole data.

Major e-commerce platforms and banking institutions in Southeast Asia are continuing to be hit hard by cyber threats, with personal information of thousands of users being stolen.

Supply chain attacks on Vietnamese businesses are also common. Such attacks target a product’s manufacturing line by installing hardware-based spying components, resulting in significant financial losses.

On top of that, Bkav’s threat detection system picks up over 15,000 spywares installed in smartphones monthly. These are also to steal sensitive information and private messages from smartphone users in Vietnam.

Ho Chi Minh wants to stop cybercrime

This is perhaps why Vietnam’s largest city, Ho Chi Minh has set up a cybercrime division to combat such threats. A real-time malware detector website is also launched to remove any threats immediately.

However, Bkav’s Vice President of Anti-Malware, Vu Ngoc Son, pointed out the existence of fileless malware threats that hide in a system’s configuration parameters. As they leave no sign of presence, they are likely to still threaten many businesses in Vietnam, he said.

JOIN W.MEDIA AT DIGITAL WEEK

SG | MY | ID | TH | VT | PH

When: 23-26 February 2021

Where: Online

The past year has seen incredible leaps forward in our embrace of digital solutions, and we think it’s time to come together and talk about it. We’re bringing together thousands of IT leaders from across Southeast Asia, covering everything from datacenter deployment to digital banking. Digital Week lets you expand your network and engage with new markets from wherever you are.

Want to learn more about ASEAN’s Cloud & IT ecosystem? Start your year off right and Register Today for Free!

Spike in remote work postings since Covid-19: LinkedIn says

During the pandemic, Asia-pacific regions saw a spike in remote work job postings, according to data from LinkedIn.
Linkedin’s statistics show that both remote work postings and applications have increased significantly in 2020. From March to May 2020 alone, India’s remote job applications grew to a multiple of 4.65 times, closely followed by Australia and China, outperforming the global average with an increase of only 2.28 times.
Indirectly, this is expected to drive demand for robust cloud-based platforms and AI-driven cybersecurity solutions. The steady increase of cloud solutions provides employers and employees with access to data and collaborative platforms regardless of their physical locations.
The increasing availability of fast, steady and reliable broadband connection and cloud computing, lay the infrastructural groundwork for remote working, reported Statista, a German company specializing in market and consumer data.
Cloud-based service providers meeting the growing demand

With the demand for remote work expected to be outlasting the pandemic, Statista forecasts that spending on cloud-based business applications, collaboration tools, cybersecurity, and remotely managed IT services are projected to grow by almost 100 billion U.S. dollars over the next few years; on the other hand, spending for on-premises service is predicted to stagnate.

Growing hand in hand is the revenue from the cloud email and collaboration market, which is set to double in size and worth by 2024 from 2020.

Data centers are crucial to the virtual workplace as the key point of access for data and assets, utilized by remote workers when they log in to the network. Thus, how streamlined and secure the process is will determine the experience of a virtual working arrangement.

Leading cloud solutions businesses are ramping up their data center capacity to meet the demand. For example, Zoom Video Communications, Inc. also expanded its co-located data center in Singapore, where it has already had a presence for 2 years.

AppDynamics, part of Cisco Systems, which focuses on managing performance and availability of applications across cloud computing environments and inside the data center, recently started to offer its Software-as-a-Service (SaaS) offering in Asia.

This enables customers to access AppDynamics solutions via a local cloud location and accelerate their digital transformations.

Southeast Asian firms more aware of cyber hygiene: Palo Alto study says

Southeast Asian countries, including Indonesia, are becoming more aware of the importance of cybersecurity and protection from cyber threats, a survey by a technology corporation revealed.

Surung Sinamo, Country Manager of Palo Alto Networks Indonesia who conducted the report, said in an online forum on Wednesday: “They (countries) are becoming more aware of the importance of preventing and thwarting cyber attacks that can potentially disrupt businesses, as we have seen in the last few years.”

Conducted from 6 to 15 Feb, 2020, right before the spread of coronavirus widened, the survey involved 400 leaders of tech companies from Indonesia, the Philippines, Thailand, and Singapore.

Palo Alto believes the survey’s findings remain relevant amid the pandemic as more work is being done virtually.

“There are a lot of virtual meetings, companies have accelerated their need (for such meetings) to ensure that their businesses and workers are protected,” Sinamo said.

Of the 100 companies surveyed by Palo Alto in Indonesia, 4 out of 5, or 84% businesses, had increased their budget for cybersecurity in 2020, higher than the average in the region, with 73% of the companies reporting higher cybersecurity budgets.

Almost half of the 84% companies that responded said they allocated most of their total tech budget for cybersecurity, with 71 % saying they increased the budget as cyber threats are becoming more sophisticated.

Furthermore, 70% of the respondents said that cyber attacks had increased, and 69% felt the need to boost their security capacities, including through automation.

76 % of the respondents saw solutions such as antiviruses and anti-malware as important aspects of cybersecurity, while 61% said they had also invested in cloud-based servers, even higher than the global trend (link to W.media article).

Meanwhile, 56 % of the Indonesian companies used software-defined wide area network security and 51% opted for firewalls.

The growing awareness of cybersecurity was also reflected in measures to review standard operational procedure policies annually. These were carried out by 92% of the respondents.

However, 44% reported they were still not confident about their cybersecurity despite that the majority has increased their security investment.

This suggested a demand for more reliable security options among Southeast Asian firms.

WhatsApp pushes privacy policy deadline to May 15

WhatsApp has pushed back its new privacy policy deadline to May 15, after it came under intense pressure from users.

The deadline was for accepting the tweak to its terms of service, involving sharing data with Facebook servers. Instead, Facebook in a blog said that it would go to people gradually to review the policy at their own pace before new business options are available on May 15.

“We’re now moving back the date on which people will be asked to review and accept the terms. No one will have their account suspended or deleted on February 8. We’re also going to do a lot more to clear up the misinformation around how privacy and security works on WhatsApp. We’ll then go to people gradually to review the policy at their own pace before new business options are available on May 15, ” it said.

Earlier this month, WhatsApp users received a notification that it was preparing a new privacy policy and terms, and it reserved the right to share some user data with the Facebook app.

This sparked a global outrage and resulted in people moving to alternative apps such as Telegram and Signal. Telegram in a notification said that since the last few days around 25 million new users  joined the platform.

“WhatsApp was built on a simple idea: what you share with your friends and family stays between you. This means we will always protect your personal conversations with end-to-end encryption, so that neither WhatsApp nor Facebook can see these private messages. It’s why we don’t keep logs of who everyone’s messaging or calling. We also can’t see your shared location and we don’t share your contacts with Facebook, it said. With these updates, none of that is changing. Instead, the update includes new options people will have to message a business on WhatsApp, and provides further transparency about how we collect and use data. While not everyone shops with a business on WhatsApp today, we think that more people will choose to do so in the future and it’s important people are aware of these services. This update does not expand our ability to share data with Facebook,” it added.

“There is a need for stronger, comprehensive legislation and propels the privacy-conscious users to address the legal vacuum left unattended otherwise. In view of the fast-evolving online commercial industry, it is imperative to establish an Authority that helps identify and penalize offenders so as to materialize Privacy in letter and spirit and save it from being left as a half-baked promise,” stated Sonam Chandwani, the Managing Partner at KS Legal & Associates.

Although WhatsApp attempted to assure sophisticated and secure data sharing practices with Facebook with no impact on private communication across the world, the privacy update allows Whatsapp businesses to choose to receive secure hosting services from Facebook to help manage their communications with their customers on WhatsApp.

“However, the recent notification has led to a severe loss of confidence in Whatsapp by its loyal users. Further, the privacy laws in India are lacking in the fight against rising data breaches and cyber attacks in an increasingly digitized business space amidst the pandemic,” said Chandwani.

Ripple partners with Malaysia’s Mobile Money and Bangladesh’s bKash for remittance

Ripple has signed a deal with Malaysia’s Mobile Money and Bangladesh’s bKash to power a wallet-to-wallet remittance corridor between the two countries.

As a part of the deal, this wallet-to-wallet remittance corridor will use RippleNet, Ripple’s Distributed Ledger Technology-based global payments network, to enable Mobile Money and bKash to offer wallet-to-wallet transactions. Mutual Trust Bank will work as the local banking partner in Bangladesh to perform the remittance settlement, according to company executives.

Kamal Quadir, CEO, bKash, said: “This partnership will bring great convenience to both the recipients and senders, and contribute further to our national economy by encouraging inward foreign remittance flow through legal channels.”

Navin Gupta, MD, South Asia and Mena, Ripple, said: “As Ripple is bolstering our presence in South Asia, we are excited to contribute to the infrastructure of the region to transform the way cross-border payments are executed.”

Bangladesh has the third largest remittance flows in South Asia, with Malaysia ranking as one of the top five sources of remittances for the country.

Countries such as Bangladesh and India have a large number of people working abroad and often remit a significant amount of their earnings back home. This market used to be dominated by the likes of Western Union and others.

In December 2020, Federal Bank entered into a tie-up with OrbitRemit Limited, a money transfer company, to facilitate money transfer from New Zealand to India. OrbitRemit Limited, a leading full-service provider based out of New Zealand, has its presence in other countries like Australia & UK, currently providing remittance services to around 39 countries worldwide.

Nilufer Mullanfiroze, Senior Vice President and  Country Head –
Deposits, Cards and Unsecured Lending, Federal Bank had said that Non Resident Indians (NRIs) and small businesses in New Zealand will now enjoy a modern, low cost, fast, easy and more reliable
way of transferring money to India. Federal Bank currently processes more than 17 per cent of the personal inward remittances into India.”

Philippine Air Force to build cybersecurity center in new deal with local tycoon

The Philippine Air Force (PAF) will be building a new cybersecurity center with funding from local tycoon Manny V. Pangilinan.

Pangilinan, President and CEO of Philippine conglomerate PLDT Group, will be building the MVP Cybersecurity Center for Excellence to enhance the PAF’s ability to counter cyberattacks.

This new facility can also be seen as part of the Philippine government’s digitalisation effort. PAF spokesperson, Lieutenant Colonel Aristides Galang, said that the center will house PAF’s other security departments, including the security operations center, the network operations center, and PAF’s cyber range.

Pangilinan’s PLDT Group is the parent company of Smart Telecommunications, one of the two largest telecommunications service providers in the country.

“We are one with the government in ensuring that our country is safe from cyber threats. We look forward to more engagements with the Philippine Air Force and the Armed Forces of the Philippines on this front,” said Pangilinan.

This is not the first collaboration between PAF and PLDT. In August 2020, both parties signed an agreement that saw PLDT’s Cyber Security Operations Group (CSOG) provide cybersecurity training to military officers in the PAF.

RBI sets up a Working Group to study cyber issues around digital lending

Indian banking regulator RBI has set up a Working Group (WG) to study all aspects of digital lending activities such as data security, privacy, confidentiality and consumer protection.

Recent spurt and popularity of online lending platforms/ mobile lending apps, especially concerning digital lending has raised certain serious concerns which have wider systemic implications. Against this backdrop, a Working Group (WG) is being set up to study all aspects of digital lending activities in the regulated financial sector as well as by unregulated players so that an appropriate regulatory approach can be put in place, RBI said in a notification.

Digital lending has the potential to make access to financial products and services more fair, efficient and inclusive. From a peripheral supporting role a few years ago, FinTech led innovation is now at the core of the design, pricing and delivery of financial products and services. While penetration of digital methods in the financial sector is a welcome development, the benefits and certain downside risks are often interwoven in such endeavours. A balanced approach needs to be followed so that the regulatory framework supports innovation while ensuring data security, privacy, confidentiality and consumer protection.

The Working Group (WG) will consist of both internal and external members. Internal members include  Jayant Kumar Dash, Executive Director, RBI (Chairman),  Ajay Kumar Choudhary, Chief General Manager-in-Charge, Department of Supervision, RBI;  P. Vasudevan, Chief General Manager, Department of Payment and Settlement Systems, RBI and Manoranjan Mishra, Chief General Manager, Department of Regulation, RBI (Member Secretary).  External memberswill consist of  Rahul Sasi, Cyber Security Expert & Founder of CloudSEK and  Vikram Mehta, former associate of Monexo Fintech.

The Working Group (WG) will have the task to:

  • Evaluate digital lending activities and assess the penetration and standards of outsourced digital lending activities in RBI regulated entities;
  • Identify risks posed by unregulated digital lending to financial stability, regulated entities and consumers;
  • Suggest regulatory changes,to promote orderly growth of digital lending;
  • Recommend measures, for expansion of specific regulatory or statutory perimeter and suggest the role of various regulatory and government agencies;
  • Recommend a robust Fair Practices Code for digital lending players, in-sourced or outsourced;
  • Suggest measures for enhanced Consumer Protection; and
  • Recommend measures for robust data governance, data privacy and data security standards for deployment of digital lending services.

RBI has given the Group three months to submit its report . You can glean more insights on cyber security during W.Media’s Digital Week 2021, from February 23-26. https://w.media/digital-events/

Hoplite Technology, launches a privacy-by-default anti-phishing solution 

With an inherent emphasis in “privacy-by-default”, Hoplite Technology, a cybersecurity SaaS developer, launched a free tool named Anti-Phishing Bot (APBot), a cloud-based solution that uses email sender’s behaviours and community crowdsourcing to protect vulnerable everyday-users from phishing attacks.

A phishing email is a form of cyberattacks where cybercriminals impersonate a trusted party to gain access to sensitive information. Due to the lack of ways to verify the identity of the senders, everyday users without technical training will often find it difficult to distinguish a phishing attack as the red flags are hidden in different parts of an email.

To protect users’ privacy, APBot follows the “privacy-by-default” principle to detect email frauds based on the sender’s behaviour, such as email delivery path, and network profile without reading the email content.

Unlike many anti-phishing solutions are designed for IT Administrators with cybersecurity knowledge, APBot is accessible for everyday users: users can detect and report a phishing email with one click; at the same time, similar emails will be flagged within the APBot community, and through this ecosystem, the detection accuracy of the AI-assisted tool is expected to improve, the company said.

“Traditionally, identifying phishing emails requires training and network knowledge, but APBot has simplified the process. We believe senior citizens and students who are more vulnerable to social engineering will benefit from the protections offered by APBot,” said Antony Ma, Founder at Hoplite Technology and Chairman of Cloud Security Alliance Hong Kong and Macau Chapter

The ease of use is one of the advantages of using APBot which does not require the users to have any relevant training and can be integrated with popular email tools, such as Gmail, Office 365 and Hotmail, as an add-on without software installation.

Ho Chi Minh City sets up cybercrime division

Ho Chi Minh, Vietnam’s largest city, has just announced the establishment of a new police division to combat cybercrime in the country.

The new division for cybersecurity and high-tech crime will be run by the Ho Chi Minh City Police Department.

According to Nguyen Thanh Phong, Chairman of the Municipal People’s Committee, the creation of this department is to ensure cyber safety in Ho Chi Minh as part of the government’s efforts to build a smart city.

Assigned to lead the department is Senior Lieutenant Colonel Nguyen The Lam, who is also Deputy Chief of Staff for the Ho Chi Minh Police.

Cybersecurity in Vietnam

Vietnam is one of several countries in Southeast Asia that is actively working to tackle rising cases of cybercrime. In 2020, the country recorded 5,168 cases of cyberattacks.

Vietnam’s Ministry of Information and Communications’ National Cyber Security Center (NCSC) has been at the forefront of patrolling the cyberspace and removing malware. In December, Vietnam reported 315 cases of cyberattacks, but this figure was a 54.48 percent decrease from the previous month of November.

In October 2020, the NCSC also launched a real-time malware review site to monitor cyberthreat activity across Vietnam.

TAC Security to foray into other markets outside India

TAC Security, an Indian Computer Emergency Response Team (CERT-In) empanelled information security organisation, is taking it’s new dark web threat intelligence solution, ESOF-DarkSec, to markets abroad.
This is an effort to address the growing demand for Cyber Security solutions and also add impetus to TAC Security’s global expansion plans . ESOF-DarkSec will be rolled out, to begin with in the North American market where it has a strong footprint and in the African market where it commenced operations. The company is further expanding operations in the Australian and European markets as well.

ESOF-DarkSec helps enterprises detect, measure, and identify the type of data available on the dark web about their companies.   “Data confidentiality has always been an issue for enterprise security teams, and the recent increases in the dark web exposure cases are intimidating for both governments and organizations. Cybersecurity threats are becoming more sophisticated with every passing day, and even more so during the COVID-19 outbreak where spear-phishing is being used as a tool to access critical data. We hope that the product will help inform business entities about the vulnerabilities of their infrastructure so they can secure their endpoints and networks against potential threats.” Chris Fisher, Chief Marketing Officer, TAC Security.

The launch is aligned with the rising number of data leaks on the dark web, which jeopardize sensitive information of government, businesses, and individuals alike. This cloud-based solution helps find the size, nature, and recent update (if any) of the leaked data on the darknet. ESOF-DarkSec also provides a dark web organization risk score on a scale from 0 to 10, so security teams can know the risk to the organization on available data in the dark web from and take action to mitigate the risk. The solution is available as a subscription plan in three tiers: Basic, Platinum, and Premium, with different price points based on deeper periodic scans.

Trishneet Arora, Founder and CEO of TAC Security said, “Data is the biggest asset for any entity in the current landscape. As much as it gives precious insights into enhancing customer experience, any unauthorized access to it can cause severe damage to personal, enterprise-level, or even national integrity, depending upon the nature of data. It is very difficult to get this data down once it enters the dark web. Knowing the extent of the dark web threat is pivotal as it enables an organization to analyze and limit the damages by taking preventive measures.”

TAC Security protects Banks and Financial Institutions, governments’ organisations, Fortune 500 companies, leading enterprises data around the world. TAC Security manages 5 million vulnerabilities through its Artificial intelligence (AI) based Vulnerability Management Platform ESOF. The company is also responsible for End to End Security Assessment of 200 UPI based Mobile Application for NPCI, an umbrella organisation for operating retail payments and settlement systems in India.

You can deep dive into cyber security and its various dynamics during W.Media’s Digital Week 2021, from February 23-26. Do check it out at https://w.media/digital-events/

Digital forensics market to reach $5203.3 million by 2026 

The global digital forensics market size is projected to reach $5203.3 million by 2026, according to research by Valuates Reports.

In 2020, this market was estimated to hit USD 4741.2 million, at a CAGR of 9%, with North America and Asia Pacific regions being the key growth contributors, during the period 2021-2026, according to Valuates research. 

Digital forensics is a technique which includes recovery and interpretation of data found in digital devices for use in a court of law. The digital forensic investigation comprises three stages which includes the acquisition of exhibits, investigation, and reporting. 

Increasing cybercrimes and innovation in digital forensic research show an increasing trend for the digital forensics market in the near future.

The major factors driving the growth of the Digital forensics market size are stringent government regulations, massive use of Internet of Things (IoT) devices, and the increasing instances of cyber-attacks on enterprises. As a result, businesses and organisations found it crucial to implement digital forensic technologies and services to recover data lost in an unusual event or attack, the report said.

Trends influencing the digital forensics market size

An increase in the use of IoT devices is expected to drive the growth of the digital forensics market size. The prevalence of IoT devices, such as smart transport, vehicle communication, autonomous vehicles and smart homes, has made themselves vulnerable to cyberattacks, the report said.

North America is expected to hold the largest digital forensic market share during the forecast period. 

Another cybersecurity vulnerability also drives the digital forensics market: cryptocurrencies, which is subjected to cyber-attacks on financial gains, geographic rivalry, interpersonal rivalry, and reputation defacement, the report added. 

An effective digital forensic solution is necessary to regenerate sensitive data that may have been lost during cryptocurrency storage or trade. 

Another key application of digital forensics lies in private and criminal investigations. Factors such as increasing Internet penetration, the use of electronic devices and smart devices, among others, have contributed to a spike in cyberattacks across the globe. 

The rising severity of cyberattacks is expected to further fuel the demand for digital forensic market size. Many companies in the region have embraced cloud technologies to streamline work processes. In addition, the rapid penetration of mobile devices, such as smartphones, and laptops, to support business continuity has further accelerated the frequency of cyberattacks in the region.

The North American digital forensics market’s main growth driver is the widespread adherence to data enforcement regulations by all businesses and the rapid introduction of cloud computing.  Asia Pacific region is expected to witness the highest growth during the forecast period due to increasing instances of cybercrimes, the report said.

 

Shinji Murakami joined Cognizant as the Head of Japan

Shinji Murakami has joined Cognizant as the Head of Japan and a member of Cognizant’s Global Growth Markets (GGM) leadership team effective Jan. 4, 2021. 

Murakami has more than 30 years’ experience leading managed services, mobile communications, business development and go-to-market strategies in the IT industry. Prior to Cognizant, he was the Managing Executive Officer of Microsoft’s Enterprise Group, where he led the sales team focused on engaging the C-suite across verticals, helping clients drive digital transformation. 

Prior to his post in Microsoft, Murakami spent 12 years at Hewlett Packard as General Manager of Enterprise Services for Japan. He has also held senior leadership roles at Softbank Telecom, IBM and DXC Technology.

Based in Tokyo, Murakami has long-time relationships with the business and technology communities in Japan. As the head of Cognizant Japan KK, Cognizant’s Japan subsidiary, he will lead the strategic expansion of Cognizant in Japan, helping customers in Japan respond to changing technology trends and market demands.

“Japan is one of the strategic markets where we have been significantly increasing our presence over the last few years,” said Ursula Morgenstern, President, Global Growth Markets, Cognizant. 

“I am pleased to welcome Shinji Murakami to drive the next wave of growth for Cognizant in this important market. I am confident that with his extensive business, technology and consulting experience, Shinji san will be able to further enhance our leading-edge advisory and delivery capabilities in Japan and help our clients further accelerate innovation.”

“I am honoured to be a part of Cognizant at a time when Japan is sharpening its focus on building a digital society,” said Murakami. 

“I look forward to helping Japanese businesses benefit from Cognizant’s leadership in enabling digital transformation while providing further momentum to our operations in Japan and providing a stronger experience to our talented employees in the country.”

Cognizant’s approximately 700 professionals in Japan serve more than 60 customers, including top insurance, life sciences, telecommunications, technology and manufacturing companies. Established in April 2008, Cognizant Japan KK has offices in Tokyo and Osaka. 

Avast identifies new cybersecurity threat targeting Mongolian Government data center

Avast, a global leader in cybersecurity and privacy software, has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia. 

 

Avast researchers consider a Chinese-speaking APT group to be the attacker, however, the actual objective of the group remains unknown

 

The likely culprit, LuckyMouse, otherwise known as EmissaryPanda and APT27, is infamous for attacking national resources and political information in China’s neighbouring countries. 

 

Avast found out that the techniques used by the group are different from previous attacks. This time, they use both keyloggers and backdoors to gain long-term access and upload a variety of tools that they used to scan the Mongolian Government networks and dump credentials.

 

“The APT group Lucky Mouse has been active since Autumn 2017 and has been able to avoid Avast attention in the last two years due to their evolving techniques and marked change of tactics,” said Luigino Camastra, a Malware Researcher at Avast.

 

The APT group compromised the Mongolian government in two ways. First, by accessing a vulnerable service provider of the Government to gain entry into government institutions, and secondly, by sending malicious emails with weaponised documents via an unpatched CVE-2017-11882 vulnerability.

 

We were able to detect their new tactics to discover this campaign targeting the Mongolian government, showing how they’ve scaled their operations to be more advanced to gain longer term access to sensitive data,” added Mr. Camastra.

 

The finding is corroborated by Slovak security firm ESET, who found that the hackers targeted an add-on that provides instant messaging capability to a human resource management (HRM) platform by Able Software. According to the company’s website, this HRM platform is used by more than 430 Mongolian Government agencies, including the Office of President and the Ministry of Justice, among others.   

 

Earlier this year, some Chinese-speaking APT threat actors were found to be actively targeting regional inter-governmental organisations in Asia and Africa, found Kaspersky, a Russian multinational security provider. 

 

In Kaspersky’s report, compromised IT or managed security service providers also appear to be a potential vector of targeted delivery. The majority of the visible activity in the second quarter of 2020 appeared to be in Mongolia, Vietnam and Myanmar. The number of affected systems is estimated to be over thousands. 

 

It appears that the scope and sophistication of government-targeted cyberattacks are increasing.

‘First cybersecurity insurance’ for SMEs released in Thailand by Dhipaya and Cisco

Thai insurance company Dhipaya has partnered with Cisco to offer the country’s small and medium enterprises (SMEs) insurance coverage for cyber-related financial attacks.

Named “TIP cyber guard plus powered by Cisco”, the insurance will cover SMEs with annual revenues of US$30 million (900 million Thai baht).

The Managing Director for TIP, Somporn Suebthawilkul, said the coverage is the first of its kind in Thailand.

“Cybersecurity incidents have intensified and attacks have spread from large companies to enterprises of all sizes, even small ones,” said Mr. Suebthawilkul.

According to Pacific Prime Thailand, cybercrime increased a striking 37% in March 2020 when compared to the month before, as a result of increased work-from-home arrangements and digital transformation of work.

As such, the insurance policy will also cover business interruption losses caused by security breaches, data recovery costs due to cyberattacks, and costs related to incident report and investigation.

A 24/7 helpline will be available for enterprises seeking assistance. Security professionals from Cisco will also assist clients in checking systems, assessing risks, and providing advice on choosing the right cyber-insurance policy.

Got a story, opinion or more information on this article? Contact us at editor@w.media. And sign up to the W.Media Newsletter to get the latest data center, cloud and cybersecurity updates!