Asia’s cybersecurity problem
Visualize fighting an armed enemy; an enemy attacking you but remains simply invisible to the eye. We innovate every minute but cyber-criminals seem to innovate every second. Deception technologies, quantum encryption, IoT Security, threat intelligence, and many other efforts have we deployed; only to remain a step behind. If security of digital assets is a test, we are failing miserably. Upon closer thought, one cannot help but think that the fundamental problem of cybersecurity lies not in innovation; but in awareness & attitude among organizations and individuals.
US-based information security firm Mandiant revealed a few weeks back that Asian organizations have the worst cybersecurity globally. Trending concerns in the virtual world have primarily revolved around election campaigns, high-profile corporate breaches, and other notable occurrences. Cybersecurity is a realm where both organizations and individuals continue to be victimized increasingly, and relief is nowhere near sight.
Upon personal interaction with numerous individuals & organizational representatives, it is apparent they possess little awareness and comprehension of security issues along with the potentially devastating consequences. Recently, my team provided assistance to a prominent chartered accountant in India suffering a ransomware attack. The victim had previously been approached by a security vendor but ignored all digital protection needs.
Moreover, we have encountered cases where web/software developers were aware of vulnerability issues faced by the IT infrastructure but absolutely failed to acknowledge gravity of the problem.
A pressing concern might only be augmented by the fact that organizations & individuals do not entirely believe in reporting security breaches & incidents to the lawful authorities. At an organizational level, Asian countries have witnessed a series of infosec failures. The heist at Bangladesh’s Central Bank, the Ripper Malware, Suckfly, the hack on the Indian Railways owned IRCTC Platform, and many others are likely to be a handful of cyber-attacks that were actually reported to authorities.
Attitudes towards security only seem to change when the threat magnifies onto a personal level. We wait for incidents to occur, and act all frantic when things go wrong only to repeat mistakes. Credit fraud, spamming, identity theft, phishing, and other cyber crimes will only amplify at exponential rates; but the battle in the digital world will be lost unless we perceive cybersecurity more critically.
Cyberattacks transcend borders and shall have negative ramifications collectively & personally if we solely focus on innovation in cybersecurity. A constantly changing technological landscape will continue to evolve, and cybersecurity will shape the number of business & tech processes. For instance, Asia is undoubtedly a hotbed for technological investment activity, and it will not be long before even cybersecurity will become an integral part of the valuation process for fund raising/M&A activity.
Even CISOs/CIOs have found it difficult to convince senior management on prioritizing security issues. Even the German/Russian governmental agencies started using typewriters for internal communications in wake of the NSA scandal. With WhatsApp trending, I definitely do not see us routinely communicating via messenger pigeons in the near future (I bet you a 100 bucks).
Mankind is bound to progressive thinking and in order to employ technology responsibly, we need to prioritize cultivating greater infosec awareness & attitude along with innovation. Cybersecurity must drive people; as people will drive organizations that continue to catalyse positive change in the world. Technology is building a better world; cybersecurity a safer one.