Photo - Ivan Wen, Country Manager, Malaysia, Sourcefire
In 2012, Sourcefire saw consistent growth across all regions as enterprise customers made increasingly larger commitments to us because of our FirePOWER platform and the completeness of our network security solutions. Just a few weeks ago we announced record results for the third quarter of 2012. We believe this is reflective of the continued demand for our solutions, the successful execution of our go-to-market strategy and our focus on customer satisfaction. And of course, the support of our business partners.
Advanced malware attacks now pose the greatest challenge for today's security infrastructure and methods of protection. In 2012, we saw customers struggling to find solutions that provide effective protection against these latest threats without overburdening or sacrificing operational efficiency.
We expect that security technologies will only continue to get better and better at keeping out the bad guys. Such security effectiveness is raising the bar and forcing the bad guys to dig deep and use advanced malware, targeted attacks and new attack vectors to try to circumvent existing protection methods. Given this new level of sophistication it's clear that customers will continue to seek security solutions that can help combat the threat - before, during and after an attack.
Photo - Alex Ong, Country Director, Symantec Malaysia
The rapid adoption of mobility has been a key trend in 2012, fuelled by cloud computing and the introduction of a variety of new mobile devices, appealing to both businesses and consumers alike. In addition, there was an uptake in mobile applications across organisations in Malaysia with 67 percent of enterprises discussing deploying custom mobile applications and 26 percent were implementing or have already implemented custom mobile applications, according to Malaysia findings of the 2012 State of Mobility Survey.
While the adoption has surged, organisations in Malaysia are struggling and found mobility a challenge with 43 percent identifying mobile devices as one of their top three IT risks. These organisations were taking initiatives in transforming its approach to mobility by balancing between the benefits and risks of mobile to deliver improved business agility, increased productivity and workforce effectiveness.
Mobility has also been a significant driver behind information sprawl in organisations in 2012 where business information has been moved beyond the protective confines of traditional boundaries. The Digital Information Index, which measures how much information in different countries is being stored and accessed outside the confines of the traditional data centre, states Malaysia at 126 in the Digital Information Index in 2012, above the Global Index at 100.
In Southeast Asia, Malaysia is behind Singapore (133) in the Digital Information Index and ahead of Thailand (123), Indonesia (122), Vietnam (115) and Philippines (90). This has created challenges for organisations in keeping the information protected and organised.
The rapid growth of digital information in Malaysia has been inevitable with several national initiatives of the government, including the Digital Malaysia programme which aims to advance our country towards a developed digital economy by 2020. We expect the growth of digital information will continue moving towards into 2013. While organisations in the digital economy could leverage on the information they generate everyday to better serve customers and increase productivity, the same information can be a major liability if not properly protected and managed.
At the small and medium business (SMB) front, the government launched the SME Masterplan this year, a key initiative in raising the contribution of SMEs to the economy by 2020. The allocation of RM30 million in Malaysia's Budget 2013 to drive the implementation of the SME Masterplan, including the implementation of the 32 initiatives, and six High Impact Programmes, will certainly accelerate the growth of SMEs in the coming years.
In 2012, Symantec observed that disaster preparedness continues to be a challenge for SMBs in Malaysia. While Malaysia has been highly exposed to the threat of disasters with floods being the highest threat impacting two-thirds of SMBs, they were found to be unprepared to weather the negative impacts of the disasters on their business, according to 2012 SMB Disaster Preparedness Survey.
The lack of basic practices illustrate this shortfall - only 14 percent of SMBs have a disaster recovery plan, and a large number (74 percent) back up their data less frequently than once a week. The factors that hinder the preparedness of SMBs resulted in losses which impact revenue and productivity when business disruptions occur.
Cautious spending in 2013
With the uncertain global economy moving into 2013, Symantec expects businesses in Malaysia will continue to be more cautious in ICT spending. IT delivery expectations will remain high and IT organisations will continue to be required to deliver more with tight budgets. In addition, with the anticipation on the enforcement of the Personal Data Protection Act in Malaysia, Symantec looks forward to the next step in the enforcement of the Act at the end of 2012 or in 2013. This will be an important milestone in the national information security strategy in our country and the protection of consumer data.
Symantec expects the following five cyber security key trends to be have significant impact in Malaysia and the region as we movie into 2013:
1. Cyber conflict becomes the norm
In 2013 and beyond, conflicts between nations, organisations, and individuals will play a key role in the cyber world. Espionage can be successful and also easily deniable when conducted online. Any nation state not understanding this has been given many examples in the last two years. Nations or organised groups of individuals will continue to use cyber tactics in an attempt to damage or destroy the secure information or funds of its targets.
In 2013, we will see the cyber equivalent of saber rattling, where nation states, organisations, and even groups of individuals use cyber attacks to show their strength and "send a message."
Additionally, we expect more attacks on individuals and non-government organisations, such as supporters of political issues and members of minority groups in conflict. This type of targeting is currently seen when hacktivist groups are aggravated by an individual or company.
2. Ransomware is the new scareware
As fake anti-virus begins to fade as a criminal enterprise, a new and harsher model will continue to emerge. We expect ransomeware to increase as it goes beyond attempting to fool its victims; it attempts to intimidate and bully them. While this "business model" has been tried before, it suffered from the same limitations of real life kidnapping: there was never a good way to collect the money.
Cyber criminals have now discovered a solution to this problem: using online payment methods. They can now use force instead of flimflam to steal from their targets. As it is no longer necessary to con people into handing over their money, we can expect the extortion methods to get harsher and more destructive.
One of Symantec's key forecasts is that ransomware will surpass fake antivirus as the premier cybercrime strategy in the coming year. In 2013, attackers will use more professional ransom screens, up the emotional stakes to motivate their victims, and use methods that make it harder to recover once compromised.
3. Surging Mobile Adware
Mobile adware, or "madware," is a nuisance that disrupts the user experience and can potentially expose location details, contact information, and device identifiers to cyber criminals. Madware-which sneaks onto a user device when they download an app-often sends pop-up alerts to the notification bar adds icons, changes browser settings, and gathers personal information.
In just the past nine months, the number of apps including the most aggressive forms of madware has increased by 210 percent. Because location and device information can be legitimately collected by advertising networks-as it helps them target users with appropriate advertising-we expect increased use in madware as more companies seek to drive revenue growth through mobile ads. This includes a more aggressive and potentially malicious approach towards the monetisation of "free" mobile apps.
4. Monetisation of social networks introduces new dangers
As consumers, we place a high level of trust in social media-from the sharing of personal details, to spending money on game credits, to gifting items to friends. As these networks start to find new ways to monetise their platforms by allowing members to buy and send real gifts, the growing social spending trend also provides cyber criminals with new ways to lay the groundwork for attack.
Symantec anticipates an increase in malware attacks that steal payment credentials in social networks or trick users into providing payment details, and other personal and potentially valuable information, to fake social networks. This may include fake gift notifications and email messages requesting home addresses and other personal information.
While providing non-financial information might seem innocuous, cyber criminals sell and trade this information with one another to combine with information they already have about you, helping them create a profile of you they can use to gain access to your other accounts.
5. As users shift to mobile and cloud, so will attackers
Attackers will go where users go, and this continues to be to mobile devices and the cloud. It should come as no surprise that mobile platforms and cloud services will be likely targets for attacks and breaches in 2013. The rapid rise of Android malware in 2012 confirms this.
Also, as unmanaged mobile devices continue to enter and exit corporate networks and pick up data that later tends to become stored in other clouds, there is increased risk of breaches and targeted attacks on mobile device data. As users add applications to their phones they will pick up malware.
Some mobile malware duplicates old threats, like stealing information from devices. But it also has created new twists on old malware. In 2013 you can be sure mobile technology will continue to advance and thereby create new opportunities for cyber criminals. Mobile devices will become more valuable as mobile carriers and retail stores transition to mobile payments and continue defining new product frontiers.
We will see criminals use malware to hijack payment information from people in retail environments. Some payment systems are widely used by technical novices and may have vulnerabilities that allow information to be stolen.
2013 will also press the limits of the Secure Socket Layer (SSL) mobile infrastructure. The increase in mobile computing will strain the SSL mobile infrastructure in 2013 and reveal a core issue: Internet activity on mobile browsers is not subject to proper SSL certificate handling. To exacerbate the problem, much of this mobile Internet usage is being handled by unsecure mobile applications which bring additional risk to the table, such as man-in-the-middle attacks.