Themed “Expect the Unexpected” Rik Ferguson, VP for Security Research, Trend Micro, delivered a key note on the future of cyber threats and its potential to lead to technology disruption and chaos. The presentation followed with a panel discussion which included Ferguson and three other representatives from Cloud Security Alliance, Certis CISCO, and VMWare.
1. The top 5 digital disruptions, that can potentially provide many entry points for cyber criminals, making hacking activities easier and more targeted:
· Cloud computing – Hackers will find and attack weaknesses in the building blocks and joints of cloud computing.
· Mobility Technologies – Mobile devices and applications will continue to offer many opportunities for disruptive innovation, creating more entry points for cybercriminals to infiltrate an unsecured system or network.
· Big data – Hackers will use big data to exploit their victims better
· Social media – Cybercriminals have and will flock to social sites, to steal personal information, spread malware and defraud victims
· Internet of Things (IoT) – Anything and everything that connects with the Internet can be hacked.
2. The emerging new technologies can similarly be exploited by cyber criminals and breed a slew of new crimes never witnessed before.
· For instance, Google’s Project Loon, a balloon-powered Internet for people in the rural or remote areas, could possibly introduce highly sophisticated cybercrimes to people who are not even familiar with how Internet works. Or, unmanned vehicles and smart machines that are controlled by ill-willed cyber criminals could wreak havoc and even threaten lives.
· Another interesting example would be malware for humans via bodily embedded chips, a trend that will no doubt be welcome among tech-savvy teenagers.
3. To elevate cybersecurity, a concerted effort has to come from all sides
· This includes training future cybersecurity professionals, working with organizations to change their mindset and approach to security, and helping organizations stay ahead of cybercriminals from a technology perspective.
· Trend Micro is actively involved in all three areas. This includes partnerships with INTERPOL and EUROPOL, as well as developing training with Republic Polytechnic to nurture and develop future IT security talents.
4. During the panel discussion, the panelists are unanimously concerned with the coyness around disclosure, as companies’ first instinct after their systems were compromised is to hide it instead of making the news known to their customers.
· Currently, there are disclosure acts in place in the US and the UK; the panel agrees that Singapore government should also put in place such an act so companies can react swiftly with the help of law enforcement and cybersecurity companies, and the customers can do the same to make sure their data is not further compromised.
· The panel also suggested that a sectorial approach to disclosure be taken as the finance and healthcare industries are stepping up their game to protect data; once benefits of disclosure are seen, other verticals will follow suit.
Quote of the day: Compliance is an obligation; security is an aspiration