Prior to deploying cloud technology, organisations should formally train employees on how to mitigate the security risks specific to the new technology to make sure sensitive and confidential information is protected.
Putting this set of actions into perspective, some governments have already started taking proactive steps to enhance the capabilities of critical information infrastructure protection strategy—for example, many countries have established Computer Emergency Response Teams (CERTs) and in this region, many countries are members of the Asia Pacific CERT. They perform roles ranging from providing advisories, raising awareness to information sharing. Others have also established Security Operations Centres (SOCs) to monitor and respond to cyber incidents.
Where do you see the current key vulnerabilities in public sector systems that need to be strengthened against the ever-changing digital mobility environment? Where are the loopholes that need fixing?
According to Frost and Sullivan, smartphones will be mass market by 2015 and is expected to account for 60 percent of mobile sub base in Asia Pacific. This growing uptake of smartphones and tablets, and their increasing connectivity and capability, has resulted in a rise in the number of users downloading and installing third-party applications for these devices. This in turn increases users’ security risk exposure of installing malicious applications. The Symantec ISTR XVI also highlighted that the mobile space is starting to garner more attention from both security researchers and cybercriminals. Globally, there was a 42 percent increase in the number of reported new mobile operating system vulnerabilities, from 115 in 2009 to 163 in 2010.
Most malicious codes now are designed to generate revenue. Hence, there will likely be more threats created for these devices as people increasingly use them for sensitive transactions, including online shopping, banking or even for e-gov services. Trojans that steal data from mobile devices and phishing attacks will likely be some of the first of these threats to arrive. Currently, the most malicious code for mobile devices is Trojans that pose as legitimate applications. These applications are uploaded to mobile app marketplaces where users download and install them. In some cases, attackers may take a popular legitimate application and add additional code to it, as happened in the case of the Pjapps Trojan.
To address the above risks and data loss threats, public organisations need to have effective security measures in place to protect data in use, in transit or at rest. Technology tools, such as Data Loss Prevention (DLP) solutions, can help them achieve this to secure their valuable data.
How would you describe the challenge facing Asia enterprises relating to the need to protect, manage and police people and information, regardless of devices and location?
According to the Symantec Enterprise Security Survey 2010—Consumerisation of IT, the number of employee-owned endpoints is growing, given the fact that organisations are empowering employees to access, modify and disseminate company information–often stored in the cloud–via their laptops or smartphones. This mirrors the evolving concept of the ‘office’, as it transforms from being a location to an activity. The same study also found that the number of endpoints in enterprises is growing.
Sign up for Computerworld eNewsletters.