With the increased sophistication and frequency of cyber-attacks, security continued to grab headlines in 2016. Globally, vulnerabilities were exposed by the Democratic National Convention e-mail leak during the US presidential elections and the massive data breach from Yahoo. In Asia Pacific (APAC), we witnessed the million-dollar heist at Bangladesh Central Bank and the hack of a bitcoin exchange in Hong Kong called Bitfinex.
While cybersecurity standards and protocols are rapidly being deployed across APAC, the region remains highly vulnerable to cyber-attacks. According to Deloitte, Singapore, Australia, Japan, New Zealand, and South Korea are the top five countries vulnerable to cybersecurity threats in APAC. These countries are nine times more vulnerable compared to their larger Asian counterparts - China and India.
With increased emphasis on digital innovation, companies are connecting various parts of their business operations to the Internet. Along with IoT-enabled consumer devices, this has created new vulnerabilities for hackers to exploit. With valuable and critical information flowing through their networks, there is an urgent need for organizations to secure and prioritize real-time data for mobile, UC, and social applications.
As we gear up for 2017, here are a few predictions that chief information security officers (CISOs) should take note of:
- Increase in SS7 and Diameter network hacks: SS7 and Diameter, both widely used by the telecom industry, have seen several vulnerabilities exposed in 2016. I anticipate the attacks on SS7 and Diameter will increase, allowing attackers to exploit mobile phone location and conversation data. An attack that targets cellphones and networks has the potential for catastrophic consequences, whether it’s releasing potentially damaging information on public figures or using location data to coordinate a physical attack.
- Unified Communications (UC) will present new attack vectors for hackers: UC, often the forgotten application among CISOs, will be more vulnerable and open to attacks in the upcoming year. UC isn’t just the voice call anymore and as UC applications, such as voice, video and chat, become IP data applications they need to be secured appropriately. In fact, in today’s zero-trust world, UC’s rich set of capabilities becomes inherently more vulnerable to being exploited.
Leaving UC unprotected provides hackers with increased avenues to attack a network. Through UC, hackers can access a lot more than just conversations. They can move laterally into the GNA function of a company, access salesforce to steal account information, or even disable accounts receivable and impact business. To protect and secure UC, companies need a new, real-time SIP-aware firewall known as a Session Border Controller (SBC).
- Focus will increase on cloud API governance, compliance and security: CISOs are focusing on ways to streamline management and control of digital services across the enterprise while meeting governance and compliance requirements. As more enterprises embrace the digital economy, they must also address this gap in their security planning. CISOs need to ensure they continue to protect their digital services to prevent a new area of attack for hackers.
- Vendors will start innovating faster: Overall, security organizations are not innovating fast enough to keep up with attackers’ evolving tactics and planning. In the borderless world we live in today, with the plethora of BYOD initiatives and connected devices, the “vulnerability gap” is constantly widening. As companies leverage the cloud and mobility, the inside of a network becomes just as exposed as the outside. In 2017 we will see an increase in security initiatives with the main goal to reduce threat exposure by strengthening the security controls at the network level.
Considering the variety of threats businesses will be confronted with in 2017, it is imperative for organizations to find solutions that safeguard their communications, networks and data. While the challenges may seem insurmountable, by collaborating with experienced and innovative vendors, businesses can continue to grow while offering and using secure services.
Daniel Kwan is Vice President and General Manager of Asia Pacific excluding Japan, Sonus