Raed Taji, Head of Global Fraud Consulting, Asia Pacific, FICO
Following the news about breach of consumer trust with credit card data being stolen from 20 million South Koreans, we got in touch with Raed Taji, Head of Global Fraud Consulting, Asia Pacific, FICO to find out more about the threat landscape in Asia and what can companies do to protect themselves and their customers.
We have heard of data theft cases involving US retailers. But now, recently, we saw the theft of credit card information of 20 million South Koreans. This is unprecedented. What does it mean for Asia and what does it portend?
Taji: The scale may be unprecedented, but make no mistake; Asia has not been immune to data theft even before this. In the right conditions, the thefts can be on a very large scale, as you have seen in Korea.
We've seen incidents even closer to home. In December last year, it was discovered that a breach had occurred at Fuji Xerox, which prints credit card statements for Standard Chartered bank, leading to the theft of confidential information from 647 of Singapore's private wealth clients at Standard Chartered. Earlier in February, credit card users from four banks in Singapore were billed fraudulently by Taiwan's Neweb Technologies, another example of a data breach incident.
Figures from the Malaysia Computer Security Response Team for January 2014 note that 717 incidents were reported, including 109 intrusions, 3 intrusion attempts and 150 fraud incidents. In Malaysia, mandatory notifications of data breaches are not required, so it's fair to assume even more companies have been affected.
Asia continues to be a target for hackers and as part of their IT strategy, companies should look to put in place preventive measures before they fall victims to a hack, and potentially lose customers, incur severe losses and damage their market reputation.
The best way to approach this is to engage in a threat and vulnerability analysis. The organisation should also have a contingency plan in place in case a breach does occur that covers all aspects of the business such as response, operational, public relations and so on.
Two kinds of attacks are happening. One is the criminal kind, which is for profit. The other is the hacktivist variety of attack and data theft. We saw a recent case in Singapore too. What do you read in this? What is the weakest link here?
Firstly, it's clear that hackers have become much more aggressive about detecting vulnerabilities at corporations, so companies need to protect themselves more thoroughly than before.
Secondly, many companies have not been doing enough to protect themselves in the first place.