Fortinet says Malaysian companies vulnerable to cyber attacks in regional survey 1

Fortinet says Malaysian companies vulnerable to cyber attacks in regional survey

Fortinet recently commissioned a security survey among 1,400 IT cybersecurity related professionals that involve CIOs, CTOs, IT Directors and heads of IT in organisations that have at least 250 employees or higher in 13 territories across the course of three months from July to August in 2016 across the Asia Pacific.

According to the survey, the areas of greatest concern highlighted in the survey amongst respondents in the Asia Pacific region, and in particular Malaysia was the vulnerability of IT systems with 57% of Malaysian respondents saying it was their greatest concern which is quite similar to 69% of the APAC region respondents who also cited it as their greatest concern. The next greatest area of concern was inside threats at 55% of Malaysian respondents and 56% of APAC members surveyed.

20161020_145523
The highest priorities among respondents against cyber threats was the loss of sensitive corporate or customer data such as the recent Yahoo hack where millions of user logins and passwords were nicked. 69% of Malaysian respondents said it was their highest concern which is close to the 70% figure cited by APAC respondents. Next up was avoiding financial loss, damage to corporate reputation and avoiding interruption to applications and services.

An interesting question that was fielded to respondents was whether they would outsource their cyber security infrastructure and 34% said that they would be outsourcing it in 3-5 years from the present while 31% in Malaysia said they were already outsourcing it. For the APAC region in general, 32% already said they had outsourced it already while 38% are planning to do so within half a decade.

Out of the total number of respondents, 47% of Malaysians experienced a security breach in the past year. In APAC, the numbers were higher with 59% of respondents experiencing a security breach. “From a regional perspective there are IT decision makers who are unaware that their systems have been breached or are not cognizant of the level of security in their organisations.” said Gavin Chow, Network and Security Strategist at Fortinet.

20161020_150534
When a breach occurred, only 13% could detect a breach within minutes, 38% detected it within hours while 32% found it within days and 13% detected it within months. A mind boggling 4% detected it within years. Following a cyber attack, 68% of Malaysian respondents developed new policies or procedures to address the threat followed by 64% who invested in new technologies. 34% sought to outsource security while 30% changed security vendors and 32% sought to invest in more training and hire more staff.

Cyber Threat Intelligence

“Cybercriminals are starting to team up and coming up with innovative ways to hack so why organisations are not exchanging threat intelligence and collaborating to protect each other from threats? If company A is attacked by malware and they get compromised, if information about the hack is not shared with others the same hacker can use the same techniques to attack other companies. If affected organisations collaborate and share information, it significantly limits the effectiveness of hackers,” said Gavin.

20161020_145908
Threat intelligence is a continuously developed area and the definition is elusive but it can be likened to a bird’s eye view of threats on the IT landscape. 58% of Malaysian respondents believed that cyber threat intel offers improved risk management while 47% of Malaysian respondents have integrated threat intelligence into their firewalls and gateways along with separate intrusion monitoring (44% of respondents in Malaysia).

Other interesting stats regarding Malaysia are that the vast majority of attacks in the country primarily consist of a Javascript-based virus dubbed JS/NEMUCOD that installs ransomware in infected machines. In terms of mobile malware, the vast majority are Android based on account of the fact that sideloading apps onto an Android platform are vastly easier. Over 3,000 incidents are on account of the Android/Agent.SV!TR malware. In terms of the exploit kits encountered in the wild in Malaysia, the vast majority, about 67.6% are from the Angler.Exploit.Kit.

20161020_153918
Of note was the existence of Pokemon Go malware like Droidjack bundled with off-label non-official apps like Pokemon Go GPS spoofers and Pokemon detection software that installs a remote access trojan to your smartphone, allowing a hacker to see everything on your phone include apps, contacts, calls and more.

20161020_153516
While threat awareness and training are important for IT personnel, a comprehensive solution to deal with threats at all levels of the organisation is needed which is what Fortinet’s FortiGuard Threat Intelligence platform is about. The FortiGuard Threat Intelligence platform provides a total end-to-end, scalable security package solution that includes proactive research into upcoming threats to actively manage cyber security threats for subscribed clients. The platform covers cloud security, enterprise firewalls, data center security, secured access and advanced threat protection to ensure business keeps running even in the face of heavy cyber attacks. Locally in Malaysia, FortiGuard works closely with CyberSecurity Malaysia and shares information to manage threats. Key to FortiGuard is a robust sandboxing solution that allows Fortinet researchers to analyse virii or malware in and then develop counter solutions. For more details swing by Fortinet’s official website here.