Asia a growing target for APTs
SINGAPORE--Asia is increasingly a target of advanced persistent threats (APTs) as it rises in global prominence with the presence of multinationals and big local brands planting offices here. The ongoing trends of bring-your-own-device (BYOD) and social networking occurring in companies also contribute to a higher occurrence of such attacks in the region.
At a press briefing here Tuesday, Leonard Ong, president of ISACA Singapore Chapter, said more multinational companies are setting up or already have offices based in Asia. At the same time, Asian enterprises such as South Korea's Samsung Electronics and China's Huawei Technologies and ZTE are beginning to play a bigger role in the global market.
So for hackers looking to exploit an organization's weak spots using APTs, the fast-growing Asian market would present a better target as it might not be as well protected, Ong explained.
One example was when Google was hit by a sophisticated attack trying to access Gmail accounts of China-based human rights activists in 2010, he noted. The U.S. Internet giant eventually decided to pull out of China, and host its servers in Hong Kong instead.
He also cited a recent global ISACA study in which 87.9 percent of respondents believed the use of social networking sites increases the likelihood of a successful APT attack. Another 87.3 percent felt the BYOD trend together with more jailbroken mobile devices also contribute to such activities, he added. The study was conducted in the fourth quarter of last year.
With the prevalence of social networking use among Asians and the high penetration rates of mobile devices in the region, Ong said these factors also add to how hackers are now more aware and likely to conduct APT attack against organizations here.
"Now the trends speak for themselves. Asia is increasingly a target [for APTs] today," he summarized.
He did qualify his observation by saying how companies protect their networks will ultimately determine how successful such attacks are. After all, an organization which implements BYOD with robust security framework and guidelines would manage these risks better than others which do not.
Tech not adequate for defense
Ong also pointed out that based on the study, 60 percent of those polled believed their organizations were ready to respond to an APT attack. However, the technologies these respondents said they adopted are actually inadequate to fight off such attacks. These include antivirus, firewalls, intrusion prevention system (IPS) and other network security technologies, he said.
APTs are able to avoid these snares, the president stated, adding that there is little use of mobile security even though mobile devices have been identified as a key source for launching these attacks.
"What this means is there is a huge disconnect between APT [in reality] and its perception," warned Ong.
He added that since there is no silver bullet to tackle APTs today, educating organizations and the overall security industry takes on additional importance as these attacks are "here to stay".