Q&A: Southeast Asian governments face advanced persistent threats online, says FireEye

Enterprise

0

Dave Merkel, chief technology officer for FireEye’s Mandiant Services Team

Hardly a week passes these days without news of yet another high-profile cyber attack or a potential loophole being exploited by increasingly sophisticated online criminals.

The cyber defence community, however, is working round the clock to stay a step ahead of hackers and malware creators out to earn a quick buck, make a political point or even to embarrass a celebrity.

Just how secure are our digital lives in an age where everything is online? We got hold of Dave Merkel, a chief technology officer from cyber security firm FireEye, which monitors online attacks globally, to answer some pressing issues.

(NOTE: The responses have been edited for brevity and house style)

Q: What seems to be making  digital snooping more advanced and widespread today?

A: Technology is prevalent in everything we do. We live in a fully connected world. Where information goes, spies follow. Where money goes, crime follows.

Information is exchanged and business is transacted across the Internet in tremendous volumes. It is only natural to expect nation states and criminal enterprise to follow that data and money online.

Furthermore, the Internet affords attackers the ability to achieve their goals at a distance, operating from countries with weak or no laws addressing cyber-crime and cyber-espionage.

They can operate with near impunity, attacking an endless variety of victims across the globe. With the lure of increased returns and reduced risk, spies and criminals see more lucrative opportunities using cyber attacks versus traditional “real world” espionage and theft.

Q: We have seen organised crime groups threatening to attack a network or leak information of users if a ransom is not paid. Will governments one day be threatened with such a digital attack, having to pay off hackers or risk a wipe-out of citizens’ data or even damage to critical infrastructure?

A: From FireEye’s Advanced Threat Report, governments are a major target of a variety of APT (advanced persistent threat) malware, particularly the Southeast Asian governments.

However, these attacks are largely focused on espionage, not destructive acts. If cyber criminals or spies were to target a government with an attack that threatened the destruction of data or other systems, they would realise that governments have significant resources and options at their command to pursue the attackers if they feel sufficiently threatened.

A criminal organisation that engages in cyber-blackmail against a government versus an individual might find themselves at significantly greater risk.

An organisation that threatens the destruction of critical infrastructure might find itself being branded as a terrorist organisation and pursued with the same vigour as groups perpetrating more traditional acts of terror.

Q: From your work with clients and monitoring of global attacks, do you believe governments are ready for such attacks? Which regions tend to be more prepared?

A: From our experiences, governments are definitely key targets worldwide for cyber attacks, whether it’s nations targeting other nations to steal state secrets; tech-savvy activists subverting government websites to protest national policies or simply cyber criminals trying to get their hands on the treasure trove of citizens’ personal data.

Across the globe, cyber-attack preparedness varies and many governments are still not able to block advanced cyber-attacks given the speed at which attackers adapt to digital defences.

However, governments gradually recognise cyber-attacks as the new normal and are taking steps to adopt more effective methods to counter them.

Q: What can end users do to prevent their data being leaked?

A: Today’s cyber-attacks are becoming increasingly prevalent, with many attacks being executed by organised groups. There are three primary areas most users can focus on:

1. Password management: Use different passwords for each online site or service and ensure that each password is sufficiently strong. There are many password management applications that can help with this effort. Where possible, opt in for two-factor authentication services when supported by the site or service they’re using.

2. Good security hygiene on computing or mobile devices: Configure and use software firewalls and anti-virus, and restrict the installation of new applications.

3. Be selective with who you do business with online: Consider the security track record of companies and organisations that you choose to transact with online.

Any organisation can potentially be breached, but the most diligent will manage a breach aggressively, limiting damage, and offer transparency about the impact to their customers.

For the companies charged with safeguarding the information of their users, they must designate someone to be in charge of cyber security in their organisation.

Next, companies must bring cyber security up as a topic of discussion in their business leadership, making it a priority and having their executives come to a consensus on its priority in the business.

Only then can the necessary and critical action of putting in place a cyber security plan be implemented and sustained sufficiently to address the challenges posed by modern attackers.