Network security threats Singaporeans must brace for in 2013

Singapore, with its extensive information and network infrastructure, has been at the forefront of Internet and information technology adoption. With such pervasive technological adoption comes risks and breaches, some of which have been reported before.

Looking ahead, we need to be vigilant in at least a few of network security threats, some of which have been ongoing for as long as there was the Internet, while some are new and emerging threats.

The war against information and network breaches continues to escalate, as more and more incidents have shown just how vulnerable we can be.

For continuing threats, we need to continue to be vigilant about social engineering and internal threats, both of which rely on trust between people, and can put organizations at great risk when internal people and external posers use confidence and trust to breach networks and information resources.

We need to educate our people on best practices and how to avoid falling into confidence traps, and to refer any possible risk to internal experts and leaders.

Another continuing threat is the rise of the "bring your own devices" (BYOD) phenomenon. More and more users bring their own multimedia-capable laptops, tablets and smartphones to the office, and many of these devices need to be better managed, and any technology that can compromise internal security should be managed and locked down (e.g. built-in cameras and microphones).

An extension of the BYOD phenomenon is the rise of cloud computing. Many modern tablets, smartphones and netbooks tap on individual cloud accounts which can potentially leak out internal and restricted corporate information resources.

Relying on individuals to secure their cloud accounts can create great control and administration headaches for IT managers within organizations.

Some of the more virulent and increasingly sophisticated security threats come from Advanced Persistent Threats (APTs), botnets, and precision targeted malware.

There are already quite a few high-profile security breaches due to APTs that targeted both commercial entities and government agencies.

APTs are insidiously designed so as to gain access to networks quietly, making them extremely hard to detect except for the equally sophisticated information defense technologies. APTs can attack well-known operating systems, productivity apps, and even embedded systems.

Botnets extend the potential damage by tapping on vulnerable hosts found worldwide, creating a highly redundant distributed network of attack hosts. Botnets may be one of the threats that will bother many IT managers for a long while yet.

Let's not forget intruders today are no longer doing it for mere fun, but more often, for illicit profit through extortion and other means. The rise of precision targeted malware that execute only on intended environments or systems means that it will be extremely hard to detect such targeted malware.

2013 will be yet another year that requires many of us, who are IT practitioners, to sit up and put our ears to the ground, and to defend the information assets and networks we are responsible for. This is one resolution we cannot afford to neglect for the new year.