Must Read

The Ever-Changing Threat Of Cyber Attacks, And How To Rethink Security

The year 2016 was an extraordinary one for high profile cyber attacks – Spotify saw their 4th hack within 2 years in February, more than 68 million Dropbox accounts were stolen in August, Yahoo had 500 million of its accounts hacked in September, and most recently, Dailymotion had user details leaked from more than 85 million of its accounts.

An obvious pattern can be drawn here: a breach or attack on one’s systems can catch even the biggest of companies off guard. So why is it that year after year, companies continue to be attacked?

The reality is that attacks continue because cyber security is not static. Constantly changing, and now entering a new era of possibilities, the consequences of an attack, the perpetrators, and potential victims are no longer what they used to be.

The Evolving Faces Of Cyber Threats And Cyber Security

Cyber security is a complex topic for many.

Gone are the days where changing our passwords regularly, or getting some antivirus programme were sufficient measures. The cyber threat landscape is rapidly changing, and leaving cyber security to just any service provider is no longer an option.

The financial costs in the aftermath of a cyber attack are becoming bigger hurdles for companies to overcome.

Research involving interviews with more than a thousand security and IT professionals revealed that the average annual loss per company worldwide due to cybercrime has grown to a whopping US$9.5 million – and the figures are only looking to increase in time to come.

Image Credit: HP Enterprise

Attackers are getting also more creative with their methods.

With how lucrative cybercrime has become, it’s no wonder hackers aren’t just targeting big brands anymore. “Crime as a service”, identified by the Information Security Forum as the top cyber threat for 2017, is basically a hit squad engaged by anyone willing to pay to wreck someone else’s digital properties. Organised crime rings serve up a menu of services such as “on-demand distributed denial-of-service attacks” and “bulletproof hosting” to support malware attacks.

In this new age of ultra connectivity, individuals live a large proportion of their lives online, many enterprises have migrated their main operations to the Web, and even our daily tasks now are increasingly automated via machine-to-machine communication in connected devices and the Internet of Things (IoT). While integral to our Smart Homes/Smart Nation initiative, increasingly widespread adoption of IoT also offers new inroads for hackers to exploit.

In fact, the massive distributed denial-of-service (DDoS) attack in October (which resulted in outages to websites and services like Twitter, PayPal, Amazon, Reddit, Netflix and Spotify) was allegedly caused by malware-infected IoT devices – like routers, security cameras and even DVRs.

While greater connectivity provides a great amount of convenience to us, more emphasis needs to be placed on securing the increasing number of exposed connections and consistently updating our security systems.

The Need For Up-To-Date And Relevant Cyber Security

However, investing in cyber security can feel like a conundrum – from large enterprises which give up thinking they have too many holes to plug, to smaller businesses without the manpower and financial capability to keep up with ever-changing measures.

Unfortunately, cyber threats don’t discriminate between companies big or small. The phrase “prevention is better than the cure” rings true for all, and investing in a cyber security service that understands the needs of this day and age will go a long way in saving losses incurred in a potential breach.

So then comes the important question: How should I go about choosing a provider from all the options available?

If an army only grew its ground forces and invested nothing into air defence, how likely will it stand against a determined enemy? That’s how things look like when companies pour money into network security but leave the application layer unprotected from hackers. To prevent hackers from stealing data through your website, web application firewall services are a necessity.

Traditional players in the market offer web application firewalls that depend on signature-based methods to detect and block threats. While this method can be effective, it is highly reliant on the provider’s capacity to constantly update its database of known threats. This is simply too risky, leaving users helpless against new exploits churned out by the increasingly sophisticated cybercrime industry.

Without the agility to predict new threats and stay updated automatically, your security barrier is essentially useless.

Fortunately, there are companies that take these changing needs into account, and are making cyber security not only convenient, but intelligent and developing alongside the new era of connectivity.

One of these companies is Korean web and data security provider Penta Security Systems.

Founded in 1997, the company established Korea’s first database security enterprise and developed Korea’s public key infrastructure (PKI) in collaboration with the government. The company has been acknowledged for its market leadership, securing the title of Asian Cyber Security Vendor of the Year in 2016.

Penta Security Systems awarded Asian Cyber Security Vendor of the Year by Frost & Sullivan

With a strong belief that “Security is the essential foundation for a knowledge information society”, they have solutions and products for users with different budgets.

For business owners, however, two of their offerings stand out – WAPPLES, a web application firewall (WAF), and Cloudbric, which protects users’ websites without the need for any hardware installation.

With a strong belief that “Security is the essential foundation for a knowledge information society”, their R&D team is constantly on the lookout for what is new in the field of cyber security.

For example, developing security solutions for the young connected smart car industry, or creating a solution for open source database encryption, Penta Security Systems has been expanding its product offerings to cater to an increasing range of customers at both the individual and enterprise level.

Two of their offerings stand out for meeting the needs of this new connected era – WAPPLES, a web application firewall (WAF), and Cloudbric, a WAF service which protects users’ websites without the need for hardware installation.

WAPPLES, The Intelligent Device For A ‘Smarter’ World

An APAC market share leader for WAF (according to a Frost IQ Report in 2015), WAPPLES constantly innovates to stay on top.

A WAF basically protects web applications, such as websites, by acting as a gateway for traffic leaving and entering an application. More advanced WAFs can block all the OWASP Top 10 attacks, including preventing exploit code from being injected into your site.

WAFs are necessary complements to network firewalls and intrusion detection systems.

What WAPPLES WAF does

WAPPLES stands out from the competition because of its signature-free technology that makes it capable of stopping new and unknown attacks.

Its logic-based COCEPTM (Contents Classification and Evaluation Processing) engine uses 26 rules to intelligently analyse traffic for malicious behavior. This departs from outdated methods of simply searching out known threats through signature and pattern matching.

What this means is that WAPPLES doesn’t require constant updates – making it a convenient choice for enterprises and small businesses which do not always have the luxury of time or manpower to invest in security without sacrificing quality.

Providing accurate detection through semantic and heuristic analysis, it boasts lower false positives than traditional security providers.

Cloudbric, A WAPPLES-Based Service For Everyone

Some might find the entire hardware installation process and terms a little intimidating.

So for those who don’t consider themselves a ‘techie’ and prefer a simpler solution with less commitment, WAPPLES-based service Cloudbric offers the protection without the jargon or the hardware.

Cloudbric’s services

It works exactly like how your phone’s data plan does – payment plans are charged based on your traffic usage, and there’s no need for physical hardware or installation to enjoy the service.

A great choice for SMEs, startups, individuals as well as enterprises looking for a comprehensive security service, Cloudbric aims to make elite security available to everyone. For website owners with monthly traffic usage below 4GB, the service is completely free.

With a free SSL service newly added onto the package in the latter half of 2016, you can be assured that Cloudbric’s upgrades are rolled out to all subscribers to address new needs as they arise.

Other companies may charge for DDoS protection, but Cloudbric provides it as a feature of its comprehensive security service, even for sites that qualify for free service. DDoS attacks cause major headaches for individuals and enterprises alike, and was what caused major telco StarHub’s broadband disruptions on the 22 and 24 of October this year.

A first of its kind attack on Singapore’s telco infrastructure, the Cyber Security Agency of Singapore (CSA) and Infocomm Media Development Authority (IMDA) revealed that while these attacks are “generally rare”, they are “surfacing as an emerging trend” – something that not only telcos, but any business should take note of.

Cyber Security Is No Longer A Luxury, It’s A Necessity

While it’s scary the way things are changing so quickly, it’s a reminder that we need to rethink security. If we continue to hold on to a false sense of security in subpar solutions, or fail to recognise that all have become easy targets in this new era of ultra-connectivity, disaster recovery may grow to become too costly.

Do we look towards undoing the connections that our knowledge information society thrives on, or do we erect smarter gateways and engage in always-active defence?

Out of the hundreds of companies out there offering security solutions for businesses, there will only be a handful that will lead the way as the cyber threat landscape evolves.

The new era is ushering in new challenges so relying on outdated, static methods of security means your business will lag behind. Furthermore, it will become harder to survive considering the complexity of meeting security standards nowadays.

The best word of advice is to change your security mindset. This involves doing a little bit of homework on your own, researching, reviewing and questioning the security practices of your current or to-be security providers.

This article was written in collaboration with Penta Security Systems.

Featured Image Credit: REUTERS, Kacper Pempel

 

Subscribe to Vulcan Post Newsletter

Stay updated with our weekly curated news and updates.