THE rapid pace at which cybercriminals are advancing cyberattacks leaves no room for error.
In fact, 30 seconds, yes seconds, is the time taken for cybercriminals to hack a database.
This was revealed by Sophos, a company focused on next-generation cybersecurity, which set up an unprotected honeypot database to see how long it would take for someone to hack into it.
“We didn’t put any encryption on the database, and in 30 seconds, it was hacked. Basically, people are always looking for assets that are not protected,” said Sumit Bansal, Sophos managing director for Asean and Korea.
“There are also many tools available on the Dark Web today. Hackers don’t have to write the code, they can just buy the tools and start scanning for these assets,” he added,
Bansal stressed how small organisations always believed they would not be a target of cyberattack because of their size or business model.
“You will be hacked. To the hackers, the size of companies does not matter because they only look for data that is important to you and which you cannot live without.”
Recently, the company published its report on
The Future of Cybersecurity in the Asia Pacific and Japan — Culture, Efficiency, Awareness which reveals that organisations in the Asia Pacific face cybersecurity shortcomings in several areas.
The report is based on a quantitative survey of 900 cyber and information security decision-makers in Australia, India, Japan, Malaysia, the Philippines and Singapore; and also four executive roundtables in some of the countries.
SHORTAGE OF EXPERTS
Half of Sophos’ Malaysian customers do not think they have the basics right when it comes to cybersecurity.
“They don’t know what they need as a bare minimum when it comes to cybersecurity for their business. It is scary if 50 per cent of them feel that way.”
According to Bansal, 72 per cent struggle to recruit skilled cybersecurity professionals.
“It is such a niche market. Cybersecurity covers quite a few things including threat and finding the root causes.
“Malware experts are analysts looking at each malware and seeing the damage these viruses can do and how to mitigate that risk.
“Remediation experts, meanwhile, they know how to clean up and solve the problems.
“So you need three kinds of cybersecurity experts in all. But how many organisations here have that luxury? Only the very high-end of companies can afford these experts.”
Insufficient budget is also a challenge. Customers always want to do more, but do not have the budget.
According to the report, 83 per cent of companies face difficulty staying up-to-date with cybersecurity threats.
Technology is constantly evolving and alongside that, threatsevolve too. Companies need to be able to predict what’s coming next.
ISSUES
The top issues Malaysian security decision-makers think will impact their organisations’ security in the next 24 months are malware, phishing attacks and attacks based on artificial intelligence or machine learning.
Malware is on the increase. SophosLabs sees 400,000 new variants of malware each day.
“That’s why we use artificial intelligence in our solutions. Machine learning also becomes more important because faster decisions can be made with AI and it recognises malware quicker than a human being.
“But it’s not just cybersecurity vendors that are using AI to stop malware. Hackers also use it. That’s a new challenge for us.”
Phishing attacks are becoming more prominent. Via Sophos Phish Threat, the company emulates a range of phishing attack types to help customers identify areas of weakness in their organisation and use training to strengthen defences.
Some 92 per cent of Malaysian organisations believe the biggest challenge to their security in the next 24 months will be the awareness and education among employees and leadership.
CHANGE IS ESSENTIAL
Proactive security is essential and one of the key indicators of a mature security programme.
Underequipped, underfunded and undereducated security teams are unlikely to be able to detect breaches in their most critical early stages.
Today’s security teams need a comprehensive understanding of attack techniques and playbooks to look for anomalies or unexpected behaviours.
“Today’s attacks are a different breed. Cyber criminals are always looking for the weakest link. What’s different is that the attacks are being executed, in part, directly by human hands.
“No algorithm or machine will stop a human with the time and incentive to breach your security.
“Sophos refers to these attacks as automated, active attacks. The digital thieves have created automated systems to allow their crimes to scale by finding organisations that have left the door ajar with regards to their security.
“After they identify the weakest in the herd, a human takes over to exploit the victim. If you thought defending against bots, worms and Trojans was tough, you don’t want to see the pain a determined malicious person can inflict,” says Bansal.
Shop for new wallets online and save with Lazada Malaysia Offer.