In addition to coping with vulnerabilities from organised crime, corporate espionage, and managing mobility, we have now entered a new world of the security battle with another threat layer. In his blog for Computerworld Malaysia, Blue Coat Systems' chief product evangelist Jonathan Andresen refers to recent cyber attacks, taking the South Korea incident as an example and writes that attackers were clearly evolving their strategies and scaling up their assaults.
"Although the attack interrupted service for several large enterprises and looks like a DoS (denial-of-service) attack, the attack pattern reflects a more modern approach to malware. Not only are modern malware attacks more difficult to defend against, they are much faster, complex and dangerous than traditional DoS attacks. With 32,000 users and servers infected in only 24 hours, combined with the loss of confidential enterprise data and a significant network performance disruption - this cyber attack went beyond typical DoS attacks."
During a recent conversation in Kuala Lumpur, he added that DoS has transformed from being a blunt 'sledgehammer' into a 'nuclear' attack. Some opined that nations have been developing cyber military strategies. Whether online attacks come from military or organised crime, it is evident that service providers, security agencies and private citizens are becoming more concerned of the dangers of cyber space. "Although enterprises have spent years deploying network layer defences, cyber crime has shifted their attack focus to the relatively undefended and popular world of Web access."
These comments were echoed by HP Software IT management evangelist Paul Muller said small and medium enterprises (SMEs) everywhere faced the same increasingly complex landscape of targeted malware attacks as large enterprises. "Findings from HP's annual Cyber Security Risk Report show that vulnerabilities are up almost 20 percent while mobile vulnerabilities rose 68 percent from 158 in 2011 to 266 in 2012 and 48 percent of mobile applications tested in 2012 gave unauthorised access."
He added that it has "become even more risky - even frightening sometimes - to go online." Local media channnel Digital News Asia's A Asohan's editorial included references to an online 'war' that paralleled the real-world Lahad Datu intrusion. To achieve and maintain a safe physical real-world environment, most citizens look first to their respective governments to run military, policing and security services. We pondered whether this responsibility to protect could go a little further - say into the virtual world?
Security is a complex subject, which includes getting the balance right between privacy and security monitoring (such as the US House Intelligence Committee's discussion of the controversial Cyber Intelligence Sharing and Protection Act (CISPA), national agencies everywhere are taking steps to protect their national cyber space. Even deadly force against organised hackers is being considered under international law, according to a document called the Tallinn Manual on the International Law Applicable to Cyber Warfare by a panel of legal and cyber warfare experts, which was requested by NATO and available online.
Whatever the source or motive behind cyber attacks, smaller groups could benefit from enterprise-level protection as much as large organisations or national agencies. Perhaps one of the solutions considered could be cloud-powered security-as-a-service delivered by a consortium of government agencies and security providers? Security is indeed mentioned in the information infrastructure section of the Asean Economic Community Blueprint, so it will be interesting to see how this pans out in the region.
- AvantiKumar, Editor, Computerworld Malaysia & Malaysia Country Correspondent for Fairfax Tech Channels
Sign up for Computerworld eNewsletters.