INTERVIEW
Annus horribilis or Annus Mirabilis for cybersecurity in 2018
Annus horribilis or Annus Mirabilis for cybersecurity in 2018. We entered the New Year of 2018 full of promises and hope, but will this “new year euphoria” going to last and will prove to be short-live joy?
So far as 2018 progresses, the year seems rather promising with the exception of recurrence of “Black Monday” on 5 February 2018 which witnessed the biggest Dow Jones drop of all time over the stock markets. Cryptocurrency also went with the dive since achieving historical high late last year.
For the cybersecurity sector, no boom and bust cycle yet as the year entered the second month. However, US-headquartered security technology firm, A10 Networks highlighted to Hackwarenews on the cyber threats trend ahead for 2018.
Bigger, bolder and costlier cyber-attacks expected in 2018
Song Tang Yih, vice president Asia Pacific of A10 Networks told Hackwarenews that cyber-attacks in 2018, will be bigger, bolder and much costlier for victims.
“For 2017, spending on cybersecurity reached USD86 billion which was a humongous amount,” said Song.
Furthermore, he noted that the average data breach cost in 2017 accounted to around USD 4 million, while the annual cyber-attack cost ballooned to USD 400 billion alone. Using these past data, Song expected an increasing volumes of cyber-attacks in 2018, as hackers used more sophisticated approaches such as “Reaper malware” to breach vulnerabilities in systems for financial benefits.
More state-sponsored attacks expected
Some of these cyber-attacks were believed to be state-sponsored in nature at a bid to obtain hard currency as voiced out by Jonathan Tan, regional vice president, ASEAN and Pakistan of A10 Networks.
“There is no good time or bad time, where the hackers will rest. In fact, more so during the bad time, hackers will hack for finance gains.” commented Tan.
Some of the cyber-attacks were believed by Tan to be inspired by regional tensions among countries which eventually conducted cyberwars to breach each other systems. To Tan, Singapore is in the forefront of this battle due to the connectivity among its various governmental services and its ambition of becoming an IT-savvy Smart Nation.
Telco Operators on the hit list
Beside government networks, Tan expected Telecommunication (telecom) operator to be next victims due to its role in serving as the conduit for businesses. In his opinion, the hackers will seek to exploit Internet Protocol version 6 (IPv6) or Internet of Things (IOT) vulnerabilities.
Cameras and surveillance system run via the telecom network will also be another vulnerable spots for attacks to compromises corporates securities or simply to bring the whole network down to the attackers’ advantages.
The Challenges of merging various Cloud platforms
In 2018, Song estimated more corporations and organisation to merge their private clouds with public clouds into multi-cloud environments for scalability purposes. The merging processes, however might provide more vulnerabilities for data breaches and the call for the protection of personal data online is more needed than ever.
The good news is that there are already some partnership and technology development set in motions to smooth out the merging of private and public cloud. For instance, software giants like Microsoft, Azure and Google have come together to provide uniform set of infrastructures and application program interface (API) for hybrid clouds to further improve efficiency.
Deceptive technology to act as sheepdog against cyber-attacks
Despite the various threats, security services providers like A10 Networks has something in their sleeves against cyber-attacks. One of the weapons will be using adaptive, deceptive and predictive security products to prevent cyber-attacks.
To certain extent, Tan even dubbed the deceptive and predictive technology into a “Top Five Technology” in 2018. As these know-hows give security operators the ability to predict a cyber-attack that is yet to happen.
“Deceptive and predictive technology allows the security firm to trick the hackers to stay ahead of them and protect systems,” concluded Tan.
In his opinion, the digital security will eventually become a basic human right issue as our world gets more interconnected and our dependence on safe communication become close to our needs for clean air, water and food.
DEALS
3 Reasons To Kickstart A Career As An Ethical Hacker
3 Reasons To Kickstart A Career As An Ethical Hacker. It’s a techie dream job to spend your day trying to hack into systems and networks, in a way that won’t risk jail terms or hefty fines. White hat hackers are the good guys in the cyber security realm – and it’s a legitimate career path for many people across the globe!
Perhaps you could be one too.
Why should someone consider starting a career as an ethical hacker? Why is penetration testing a tempting job prospect?
Here are 3 compelling reasons to claim the title as a white hat hacker:
- The hacking business is booming
From media corporations to governments to companies of all industries and sizes, they’re all at risk of falling victim to cyber security attacks, which could potentially take down an entire business.
Now more than ever before, security specialists, penetration testers and ethical hackers are becoming increasingly wanted, to help stay ahead of the malicious individuals and groups looking to bring destruction and harm.
These online courses are everything you need to launch into a successful and profitable career in the ethical hacking business!
- There’s significant money at stake
Black hat hackers are becoming smarter, sneakier, more aggressive and more prevalent so businesses are willing to pay big money for penetration testers and ethical hackers to help protect them.
In fact, penetration testers and ethical hackers are one of the most crucial roles in defending an organization’s entire data and network infrastructure. It’s no surprise businesses are willing to invest in top quality security specialists.
- It’s a fascinating career opportunity
Cyber security is an exciting space to delve into, often on the brink of cutting edge technology. Fuel your competitive spirit in the race to beat the black hat hackers and protect the systems you’re in charge of.
The best way to know if this is perfect for you is to get a taster for what ethical hacking and penetration testing has to offer.
Interested in tapping into wifi networks and wireless technologies? Take the Learn Wifi Hacking Penetration Testing From Scratch ecourse
and master practical attacks against wireless devices. Or check out the Ultimate Wi-Fi Hacking & Security Series
which will empower you to safeguard against security threats to wireless systems.
Alternatively, if web hacking takes your fancy, try out the Web Hacking
program to learn about client-based, server-based, and application-based web attacks and how to mitigate these.
Get started today!
Want an all-in-one package to fast-track your way into a cyber security career?
The 2018 Cyber Security Bootcamp Bundle is what you need.
This super affordable bundle offers a massive discount into 75 cyber security courses, 115 hours of instruction and 875+ tutorials to help you ace globally certified exams and earn industry-recognized certifications, to maximize your opportunities in the field.
Take charge of the evolving cyber security landscape, get qualified with one of the most in-demand careers in tech, and become a certified and highly valued white hat hacker today.
[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]
BREAKING NEWS
Horangi praises Singapore’s initiative on new cybersecurity accelerator programme
Horangi praises Singapore’s initiative on new cybersecurity accelerator programme. In the pursuit of becoming Start-up Nation, Singapore plans to launch its first cybersecurity-centric accelerator programme in April.
The pioneer programme will commence with the support from Singapore’s very own Info-communications Media Development Authority (IMDA) and the Cyber Security Agency (CSA) with aims to accelerate start-ups in cybersecurity sectors.
Under the programme, the cybersecurity entrepreneurs have access to a three month stint at a start-up hub, named Innovation Cybersecurity Ecosystem at Block 71 (ICE71). In that hub, the hopefuls will learn pre-accelerator boot camp, accelerator training programme and landing pad for start-ups with Europe-based cybersecurity accelerator Cylon.
“Government support for cyber security is critical to grow Singapore’s regional expertise and cyber security startups like Horangi will benefit from these programs,” said Paul Hadjy, CEO at Horangi Cyber Security (Horangi).
Hadjy told Hackwarenews team that the state top-down approach is essential in supporting the embryonic state of cybersecurity development in Singapore.
In his opinion, the barrier for growth in the cybersecurity security often pointed down to the shortage of talents in the field. Thus, the accelerator programme will allow the startups to gain access to funding as well as the right mentorship to groom talents and expertise.
Besides the lack of talents, Hadjy highlighted that many Southeast-Asia based firms have downplayed the values of cyber security in their overall corporate strategy.
“Many ASEAN companies view cyber security as an IT task and not an overarching business risk,” opined Hadjy.
This oversight causes many decision-makers to set ineffective budget targets for cyber security spending, which in turn leads to myopic, ineffective spending. However, he noted that corporate companies are gradually changing their mindset on the importance of cyber-security.
“Today, organizations in Singapore and other regions are shifting towards a more holistic view of cyber security; where it has become a pressing concern that affects business processes across all enterprises.” concluded Hadjy.
Going forward, he believed that enterprises should engage a third party cyber security company in helping them to analyse their profile and identify system vulnerabilities. Then, the outcome of the analysis can be used to formulate plan to protect key data and assets from breaches.
HACKING NEWS
In Cybersecurity, Think Centurion
To Centurion Information Security, cybersecurity always come first. The Singapore-based penetration testing firm met up with HackwareNews team to share their experience on the ever-changing cyber-security world.
To Centurion Information Security, cybersecurity always come first. The Singapore-based penetration testing and security advisory firm met up with HackwareNews team to share their invaluable experience on the ever-changing cyber-security world.
Sunny Neo, senior consultant of Centurion, told HackwareNews that there was still room for improvement in the cybersecurity mindset of Singapore-based companies.
“More than often, Singapore-based companies engaged our services for penetration testing at the last stage of their project development,” observed Neo.
The Early Bird Catches the Worm
Relying on security testing only towards the end of the project completion phase often results in needing to rectify security flaws found at the last minute. This could possibly require re-designing, coding and quality testing all over again; all of which are timely and costly. In some instances, a delay in a new product launch would even cause an organisation to lose their competitive edge within their market.
To Neo, the best solution would be for organisations to incorporate cybersecurity throughout the different project milestones. This could include consultancy during the planning phase, secure design/code reviews during development, and finally vulnerability assessment and penetration testing.
Identifying and understanding possible risks earlier would allow security controls to be implemented concurrently with the system from the ground up. This would also save effort and cost for the organisation.
Secure by Design
“Secure by design, is what we want to achieve during project development,” opined Neo.
However, not many firms are able to fully attest to this statement, “secure by design”, especially among the small and medium enterprises (SMEs) as compared to the larger, established financial institutions based in Singapore.
“SMEs have generally not picked up the cyber-security mindsets as compared to the banks,” Neo told HackwareNews.
In his opinion, apart from the Personal Data Protection Act (PDPA) in Singapore, cybersecurity regulations are fairly new – such as the recent cybersecurity bill proposed in 2017. Hence most industries are less mature than their counterparts in the financial industry when it comes to cybersecurity.
In contrast, banking and finance industries are heavily regulated and are required to comply with the Technology Risk Management (TRM) implemented by the Monetary Authority of Singapore (MAS). This has led to more awareness and better implementation on their part, including the development and publication of the Penetration Testing Guidelines for the Financial Industry in Singapore by The Association of Banks in Singapore (ABS).
Prevention is Better Than Cure
Neo often used the phrase, “Security is not a job but a lifestyle” – a value held by the Centurion Security consultants. They believe that cybersecurity-conscious firms and personnel constantly need to keep up with the latest trends and technology.
Questions like, “How can we breach this system, before they are actually being breached” must be asked to make sure that they remain on top of their game.
Solving the Talent Shortage
In this aspect, Centurion wants to do its part by conducting training and workshops, targeted at software developers and project managers to provide updates on the latest buzz in the cybersecurity ecosystem. Firm believers in contributing back to their industry, they are involved in various activities with this goal in mind.
Keen on sharing knowledge, Centurion often speaks at events within the cybersecurity community. Most notably, Centurion’s Principal Consultant, Ryan Baxendale, presented on “Microservices and FaaS for Offensive Security” at the 2017 DEF CON Conference – the world’s longest running and largest underground hacking conference, in Las Vegas.
Beyond that several Centurion consultants are also Adjunct Lecturers teaching at several polytechnics in Singapore, exposing students to real-world cybersecurity issues. Recently, the company is also sponsoring students to attend the upcoming security conference “Infosec in the City”.
After all, Neo believes that cyber-security is one big community where participants share tools and learn new techniques to grow together. This mindset was also in line with Centurion’s core values of educating, doing research, and offering bespoke consultancy services to organisations ranging from SMEs, to MNC across different sectors and even to different government entities.
-
GAME REVIEW6 years ago
Top Hacking Simulator Games Every Aspiring Hacker Should Play: Part 1
-
DEALS6 years ago
Great Ethical Hacking Courses for Beginners
-
BREAKING NEWS6 years ago
US Online Retail Company suffered a data breach affecting 6.5 million customers
-
HACKING NEWS6 years ago
The APT attacks hitting East Asia
-
GAME REVIEW6 years ago
Hacknet Review
-
DEALS6 years ago
Music, Voice and Sound interface kits: What you need to know
-
GAME REVIEW6 years ago
Top Hacking Simulator Games Every Aspiring Hacker Should Play: Part 2
-
HOW TO6 years ago
How To Become an Ethical Hacker – Beginners Guide