The fight to thwart cyber threats escalates
The rise of cyber threats has sounded the alarm bells for businesses and individuals seeking protection. (Photo by Wichan Charoenkiatpakul)
Cyber security has become paramount for businesses and individuals as digital transformation, internet usage and digital asset values soar.
Thailand faced more than 20 million cyber threats last year, according to global cybersecurity firm Kaspersky.
Kaspersky Security Network (KSN) reported that its products detected 20,598,223 different Internet cyber threats on computers using KSN items in Thailand last year. About 28.4% of Thai users were at risk of becoming infected with online threats last year.
Thailand is ranked 87th in the world for the dangers associated with surfing the Internet. Among its Asean peers, the Philippines finished sixth, Malaysia seventh, Vietnam 19th, Indonesia 66th and Singapore 154th.
For web threat detections against consumers and businesses, the data shows 2.7 million detections on consumer products and 856,000 detections on business products in Thailand.
Thailand ranked fifth in Asean for the highest level of consumer detection and third for the highest level of business detection.
Kaspersky said its products detected 49.9 million local incidents on computers using KSN items in Thailand, ranking 70th globally.
The share of incidents caused by servers hosted in Thailand is 0.01%, which represents 273,458 incidents.
Thailand is ranked 56th in the world in this category.
The company’s new report titled “Mobile Malware Evolution 2020” also shows 28,861 mobile malware detections in Thailand last year, ranking the country 44th globally in this category.
RISKS FACING COMPANIES
“The pandemic has blurred the lines between corporate defense and homeland security,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“Remote working, online courses and digitization across industries will continue, at least in 2021, and it is high time that all shapes and sizes of businesses understand online threats, even against individuals, should be seen as risks to businesses. “
Mr Yeo said several incidents in the form of scams and social engineering tactics were detected over the past year, aimed at deceiving people and stealing money or information.
Most of the threats, he said, used buzzwords related to Covid-19.
“Avoiding such deception requires a lot of calm and vigilance, which is difficult to deal with in the chaos of the pandemic,” Yeo said.
Piyatida Tantrakul, Country Manager Thailand at Trend Micro, a provider of data security and enterprise cybersecurity solutions, said the company’s annual cybersecurity report shows threat actors continue to target organizations in important sectors.
The government and healthcare providers have been under constant attack with ransomware, Ms. Piyatida said.
The company has discovered more than 19 million threats related to Covid-19, including malicious URLs, spam and malware, she said.
“Trend Micro has seen significant growth in vulnerabilities that pose potential risks to many organizations,” said Ms. Piyatida.
Some 1,453 vulnerabilities were reported last year, up 40% from 2019. Of these, 173 are rated as critical vulnerability and 983 as high.
“Those at the critical level must be corrected as soon as possible,” she said.
above A man shows a message online trying to get him to join a bogus investment through an app. Arnun chonmahatrakool
Brandon Tan, director of sales engineering for Asia-Pacific at Forcepoint, a US developer of computer security and data protection software, said the pandemic has led to remote working, cloud deployment and digital transformation.
“Cyber security is now a differentiator in business,” said Tan.
“Cyber security has become the enabling engine that enables businesses to accelerate their journey to the cloud and leverage the speed, scale and resilience of digital transformation.”
Cyber security features include Secure Access Service Edge (SASE), which combines network security features with wide area network capabilities to support organizations’ dynamic secure access needs.
SASE is primarily provided as a service and based on entity identity, real-time context, and security or compliance policies.
There is also a growing demand for cloud security platforms.
Developers use security as a tool, but need to make strides in apps and functions that aren’t necessarily meant to be cloud native, he said.
“Security will be a product of the cloud, and the combination of technology and data will give IT managers real visibility into how and where data flows through an organization,” Tan said.
“It’s this visibility of data that changes the game. It is not about monitoring in terms of monitoring people’s actions or invading their privacy. It’s about giving data analysts and business leaders a clear view of data and its movement. “
In 2021, data visibility and data protection management are considered the most important cybersecurity imperatives for businesses.
As people shift to working remotely, it’s important to shift to monitoring user activity, an approach that relies on analytics to understand data access patterns and behavioral metrics (IoB ) which may indicate levels of risk.
“Without data visibility in this way, we cannot evolve and understand how to work productively, flexibly and securely,” Tan said. “The combination of behavioral analysis and IoBs form the foundations of dynamic risk assessment.”
Data use must be considered and understood in context, and data loss prevention policies must be applied adaptively and dynamically.
“If we can create cybersecurity technologies that rely on machine learning and analytics to measure and understand the movement of data in near real time, we can avoid the next dawn of disappointment on the horizon,” did he declare.
Data protection management is one of the key cybersecurity imperatives this year. no byline photo
Leaders need to review their policies and processes, validate their posture and risk appetite, and avoid assuming that everything is fine just because they haven’t encountered an incident yet, Tan said.
Longer-term, cloud-native solutions with a deep understanding of user behavior will provide permanent solutions, rather than data protection and intellectual property stopgaps, he said.
In 2021, Forcepoint believes machine learning and analytics will come under more scrutiny, as confidence in their impartial nature and fairness as well as ethical boundaries will be called into question, Tan said.
A number of cybersecurity systems use machine learning to decide whether an action is appropriate (or low risk) for a given user or system. Machine learning must be trained on sufficiently large amounts of data and must be carefully evaluated to verify its bias and accuracy.
To build cybersystems that help identify at-risk users and prevent harmful actions, monitoring of user activity must be done appropriately, and with people’s privacy and appropriate ethical guidelines in place, a- he declared.
Understanding how people adapt, react and inform their environment is essential for organizations to embed behavioral understanding into cybersecurity systems and to design security for the human element, Tan said.
SYNTHETIC IDENTITY FRAUD
Synthetic identity fraud is the fastest growing type of financial crime in the United States and is spreading to other countries, according to consulting firm McKinsey. Synthetic identity scammers use real and fake credentials to create a fake profile that is strong enough to apply for credit.
While applications are normally rejected by credit bureaus, all you need is a file to open accounts and start building a “real” credit history to apply for bank accounts, credit cards and loans.
It is almost impossible to distinguish a real identity from a synthetic identity, and since no ID has been stolen, the real victims are the companies that have no way of recouping their losses.
Over time, companies can create a checklist of inconsistencies typically found on synthetic identifiers and use it to train an algorithm to automatically flag suspicious files for action.