From Mirai to Persirai, CloudBleed to WannaCry, the recent spate of cyberattacks has lent a pronounced sense of uncertainty and chaos to Southeast Asia. While the region has often been the spectator to such global cyber-events in the past, our rapid adoption in technology and innovation over the years means that the attention of cybercriminals has now turned upon us; from Singapore’s government organisations to Indonesia’s hospitals, no industry is left untouched.
IoT: A World of Mayhem
As we hold our breath in dread of the next wave of cyberattacks, businesses and organisations are scrambling to protect every unsecured endpoint, playing an eternal guessing game of where the next threat will originate from, and adding further uncertainty to the entropy. However, F5 Labs’ recent Threat Analysis Report: The Hunt for IoT speculates that with IoT attacks growing 1,373 per cent over last year, and showing no signs of slowing, the industry needs to be anticipating the next Mirai.
For Southeast Asia specifically, the threat is imminent. Frost & Sullivan found that almost half (49 per cent) of organisations in the region will be tapping the Internet of Things (IoT) for various business uses. This means that all our connected things -- cars, homes and even skin-embedded blood sugar monitors -- are going to multiply into a massive avalanche of unsecured end-points that threaten to consume the already overworked IT departments.
IoT is not just about the things. It is really about the applications and services that enable them. The unprecedented amount of data that will be flooding the gateway of applications and devices that power IoT, hold potentially serious consequences for security threats and privacy regulations. Finding a way to keep pace with rapidly evolving application availability, performance and security issues will be critical to handling the massive growth in IoT demand.
Opportunity in Disguise
The practice of zen propagates that we should solve our problems by treating them as opportunities. Perhaps the recent onslaught of cyberattacks was not a disaster, but an opportunity for us to restore balance to our security infrastructure.
In fact, there are many more lessons from the practice of zen that we can apply when we are dealing with cybersecurity in today’s threat landscape:
Gain self-awareness: Zen advocates the need for self-awareness – the clear perception of one’s true self, strengths and weaknesses. Similarly, from a security perspective, to know your existing IT infrastructure and networks, you first have to be able to see into all your application traffic, and be aware of its vulnerabilities. Mastering this level of visibility enables you to make the right investments in security infrastructure, detect any anomalies in network, and rectify before it even hits your organisation.
Simplify IT: The benefits of simplifying one’s life are immense. By spending time only on things that matter and getting rid of clutter, can we attain real happiness and peace. The first step to simplification comes from identifying what is most important. Similarly, prioritise what you need to protect. In an app-centric environment, you should identify all apps in your network -- whether deployed by IT or shadow apps installed by impatient employees -- and first secure those you deem to be most vulnerable.