网络攻击是世界各地的IT安全专业人士的严重关注,亚太地区也不例外。无论是购物,社交还是游戏,人们都迅速拥抱了移动生活方式。数字转型是使企业能够创新和创造效率,从购物乘车到工业机器人。数字正在改变政府运营的方式,并使城市快速增长更安全,更高效。
但是,整个地区的数字技术的普及意味着更多的人和企业来自网络攻击的风险。
A Growing Risk
According to the risk management firmMarsh & McLennon,it takes Asian organizations 1.7 times longer than the global median to discover a breach. Spending on information security is also lower than in North America, and most users do not receive security awareness training.
Those findings align with the observations of cybersecurity professionals surveyed at the 2018 Black Hat Asia conference. Attendees expresseda high level of concern over targeted cyberattacks and potential breaches of critical infrastructure.Sixty-two percent believed that their organizations will have to respond to a major security incident in the next 12 months.
来自网络攻击可能是严重的。虽然亚洲的数据隐私法不如欧洲那样严格,但例如,财务影响仍然可能是严重的。根据分析,APAC的一个大型组织可能会产生3000万美元的经济损失Microsoft and Frost & Sullivan.由于网络安全事故导致该地区的潜在经济损失可能达到1.745万亿美元 - 该地区总GDP的7%以上。
In a 2018 article about theSingHealth cyberattack,we see attackers successfully compromising workstations and conducting data exfiltration activities for eight days. The resulting impact was 1.5 million patient records were stolen, including health information about the Singapore prime minster.
These internal activities are difficult to detect given the multitude of IT systems and network segments to monitor. Many enterprises today have a lack of visibility and capability to derive important insights. An attack on smart healthcare systems could have significantly larger consequences than a data breach, which makes the issue of cyber-physical attacks highly pertinent to organizations in APAC.
Greater Visibility
企业需要更高的可见性纳入其网络安全状态,因此他们可以采取具体行动来探测和打击威胁更快。
Identifying who and what connects to the network is a critical first step. Solutions like Aruba ClearPass can自动控制访问to the enterprise wired and wireless networks so that only authorized users and devices can connect. With ClearPass, IT finally knows exactly what devices are connected to the enterprise network, how many there are, where they’re connecting from, and which operating system they’re running.
IT also can use ClearPass to enforce appropriate policies, regardless of user, device type or even time of day. This is critically important not only for the multitude of laptops, phones and tablets that connect to the enterprise network, but also for the exponentially growing number of sensors, security cameras and other IoT devices that could be wide open to security threats.
The next step is to protect resources dynamically and neutralize threats as quickly as possible. For instance, an outdoor security camera that starts scanning the corporate network at 3am could well indicate a compromise of the internal network. If unusual behavior is detected, network access for that device can be immediately terminated.
New Insight into Inside Attacks
Taiwan Semiconductor Manufacturing Co., Ltd (TSMC), the manufacturer of chipsets for Apple, Nvidia and Qualcomm, had to stop production for three days back in August 2018, impacting the company’sthird-quarter revenue of NT$260.35 billion由于一个达到2%attack by the known WannaCry.
在台湾制造业是吹捧工业4.0的时候,许多制造商正在部署更多的IOT设备并试图将更多的制造设备连接到互联网。TSMC攻击暴露了可能的利用和信息安全状态。
今天的复杂攻击可以避免传统的周边防御,并且往往缺乏对这些内部攻击的可见性。这就是为什么组织越来越多地期待基于AI的机器学习来发现用户行为的变化,表示这些内幕攻击的用户行为。
阿鲁巴内在检测受损的用户的系统或设备使用监督和无监督的机器学习模型来查看典型IT访问和使用情况的Telltale更改。内部可以检测杀戮链中的目标攻击,包括帐户滥用或接管,命令和控制,数据exfiltration,横向运动,特权升级,赎金软件等等。
When the subtle signals are aggregated and put into context over time by advanced machine learning models, the presence of an upcoming attack is confirmed and alerted. Through tightly integrated bidirectional communication, IntroSpect then triggers ClearPass to take action and terminate access.
Once the threat is under control, an analyst can then turn to IntroSpect’s big data-based incident investigation system where the entire IT history of the entity under scrutiny—down to the packet level—is available in seconds, so that decision making and remediation is cut from hours and days to minutes.
Context from the security ecosystem can be used to enhance network visibility and strengthen enforcement. ClearPass and IntroSpect integrate withhundreds of third-party solutions,including McAfee endpoint security, Palo Alto Networks firewalls, MobileIron mobile device manager and 2FA solutions like GoVerifyID.
了解更多
Learn more about securing the enterprise.
Five Ways Cybersecurity Can Break Smart Cities
