SINGAPORE--Asian telcos do not place enough emphasis on IT security, and their weakness lies in their ownership of numerous customer records, which can be exploited by cybercriminals.
According to Wong Loke Yeow, Asia-Pacific and Japan, marketing director of HP's enterprise security, telcos are an "interesting" sector as they prioritize generating revenue and keeping their subscribers from jumping to their competitors, and end up overlooking IT security.
This is a "cause for concern" because the number of cyberattacks are growing in the region and telcos are not focusing enough on protecting customer data, he said at a press briefing here Wednesday.
As cybercriminals have become more sophisticated, such records can "easily" be leaked out through various cyberattack methods, including hacking the network, data centers or database of telcos, or conducting social engineering through their call centers, he warned.
Wong's claims follow a recent spate of hackings on telcos in the region. In July, South Korean telco KT Corporation revealed that the personal data of 8.7 million subscribers had been stolen by hackers. In June, China Telecom's backend system was reportedly breached and had 900 login details of its administrators published.
With the proliferation of hacktivists whose motivations to attack organizations are "unpredictable", coupled by constant debate on subscription and data roaming charges, IT security should be a chief concern by telcos, he warned.
For instance, if a telco increases the cost of subscription, hacktivists may strike back with a denial of service (DoS)or expose their customer records, two common cyberattacks which have been perpetrated on many organizations worldwide, Wong said.
Furthermore, many data protection and privacy laws are starting to spring up in many countries in Asia, and telcos should comply with them to protect the privacy of individuals, he pointed out.
In contrast, the public sector and financial industry are the top two most "security aware" sectors in the Asia-Pacific region, he observed.
This is because they are the most targeted by cybercriminals due to the high level of transactions and large amount of sensitive data, he explained. These two industries are also the earliest adopters of technology to enhance their businesses, and so are able to understand the loopholes that pave way for cybercriminals and react quickly to attacks, he added.
Enterprises need to be more proactive over security
Wong's view comes in light of a study by Coleman Parkes Research, commissioned by HP released Wednesday, which found organizations in Asia-Pacific and Japan are becoming more proactive in their security approach.
80 percent of senior business and technology executives surveyed said their organizations' had a C-level executive in charge when it came to security, while 82 percent indicated they were exploring security information and event management (SIEM) measures.
Still, more focus is placed on reactive security measures rather than proactive ones. Less than half of respondents, at 48 percent have an information risk-management strategy in place, while 48 percent manually consolidate information risk-management reports or do not measure risk at all, which hinders their ability to proactively anticipate threats.
The survey comprised 550 phone interviews among senior business and technology executives within large enterprises of more than 1,000 employees and mid-market companies with between 500 to 1,000 employees in July 2012. Asia-Pacific countries surveyed include Australia, China, India, Japan and South Korea