The story in emerging regions has been pretty consistent for some years now. Technology overall is lagging behind - this can be positive as it allows specific countries to jump past the “legacy” phase of dated technology - but it can also be negative as it means that some issues are still waiting to happen. While human error and general hesitancy makes them inevitable.
In Africa this means a significant shortage of core skills and a lack of understanding of the benefits of open source while in APAC it means that security is gradually becoming a very serious problem. At the end of August a report [gated PDF] from Mandiant, part of FireEye, showed that it takes organisations in APAC three times longer – nearly a year and a half – to spot breaches than it does elsewhere.
Bryce Boland, Chief Technology Officer for Asia Pacific at FireEye explained to IDG Connect at the time the report was published that most organisations in Asia Pacific have not yet developed the security maturity necessary to detect advanced attacks or spot attackers inside their networks. “Far too many organisations here are still relying on firewalls and antivirus and assuming those will stop threats,” he said.
A complex business landscape
Trends like this are not really down to the technology itself. They highlight a lack of knowledge about the problem - which various vendors are now striving to counteract with research.
Over the last few months EfficientIP, Gemalto and F5 have all conducted market studies to raise awareness while many marketing organisations have been desperate to get a slice of the cash action for some time. All this is further complicated by the diverse political and social background in these regions.
“Looking at the economies of the two largest APAC populations (India and China), both of these nations have tremendous technological and infrastructure deficits - which they are rapidly trying to close,” Ian Trump, Global Security Lead at LOGICnow tells us. In China especially “the culture is cavalier when it comes to software licensing and piracy is rampant, therefore availability of legitimate vendor support - by way of patches and updates - is negatively impacted”.
Countries like China and India have also been the beneficiaries of a large amounts of out-of-date technologies from more prosperous nations, he adds. “In many cases, this has resulted in software and hardware with no support and un-patched vulnerabilities - the perfect environment for cyber criminals.”
Srinivasan CR, Senior Vice President, Cloud and Security Services, Tata Communications adds that the “internet penetration in APAC is far less compared to the other developed parts of the world”. This smaller rate of connections has “kept APAC organisations insulated from large security attacks. As more and more organisations and their businesses go online, security will have to be addressed upfront by these organisations,” he says.
A very varied geographical area
“Asia Pacific is home to many of the world’s most advanced, and fastest growing, economies - some of which are already building smart cities and implementing digital citizenship programmes. But it’s also one of the areas most affected by cybercrime,” points out Hervé Dhélin, Worldwide Marketing Director at EfficientIP. “With increasing reliance on digital technologies, and the speed in which its economies are growing, APAC is becoming a popular target for hackers and online criminals.”
This is particularly true in the light of ambitious projects like Digital India or Singapore’s Smart Nation which are blending a range of digital technologies from IoT and social networking to create interconnected networks that link all aspects of a country. “Networks like these are particularly attractive to attackers and will need good security at all levels - especially unconventional attack surfaces like DNS,” says Dhélin.
Yet Sanjay Aurora, Managing Director APAC, Darktrace believes it is important to view this as context. He says “it is not necessarily the case that APAC is ‘less security ready’ [than other parts of the world]. Developed cities such as Seoul and Singapore are undergoing major improvements. The pace of technological innovation is creating added challenges that traditional security methods struggle to address.”
And this is part of the problem with APAC. The situation in India is very different from the situation in Singapore and it is hard to compare any two countries. “In the APAC region, the maturity of the security industry can vary significantly from country to country and it is important to recognise this diversity,” clarifies Michael Gianarakis, Director of SpiderLabs APAC at Trustwave. “There are, however, some common regional challenges.”
These include the skills shortage which is also evident globally - and most crucially a lack of regulation. This can be seen across the board and is underpinned by a lack of reliable security infrastructure and challenge of getting senior individuals within companies to understand why it is important.
“The Asia Pacific region also tends to lean towards a very human reaction towards action and investment,” says Carl Herberger, Vice President of Security Solutions at Radware. He points to high profile cyberattacks such as the recent incident against Bangladeshi financial apparatus along with incident against the Philippine election system.
Passing the buck can also be a concern. Stephanie Boo, Managing Director APAC at Menlo Security believes “that one key factor preventing enterprises from enlisting cyber protection is that many companies believe cyber defence to be up to telcos, internet providers and the government”.
Whatever the reasons this situation certainly can’t go on for ever. Rana Gupta, Vice President of APAC Sales for Identity and Data Protection at Gemalto is adamant “APAC might be behind the rest of the world right now, but in the long term it will normalise to the current levels of security that other areas practice”.
It may only take a few more high profile breaches for the region to sit up and take notice. But then the same story is true everywhere in the world. Because as IT security errors get more and more devastating it will become harder and harder for any organisations to ignore them.
PREVIOUS ARTICLE«Nokia helps advance Bristol’s smart city test bed
Jon Collins’ in-depth look at tech and society
Phil Muncaster reports on China and beyond