We turn our focus to the Asia Pacific (APAC) market with our thoughts still firmly fixed on cybersecurity and the overall state of affairs in this area. We caught up with Freddy Lee, CTO at IBM Malaysia for his take on things. This is the 3rd installment of our interview series with him.
Asia Blockchain Review (ABR): In the Asia-Pacific region, how are things in this area? Is the financial services sector the hardest hit one? Or is it across the board?
Freddy Lee (FL): Asia is a growing target for cybercrime and is ranked second highest at risk amongst geographies according to IBM’s annual Threat Index and accounts for the second-highest incident count in public breaches (22% of all incidents in 2019). Over 2 billion records have been breached in 2019 in APAC, second only to North America for the year.
In APAC, a data breach of <2,000 records costs companies US $2.6 million. Today, across AP only 20% have a coordinated incident response plan applied across the entire organization.
In terms of industries, while financial Sector has been a top target for cybercriminals for decades, the Media Sector (including Telecom) and Retail have been a growing target over the past year and were amongst the top targeted industries in 2019.
ABR: The report said that user training and awareness seems to be the most important factor that can reduce insider threats. Do you share the same perspective?
FL: According to findings in the Insider Threat Report, the majority of companies are deploying user training awareness (55 percent), data loss prevention (54 percent) and user behaviour analytics (50 percent) to prevent insider threats
Today, with many employers have shifted their workforces to remote work, chief information security officers (CISOs) need to adjust their security programs to cope with the rapid shift in the IT estate away from the corporate network.
By better understanding the behaviors of remote workers, teams can focus on detecting anomalous behavior that could signal credential compromise or malicious intent. These behaviors can often be detected at the VPN boundary before potential damage can be done.
If an attacker manages to evade detection at the perimeter and is inside the organization’s network, security teams should validate the threat by looking for a number of indicators of compromise or abuse. These can be derived from a number of methods, including machine learning, that can help determine if the access is from a legitimate employee or a credential thief.
When it comes to compliance regulations like GDPR and CCPA, we asked Freddy about his opinion on it, and how APAC is faring in this regard. He believes that organizations have seen an increase in the amount of data they collect and retain. At the same time, security and data breaches have been on the rise. The data economy has now driven regulators and governments to impose data privacy and protection regulations. These changes, combined with growing consumer rights advocacy, have reinforced or even mandated the need for organizations to implement better data protections. Even more regulations are likely, though what those regulations will require and what the impact of those changes will be are still unknown.
Catch the 4th installment of our interview with Freddy Lee, CTO of IBM Malaysia soon!
Follow Asia Blockchain Review on:
Anil started his career in journalism all the way back in 2003. After traversing the sphere of editorial, corporate communications and advertising, he has now come full circle and is back in the world of journalism. He believes in the power of the written word, and its ability to enthrall, delight and inform the reader.
We provide information about Asia Blockchain Review latest activities as well as global blockchain news and research. Subscribe to our Newsletter now or Contact us