Asia a growing target for APTs

Asia a growing target for APTs

Summary: The region's growing economic prominence, prevalent mobile device ownership and use of social networks are drawing attention from cybercriminals looking to exploit the situation with APTs.


SINGAPORE--Asia is increasingly a target of advanced persistent threats (APTs) as it rises in global prominence with the presence of multinationals and big local brands planting offices here. The ongoing trends of bring-your-own-device (BYOD) and social networking occurring in companies also contribute to a higher occurrence of such attacks in the region.

At a press briefing here Tuesday, Leonard Ong, president of ISACA Singapore Chapter, said more multinational companies are setting up or already have offices based in Asia. At the same time, Asian enterprises such as South Korea's Samsung Electronics and China's Huawei Technologies and ZTE are beginning to play a bigger role in the global market.

Asia is increasingly a target of advanced persistent threats (APTs) as it rises in global prominence along with prevalent social networking and mobile device use in companies.

So for hackers looking to exploit an organization's weak spots using APTs, the fast-growing Asian market would present a better target as it might not be as well protected, Ong explained.

One example was when Google was hit by a sophisticated attack trying to access Gmail accounts of China-based human rights activists in 2010, he noted. The U.S. Internet giant eventually decided to pull out of China, and host its servers in Hong Kong instead.

He also cited a recent global ISACA study in which 87.9 percent of respondents believed the use of social networking sites increases the likelihood of a successful APT attack. Another 87.3 percent felt the BYOD trend together with more jailbroken mobile devices also contribute to such activities, he added. The study was conducted in the fourth quarter of last year.

With the prevalence of social networking use among Asians and the high penetration rates of mobile devices in the region, Ong said these factors also add to how hackers are now more aware and likely to conduct APT attack against organizations here.

"Now the trends speak for themselves. Asia is increasingly a target [for APTs] today," he summarized.

He did qualify his observation by saying how companies protect their networks will ultimately determine how successful such attacks are. After all, an organization which implements BYOD with robust security framework and guidelines would manage these risks better than others which do not.

Tech not adequate for defense

Ong also pointed out that based on the study, 60 percent of those polled believed their organizations were ready to respond to an APT attack. However, the technologies these respondents said they adopted are actually inadequate to fight off such attacks. These include antivirus, firewalls, intrusion prevention system (IPS) and other network security technologies, he said.

APTs are able to avoid these snares, the president stated, adding that there is little use of mobile security even though mobile devices have been identified as a key source for launching these attacks.

"What this means is there is a huge disconnect between APT [in reality] and its perception," warned Ong.

He added that since there is no silver bullet to tackle APTs today, educating organizations and the overall security industry takes on additional importance as these attacks are "here to stay".

Topics: Security, Tech Industry, Bring Your Own Device

Jamie Yap

About Jamie Yap

Jamie writes about technology, business and the most obvious intersection of the two that is software. Other variegated topics include--in one form or other--cloud, Web 2.0, apps, data, analytics, mobile, services, and the three Es: enterprises, executives and entrepreneurs. In a previous life, she was a writer covering a different but equally serious business called show business.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • We are losing the struggle for computer security

    Seems to me like we need to completely rethink how we are approaching the problems of security. I sure would like to use some examples involving my employer, but that would probably bend some people out of shape, so I'll just be abstract... We need to think in terms of the value of each kind of data and track the flows to spot the potential abuses.

    I think this could actually be rethought in terms of increasing personal privacy by moving most of the personal information back to the persons it belongs to. The default case should be that unauthorized possession of personal information is the crime, and all authorizations should be strictly limited, including time limits. Never happen insofar as so many companies profit by selling our personal information to each other, but I mostly blame Microsoft for succeeding by establishing the legal precedents that they are completely free of liability for ANYTHING that is done with the tools. If Microsoft had to assume the liability they would either be bankrupt or MUCH more careful about the threats to US.