NSFOCUS, a global provider of intelligent hybrid security solutions, last month launched its Global Threat Intelligence platform. In the world of cyber attacks, 2016 may go on record as the worst year the enterprise has ever seen. With more than 18 million samples of known malware, the first DDoS attack exceeding 1 TBps, ransomware attacks using municipal and industrial IoT devices, and predictions of global annual cybercrime costs reaching $6 trillion by 2021, keeping pace with the evolving threat landscape is a daunting task.
The company says the Global Threat Intelligence platform has been designed to help organizations improve their situational awareness and enterprise security posture – delivering both strategic and tactical intelligence, and providing organizations with a complete view of the global threat landscape, including China.
“As the only company with threat intelligence data feeds from China, NSFOCUS provides our customers with complete global coverage to support their current threat intel strategy,” said Guy Rosefelt, Director for Web Security Product Management at NSFOCUS.
In an interview with Networks Asia, Rosefelt noted that the problem most organisations and governments face with subscriptions to commercial and open-source threat intel feeds is that unfortunately, they are missing threat intelligence from a considerable portion of the world.
“Many studies indicate that up to 40% of the world’s cyber-attacks originate from China. When considering how comprehensive a threat intel feed is, many of them do not include much data from China; since the organisations providing the feeds have little visibility into the attacks that begin or end within the borders of China,” adds Rosefelt.
In the interview, Rosefelt also discussed about the rise of botnets and use of IoT as an attack vector, and why DDoS remains a big problem.
The following is an excerpt of the interview:
1. What is behind the increasing trends of DDoS attacks in Singapore (Starhub is the first telco in Singapore to have been hit by this attack). Why are we still falling prey to them if we've been hearing about the threats for so long?
In our latest DDoS Threat Report, we found that various hacker organisations have infected a large number of IoT devices with malicious bot programs to launch DDoS attacks. As IoT devices contain high-risk vulnerabilities such as weak passwords, and these devices stay online without being attended – this makes them optimal targets for launching DDoS attacks.
In addition, IoT-based botnets employ attack approaches as effective as, if not more sophisticated, than traditional DDoS tools. The relative ease at which hackers can utilise hundreds of thousands of IoT devices to launch DDoS attacks is one reason behind the increasing trend of DDoS attacks.
At the same time, DDoS attacks are often used as a distraction tactic – taking the attention of the IT personnel away from the actual intent of an attack: deploying malware and stealing data.
While DDoS attacks are not new, the use of IoT devices to launch attacks proves that hackers are constantly finding smarter, faster and more sophisticated ways to launch their attacks – calling for greater security protocols.
2. The rise of botnets and use of IoT as an attack vector. With no real standards yet, what more can be done to secure IoT? In the push to be a smart nation, are we leaving security behind?
It starts with education. For example how much do we know about cyber security and how to configure our router at home? For the average person not much. The question is how do you educate the average consumer that just bought a cool refrigerator that can connect to the internet or setup Wi-Fi cameras to monitor their home? Do you think the government could explain the issue within a 30 second public service announcement? Even if they could, how many people will fast forward through the announcement?
The government could set security standards for IoT devices, but remember, the lawmakers you are turning to have the same level of understanding about cybersecurity as yourself. Historically, lawmakers enact heavy handed legislation about something they have little understanding which has ramifications (usually bad) for years to come.
The best way to educate the average consumer may be to have their favourite television shows show an episode that highlights the issue. Only with education will people be equipped with the knowledge and awareness to protect themselves – which is far more important than any security measure put in place by the government or IoT device manufacturers.
3. When can we remove the human factor as the weak link in security?
Rather than removing the human factor, we need to change our mind-set towards security. Everyone needs to be educated and understand that they can unknowingly play a part of a security breach that can have an impact on their lives or their companies.
No matter what technology you have available, if people are not diligent and aware of their role in security, there will always be this weak link. As the saying goes, technology is only as good as how people use it.
4. Is perimeter security dead and should we just look at securing the data? What needs to be changed in the modern security strategy for an enterprise?
Perimeter only security, if implemented correctly, used to ensure that even when a hacker has breached your network, your most valuable data assets were protected. That is no longer the case as it is more difficult to define the “perimeter” today. There is no magic bullet to securing an enterprise – every security protocol and measure should work together to provide holistic coverage for the business. What needs to be changed is perhaps the mind-set that one security measure will mitigate all cybersecurity risks.
5. Do we look at living with a "risk mitigation" mentality and look at solutions that allow us to recover fastest after an attack? How much more important are good and reliable backups and a recovery process?
It is always a safe option to have a plan B. Backing up your files yet again is a mind-set issue. People take for granted that they would not be the target of being hacked or companies thinking they would not be compromised.
6. Where does Singapore rank in Asia and world regarding security awareness and preparedness?
The Singapore government has taken proactive steps to develop frameworks and infrastructure to lay the foundations for a cyber-security industry. The National Cyber Security Masterplan 2018 and the formation of the Cyber Security Agency of Singapore shows Singapore’s commitment to lead Asia in the cyber security space, and this has resulted in a comparatively matured ecosystem of regulators, business and service providers.
Yet, in 2016, ransomware was one of the biggest crimes overall in Singapore. So, no matter how prepared or aware you think you are, one person not being diligent can allow the bad guys in.