- Category: August 2013 - Data Protection & Security
Asian eMarketing had the opportunity to interview Wahab Yusoff, Vice President of McAfee South Asia, regarding security aspects specific for Asia. With over 26 years of experience in the IT industry serving in various capacities and management roles, Wahab has operated mostly in the Asia Pacific region covering the ASEAN countries and China, with a special focus on India and the emerging countries.
Wahab, are there security risks companies should be aware of, if they are planning on entering Asian markets?
According to the McAfee Q2 Threat Report released at the end of May, there was steady growth especially in mobile malware, and an increasing trend toward targeted attacks. This seems to indicate that the global threat landscape is moving in a new and more dangerous direction, and companies should definitely take these challenges into consideration.
The Asia Pacific region accounts for nearly half of the world’s Internet usage- at around 45% - so it should come as no surprise that we are a hotspot for Cybercrime. Cybercrime has grown dramatically in the region over the past year and we have seen some worrying signs that cybercriminals are moving their focus into our region. Hacktivists have also become extremely active claiming some major scalps via Distributed Denial of Service, website defacements and data theft.
Financial fraud has also become a huge focus with the scammers behind the Operating High Roller fraud now targeting Asia Pacific, specifically banks in the region. Some of the largest banks in the region were hit late last year.
How does McAfee deal with the fragmented legislative environments in Asia, and do you have enterprise security solutions that take this into consideration?
IT managers are facing new threats, for example ransomware increasingly coming to Asia Pacific, challenges from employees downloading apps within the organization, and threats targeting new operating systems and platforms. The Asia Pacific region is also undergoing significant transformation in data privacy laws, which will require significant effort from enterprises to comply with legal regulations.
Looking back at the recent evolution of threats, it’s becoming clear that IT managers need to evolve their business processes in order to keep organizations secure. With the increase in targeted attacks, there’s an urgent need for well-defined incident response planning.
What we do from our end is to allow businesses to securely embrace a variety of emerging technologies on multiple platforms while protecting critical assets and sensitive data.
What effect do all the different languages in Asia have on digital security?
Cybercriminals are increasingly crafting attacks in multiple languages and are exploiting popular local applications to maximize their profits. Malware is no longer purely for the masses, as cyber crooks have become extremely deft at learning the nuances of the local regions and creating malware specific to each country. They are not only skilled at computer programming, but also at psychology and linguistics. Cyber attackers are increasingly attuned to cultural differences and tailor social engineering attacks accordingly as well.
As a result, malware has become more regional in nature recently, and this trend is further evidence that today's cyber-attacks are targeted and driven by a financial motive. McAfee is in a constant chess match with malware authors, and is prepared to counter them in any language they learn to speak.
How would you estimate the development of the Asian Cyber "Threatscape", and what developments are you planning accordingly?
The technology and online landscape is ever-changing. Based on discussions with our customers, we see several hot topics: Critical Infrastructure Protection; Virtualization; Consumerization of IT; Cloud; and the need for security to be built in everywhere.
We want to be the company that organizations look to solve the challenges of increasing threats. We’ll do that by making things easier for customers and fulfilling the value proposition of Security Connected -- an integrated platform for security out of the box. Our DeepSAFE technology will set us apart in terms of detecting and eliminating threats.
What are the special challenges McAfee faces in Asia?
As threats evolve, customers increasingly want a company that can evolve with them and provides a broad set of solutions, not just solutions to one problem. We strongly believe that what McAfee has to offer is unique in terms of width and depth of comprehensive security solutions suitable for different company and organization sizes, stages and requirements – in a holistic and connected approach opposed to island solutions some other player are promoting.
Especially the adaptation of mobile technology is a key development in this part of the world – in the public, enterprise and consumer sector. Therefore, that’s one of our focus areas, where we offer scalable solutions across multiple (mobile) devices and platforms like Android, Windows and iOS devices from an enterprise level to application management, securing our telco or network partners’ assets and services to leading solutions, like LiveSafe for the consumer segment, with innovative features like biometric identity verification management.
Our role is to stay ahead of the emerging threats and keep our customers protected in a rapidly changing market impacted by data in the cloud, personal mobile devices in the workplace, new privacy laws and increasing focus on cyber warfare from terrorist bodies and nation states. These are all major drivers shaping today’s security landscape.
How can data be protected in an age of BYOD and cloud computing in an environment with many languages and cultures?
As BYOD and cloud computing are making their way into the enterprise, the IT department needs ensure safe networks.
- BYOD: To ensure safe networks, enterprises should firstly ensure they have a security policy that takes into consideration BYOD and mobile devices: which devices to allow and what features of the device permitted for use, i.e. location based services, cameras, through to applications.
- Cloud: Just as IT Services are moving into the cloud so are security services. The move to the cloud provides many cost savings for organizations and also access to security skills that they may lack in-house but brings with it new security challenges.
- Big Data: Businesses want more data with more complex analytic functions to understand a market. Despite the advantages of adopting big data, a few challenges that stand in the way, including the scalability of cloud and security issues.
Is there any advice, specific to Asian markets, that you could give our readers, regarding Cyber Security and Data Protection?
Security is now a boardroom level discussion - The stakes are high, and businesses require a new model that gives them a comprehensive picture of their entire IT infrastructure. The industry has been built on a historical thought process that will not support the demands of the future. We must move to having a real-time understanding and response capability if we are to meet the needs of the future.
An important topic not to neglect is to ensure the right security policies that include BYOD and mobile devices (see above). Besides, technologies like Mobile Device Management (MDM) should be used to manage the devices used inside the organization. MDM can facilitate safe and secure device provisioning and user and device authentication, set the company policy on the devices for acceptable use and provide security for the devices if they are lost or stolen.
Enterprises should also deploy mobile security on the devices themselves to protect against viruses and malware, protect from theft and loss, and guard privacy. In addition, companies should make use of encryption, VDI (Virtual Desktop Infrastructure) and other cloud services to keep corporate data off the device to create a clear boundary between personal and business data if needed. VDI, remote desktops and cloud services allow employees to run enterprise applications and access enterprise data whilst not storing any of the data on the device.
We‘d like to thank Wahab for taking the time to answer our questions.
By Anjum Siddiqi