Dodging a Bullet: What Southeast Asian Founders Can Learn From The WannaCry Attack
Acronis’ VP of engineering Eugene Aseev shares how you can beef up your security arsenal
PHOTO CREDIT: Getty Images
If there’s one thing certain in today’s world, it’s uncertainty. On May 12, as people were wrapping up the work week, a global cybersecurity attack crippled some 200,000 computers in more than 150 countries, affecting major businesses and organizations, including Britain’s National Health Service, FedEx, Nissan, and the Russian Interior Ministry.
Touted to be the world’s biggest cyberattack, the number of victims by the WannaCry ransomware has since ballooned to over 300,000. People in Asia, where offices had already logged off last Friday before the ransomware spread, came back to work on Monday, and the latest round of victims now includes Japanese electronics maker Hitachi, a Korean theater company, and some 40,000 businesses and institutions in China.
The truly unfortunate thing about the attack is that it could have been avoided. According to Eugene Aseev, VP of engineering and head of Singapore R&D center, Acronis, “had the users installed the latest Microsoft Windows update, which fixed the particular vulnerability the hackers went after, the WannaCry ransomware outbreak could’ve been prevented. You must always pay extra attention to OS updates.”
In Southeast Asia, where countries like Singapore, Malaysia, Indonesia, and Thailand are among those that invest most in IT, the latest Gartner reports reveal that the region is still considered “pretty weak in terms of information security against cyber threats. In the same WannaCry attack, Taiwan, Indonesia, and China were hit pretty badly, with critical infrastructures like hospitals and migration services having suffered—and there’s a reason for that,” Aseev says, adding, “Did you know there was a year-long study revealing that cyber security breaches took almost three times longer to be identified within the APAC region compared to global figures? If a business in the U.S. takes four months on average to discover a breach, in Asia it can be as much as 17 months.”
Such grim statistics lead to Asia often being the likely target of cyber offenders, “and they sure take that opportunity,” says Aseev. “In 2016 alone, 27% of all ransomware attacks targeted enterprises and individuals based in APAC—the highest rate among all regions, ahead of EMEA (25%) and Latin America (22%). According to the latest study done in Singapore, one of Asia’s leading IT and financial centers for that matter, a third of mobile users there don’t even install security software on their phones. Talk about security,” he says.
How, then, can Southeast Asian start-ups protect themselves from such cyber threats as WannaCry? Here are some of Aseev’s insights:
1. Saying ‘No’ could spell trouble for you
When it comes to security, Aseev says you need to first and foremost ask yourself these three questions: Is your software, and particularly your OS, configured to be updated automatically? Do you perform backup of important digital assets to a safe location regularly? Are you using a well-known endpoint protection solution?
“If at least one of your answers is ‘no’, then sorry but it’s only a matter of time before you’re exposed to threats like WannaCry,” he cautions.
2. Follow the 3-2-1 rule
Regular backup is a must, insists Aseev. Updating your software automatically is one step, he says, but while it protects you from a particular rising threat, “a regularly performed backup is your defense against anything trifling with your data. Be sure to follow the 3-2-1 rule: have at least three copies of your data, two of which are local, but on different devices, and at least one copy off-site.”
3. As technologies evolve and become more sophisticated, so do cyber threats
Exploits such as WannaCry will definitely remain the most powerful and large-scale cyber weapon, says Aseev. His other predictions? “There will be more Internet of Things attacks driven by uncontrolled deployment and usage. Insider attacks will also continue to grow and be more sophisticated,” he says.
With such ominous prospects, start-ups should beef up their security arsenal. “Know your data—treat sensitive and private data with special care. Learn to control ‘Shadow IT’ or systems and solutions built and used inside organizations without explicit organizational approval. And always avoid switching new devices to network in default configuration,” advises Aseev.