If the past year is any indication, cyber security will continue to gain relevance and attention among organizations, businesses, and individuals alike as we enter 2019. Large-scale data breaches, issues with consumer privacy, and hardware-level vulnerabilities made the headlines throughout the year, and public debate on the state of cyber security took place globally. In the Asian region, Singapore’s massive data leak in the healthcare sector and cryptocurrency exchange hackings in Japan and Korea were some of the biggest wake-up calls about the inadequate protection of our sensitive data. We also noticed the emergence of new or amplified attack types that will multiply in severity unless effectively prevented and mitigated. Below are our picks for top 3 security issues that Asia-Pacific will need to consider in 2019.
1. CPU vulnerabilities will continue to require mitigation
Main target: traditional and crypto financial systems, government institutions
One of 2018’s biggest security incidents was the public disclosure of a set of Central Processing Unit (CPU) vulnerabilities within Intel, ARM and AMD computer chips. The scandal began with the announcement of Spectre and Meltdown in early January, and gained new momentum with the disclosure of Foreshadow in August. Collectively, the three refer to fundamental security flaws found in nearly all processors manufactured and used around the world over the past 20 years. Once exploited, the vulnerabilities allow attackers to access data that would be off limits under ordinary circumstances, thus posing a serious threat to data integrity worldwide.
What makes the vulnerabilities particularly challenging is the fact they are embedded in hardware. By now, most IT vendors have released patches that help mitigate the security risks by limiting the software’s use of the vulnerable hardware-level features. Yet without updates installed, the chips remain exposed to threats.
While the CPU controversy has global implications, the issue is particularly relevant in the Asian region where security awareness can still be low. Apart from mature markets like Singapore, South Korea, and Japan, systems in Asia-Pacific are often found to be more outdated than in other regions. Such environment is ideal for leveraging CPU flaws to gain access to private cryptocurrency wallets, for example, if the private keys used to “unlock” the wallet are stored in a vulnerable device, instead of a secure cold storage. Similarly, legacy finance and government institutions are expected to be popular targets due to the allure of lucrative returns.
2. IoT botnets will become major threats
Main target: network and hosting service providers, finance
Last May, the routers from Singapore’s leading internet service provider (ISP) SingTel were found to be exposed online due to a total lack of authentication, suggesting that even top organizations can be unprotected against basic cyber threats. Vulnerable IoT devices are ideal fuel for botnets that feed on unpatched or misconfigured IoT devices, including routers, cameras, and other smart computing devices, that can then be used to launch massive DDoS attacks.
This problem is becoming severe in APAC: researchers at F5 found that the region saw a 100 percent increase in DDoS attacks between 2017 and 2018, and hackers are now finding Asia-Pacific as appealing as North America, the long-running top target. In another recent study, 75 percent of APAC IT security teams surveyed believed their IoT devices are not secure, and overall, security managers in APAC considered network access control to be a less critical element of their security strategy than managers in other regions. In 2019, the attacks are expected to only expand in scope and sophistication.
While the adoption of IoT technology is on the rise, security continues to be an afterthought. To prevent DDoS attacks that could bring down operations in critically important sectors like telecommunications and banking, security measures will require strengthening to prevent IoT-targeted cyber attacks from disrupting communications in the advancing Asian region.
3. Cyber-physical attacks are to emerge
Main target: critical infrastructure
In recent years, industry experts have repeatedly hinted a forthcoming surge in cyber disruption that could have serious implications the physical realm. Such attacks on cyber-physical systems (CPS) could target vulnerable process control systems, smart power grids, autonomous vehicle systems, or any other sophisticated computing systems used to sustain critical infrastructure. While still an under-the-radar trend, 2019 could mark the year when cyber-physical attacks arise as a serious concern amid trending implementation of smart, IoT technology in both private and public sectors.
According to a Frost & Sullivan study on cyber security maturity, at least 50 percent of APAC organizations are “reactive towards threats or invest in several security tools that are poorly integrated limiting optimum utilization,” suggesting poor readiness to cope with advanced threats like cyber-physical attacks. Only 4.3 percent of firms polled showed capability to effectively mitigate threats. Meanwhile, IoT-driven national initiatives like Singapore’s Smart Nation and Malaysia’s Cyberjaya smart city are promoting the adoption of smart technology in the region. And while security is always touted as a priority, the recent SingHealth leak of 1.5 million patients records proved that even sensitive sectors like healthcare can lack adequate protection from cyber attacks. Due to impacting human lives, an attack on smart healthcare systems could have significantly larger consequences than a data breach, which makes the issue of cyber-physical attacks highly pertinent to organizations in APAC as we prepare to face the new threats – and opportunities – of 2019.