We asked George Moawad, ANZ Country Manager at Genetec, how should APAC organizations respond and step up to protect their critical data and assets? Here is his response:
While most of the world has been in some form of lockdown over the last few months, cyberattackers have certainly not been taking a break.
While 2019 was the worst recorded year for global data breaches, with 1.5 billion data breaches, up 284% on the previous year, 2020 sadly looks set to eclipse these figures thanks to the shift to remote working which left many systems more exposed with remote connections.
In April alone, the number of devices worldwide exposing Remote Desktop Protocols (RDP) to the Internet increased by over 40%. This is problematic because RDP has a history of security issues and requires additional protective measures, which were likely to have been overlooked in the scramble to maintain business as usual as the region went into lockdown.
We’ve already seen a spike in phishing and fake COVID-19 apps poisoned with ransomware, as well as an increase in the number of state actors leveraging the pandemic crisis to further their own aims.
In APAC this was most evident when in June Australian Prime Minister Scott Morrison announced that organizations, including government and businesses, were being targeted by a sophisticated foreign ‘state-based’ hacker. Meanwhile in the Ukraine, a fake email purporting to be sent from the country’s Ministry of Health which was in fact sent from outside the country about confirmed Coronavirus infections caused riots across the country.
However daunting these external threats may be, in my opinion the biggest threat to the CIO actually comes from within the organization itself in the form of a ‘set and forget’ mentality. A single unsecure device such as a security camera with a default password or out of date firmware is all it takes to give a foothold for malicious activity which could put the entire organization at risk.
Don’t discount the seriousness of this example either: our own research conducted last year found that as many as 68% of security cameras had out-of-date firmware, with more than half of these containing a known vulnerability. In other words, 37% of the cameras were vulnerable to a cyberattack. That’s way too many.
I’d also recommend CIOs keep an eye on a tangential emerging threat – the rise of what we refer to as ‘cyber extortion negotiation services’ from insurance companies. This is actually a new form of insurance which covers the costs for negotiators to liaise with hackers to reduce ransomware demands.
While this may be seen by some as a ‘good’ option for business, it’s worth keeping in mind that these services may incentivise cybercriminals and, accordingly, increase the operational, reputational and human cost of these types of crippling attacks. Forewarned is forearmed – don’t take chances.