Cybersecurity has come leaps and bounds since we first started exploring the internet. Technology and the knowledge surrounding it have also progressed significantly. With that, so too has our understanding of the need to secure and protect our connections.
Cisco has recently issued an advisory to customers to upgrade their routers. The advisory comes in light of a vulnerability which allows a remote attacker to execute arbitrary code in a series of routers. This would cause a Denial of Service condition which would prevent access to the internet and connected servers.
Source: Cisco
The vulnerability affects relatively dated business routers – specifically, the Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers. Malicious actors are able to access root privileges through the web management interface of the routers. While Cisco is aware of the exploit, it seems like the company has no plans to patch the vulnerability in these dated devices. Of course, the company has announced the end-of-life status in an advisory released back in 2019.
The only silver lining for those planning to continue using the aforementioned routers is that the vulnerability can only be exploited if the web management interface is enabled. This can be determined by checking the status within the settings of the router. That said, it is definitely advisable to update to a more current router for better coverage and connectivity if not anything else.
While many aspects of edge computing are not new, the overall picture continues to evolve quickly. For example, “edge computing” encompasses the distributed retail store branch systems that have been around for decades. The term has also swallowed all manner of local factory floor and telecommunications provider computing systems, albeit in a more connected and less proprietary fashion than was the historical norm.
However, even if we see echoes of older architectures in certain edge computing deployments, we also see developing edge trends that are genuinely new or at least quite different from what existed previously. These trends are helping IT and business leaders solve problems in industries ranging from telco to automotive, for example, as both sensor data and machine learning data proliferates.
Edge computing trends that should be on your radar
Here, edge experts explore six trends that IT and business leaders should focus on in 2022:
1. Edge workloads get fatter
One big change we are seeing is that there is more computing and more storage out on the edge. Decentralized systems have often existed more to reduce reliance on network links than to perform tasks that could not practically be done in a central location assuming reasonably reliable communications. But, that is changing.
IoT has always involved at least collecting data almost by definition. However, what could be a trickle has now turned into a flood as the data required for machine learning (ML) applications flows in from a multitude of sensors. But, even if training models are often developed in a centralized data centre, the ongoing application of those models is usually pushed out to the edge of the network. This limits network bandwidth requirements and allows for rapid local action, such as shutting down a machine in response to anomalous sensor readings. The goal is to deliver insights and take action at the moment they’re needed.
2. RISC-V gains ground
Of course, workloads that are both data- and compute-intensive need hardware on which to run. The specifics vary depending upon the application and the tradeoffs required between performance, power, cost, and so forth. Traditionally the choice has usually come down to either something custom, ARM, or x86. None are fully open, although ARM and x86 have developed a large ecosystem of supporting hardware and software over time, largely driven by the lead processor component designers.
But RISC-V is a new and intriguing open hardware-based instruction set architecture.
Why intriguing? Here’s how Red Hat Global Emerging Technology Evangelist Yan Fisher puts it: “The unique aspect of RISC-V is that its design process and the specification are truly open. The design reflects the community’s decisions based on collective experience and research.”
This open approach, and an active ecosystem to go along with it, is already helping to drive RISC-V design wins across a broad range of industries. Calista Redmond, CEO of RISC-V International, observes that: “With the shift to edge computing, we are seeing a massive investment in RISC-V across the ecosystem, from multinational companies like Alibaba, Andes Technology, and NXP to startups like SiFive, Esperanto Technologies, and GreenWaves Technologies designing innovative edge-AI RISC-V solutions.”
3. Virtual Radio Access Networks (vRAN) become an increasingly important edge use case
A radio access network is responsible for enabling and connecting devices such as smartphones or internet of things (IoT) devices to a mobile network. As part of 5G deployments, carriers are shifting to a more flexible vRAN approach whereby the high-level logical RAN components are disaggregated by decoupling hardware and software, as well as using cloud technology for automated deployment and scaling and workload placement.
Hanen Garcia, Red Hat Telco Solutions Manager, and Ishu Verma, Red Hat Emerging Technology Evangelist, note that “One study indicates deployment of virtual RAN (vRAN)/Open RAN (oRAN) solutions realize network TCO savings of up to 44% compared to traditional distributed/centralized RAN configurations.” They add that: “Through this modernization, communications service providers (CSPs) can simplify network operations and improve flexibility, availability, and efficiency—all while serving an increasing number of use cases. Cloud-native and container-based RAN solutions provide lower costs, improved ease of upgrades and modifications, ability to scale horizontally, and with less vendor lock-in than proprietary or VM-based solutions.”
4. Scale drives operational approaches
Many aspects of an edge-computing architecture can be different from one that’s implemented solely within the walls of a data centre. Devices and computers may have weak physical security and no IT staff on-site. Network connectivity may be unreliable. Good bandwidth and low latencies aren’t a given. But many of the most pressing challenges relate to scale; there may be thousands (or more) network endpoints.
Kris Murphy, Senior Principal Software Engineer at Red Hat, identifies four primary steps you must take in order to deal with scale: “Standardize ruthlessly, minimize operational ‘surface area,’ pull whenever possible over push, and automate the small things.”
For example, she recommends doing transactional, which is to say atomic, updates so that a system can’t end up only partially updated and therefore in an ill-defined state. When updating, she also argues that it’s a good practice for endpoints to pull updates because “egress connectivity is more likely available.” One should also take care to limit peak loads by not doing all updates at the same time.
5. Edge computing needs attestation
With resources at the edge tight, capabilities that require little to no local resources are the pragmatic options to consider. Furthermore, any approach needs to be highly scalable or otherwise, the uses and benefits become extremely limited. One option that stands out is the Keylime project. “Technologies like Keylime, which can verify that computing devices boot up and remain in a trusted state of operation at scale should be considered for broad deployment, especially for resource-constrained environments” as described by Ben Fischer, Red Hat Emerging Technology Evangelist.
Keylime provides remote boot and runtime attestation using Integrity Measurement Architecture (IMA) and leverages Trusted Platform Modules (TPMs) which are common to most laptop, desktop, and server motherboards. If no hardware TPM is available, a virtual, or vTPM, can be loaded to provide the requisite TPM functionality. Boot and runtime attestation is a means to verify that the edge device boots to a known trusted state and maintains that state while running. In other words, if something unexpected happens, such as a rogue process, the expected state would change, which would be reflected in the measurement and would take the edge device offline, because it entered an untrusted state. This device could be investigated and remediated and put back into service again in a trusted state.
6. Confidential Computing becomes more important at the edge
Security at the edge requires broad preparation. Availability of resources, such as network connectivity, electricity, staff, equipment, and functionality vary widely but are far less than what would be available in a data centre. These limited resources limit the capabilities for ensuring availability and security. Besides encrypting local storage and connections to more centralized systems, confidential computing offers the ability to encrypt data while it is in use by the edge computing device.
This protects both the data being processed and the software processing the data from being captured or manipulated. Fischer argues that “confidential computing on edge computing devices will become a foundational security technology for computing at the edge, due to the limited edge resources.”
According to the Confidential Computing Consortium’s (CCC) report by the Everest group, Confidential Computing – The Next Frontier in Data Security, “Confidential computing in a distributed edge network can also help realize new efficiencies without affecting data or IP privacy by building a secure foundation to scale analytics at the edge without compromising data security.” Additionally, confidential computing “ensures only authorized commands and code are executed by edge and IoT devices. Use of confidential computing at the IoT and edge devices and back end helps control critical infrastructure by preventing tampering with code of data being communicated across interfaces.“
Confidential computing applications at the edge range from autonomous vehicles to collecting sensitive information.
Diverse applications across industries
The diversity of these edge computing trends reflects both the diversity and scale of edge workloads. There are some common threads – multiple physical footprints, the use of cloud-native and container technologies, an increasing use of machine learning. However, telco applications often have little in common with industrial IoT use cases, which in turn differ from those in the automotive industry. But whatever industry you look at, you’ll find interesting things happening at the edge in 2022.
Unprecedented – that seems to be the word of the decade. In the past five years alone, we’ve seen so many things change; big tech players have faded into the ether, the world has gone through a global pandemic and now, we’re dealing with an increase in data breaches and leaks that could affect all of us. Most recently the world saw Facebook and its services go offline and the massive Twitch.tv breach. While Facebook has said that the issue is simply an error in their network settings, we cannot deny that their credibility has been called into question in recent weeks.
One thing that worries us is the scale and the size of the companies being targeted by attackers now. We can’t deny the size of Facebook; in fact, we interact with one or more of its platforms or products on daily basis. However, when it comes to Twitch.tv, not many are aware that the platform is actually an Amazon property. Yep – you read that right – Amazon.
These companies are large players that we depend on for everything from shopping to keeping in contact with loved ones. As a matter of fact, Amazon powers a significant portion of the internet with its web services AWS.
Noticing this, we were wondering – How can we, as consumers and regular Janes and Joes, prepare and protect ourselves from data breaches?
Attackers & Malicious Actors Are Becoming More Brazen
It comes as no surprise that attackers and malicious actors are becoming more brazen with their attacks and demands. In the case of Twitch’s breach, a slew of hate-related events plaguing the platform spurred it. It was a retaliation against what the individual(s) saw as a lack of action on the platform’s part.
Managing Director at Trend Micro Malaysia, Goh Chee Hoh, notes that “The primary motive for the hacker is not to reveal user information or monetary, but to disrupt and encourage competition in the online video streaming space, where the earnings exposure of the top streamers on the platform becomes part of the collateral damage.”
It would seem like we are more at risk of becoming collateral damage as malicious actors continue to target larger corporations. In Twitch’s breach, vigilante justice saw the earnings of the platform’s top streamers became collateral damage. Mr Goh also highlights this in his statement, “It sounds like the perpetrator carried out the attack as a form of vigilantism, in their own perspective.”
So, how does this affect us? For one thing, we can expect even more daring attacks. Large companies like Google, Facebook and even Microsoft won’t be spared. There’s no denying that we interact with one, if not more, of these companies or their services on a daily basis. Some have more of our data than others. That’s where we’re at the most risk.
Companies Need to Learn from Twitch’s Breach
Before we can talk about how we can protect ourselves from breaches, we have to talk about how companies can better protect us, as their users. We already know that many of them have processes, protocols and software in place for protection but there’s always a chance that these measures aren’t enough. I mean, human error is something we can never plan for completely.
Checks and Balances are Key to Maintaining Cyber security
Candid Wuest, Vice President of Cyber Protection Research at Acronis, highlights this in his comment on the Twitch breach, “Companies should learn that they need to verify and monitor configuration changes. With IT infrastructure becoming more and more complex the risk of errors raises as well.” Mr Wuest’s statement does seem to apply to the recent Facebook outage as well.
However, his colleague, Topher Tebow, an analyst at Acronis, goes a step further and highlights the need for zero-trust environments in today’s climate. He advises that companies should have “proper monitoring in place to detect malicious activity on the network, including data being moved out of the network. Many companies assume that if an authorized user is moving data, that the behaviour is most likely acceptable, but if a user’s credentials were compromised or the account was hijacked in some other way, data flowing to an unusual source could allow a security team to detect and block an attack early on if proper monitoring is in place.”
Complement with Proper Cyber security Solutions
Of course, even with these measures, companies need to have a proper defence firewall. Mr Goh does advise that companies should “adopt a multi-layered defence approach, by having security controls at various entry points of the system, from emails, laptops, to servers and networks.” In the case of the Twitch breach, an added layer that integrates with their native cloud services would have provided an extra layer for malicious actors to deal with which could have prevented the breach.
There really isn’t an excuse in this day and age for companies not to have these measures in place. Cyber security firms like Trend Micro and Acronis have been talking about a multilayered approach for years. It is even more crucial that companies take these measures as they embrace the cloud and work from anywhere. What’s more, digital-native companies should be the front line when it comes to the adoption of these measures.
What Can We do if Our Data is Compromised in a Breach?
The biggest pain point for us as consumers comes after the fact – when data breaches have already occurred. To be honest, we don’t really have control of what happens in the aftermath of a data breach. But, we can ensure that we minimise the potential damage that can occur in the wake of a breach.
Our First line of Defense: Change Them Passwords
In any data breach, the first thing we should do as users is to update our passwords. There are multiple ways to ensure you have a strong enough password to protect yourself. The first is to make sure you have a mix of characters, symbols and numbers. Doing this will make it harder for your password to be cracked.
On top of that, it goes without saying that longer passwords will take longer to crack. However, keep in mind that passwords that are too long have diminishing returns when it comes to remembering them. Another thing to remember is that dictionary words even with symbols replacing alphabets are less secure. While it is easy to remember, we’re in a world where AI has made it possible to understand and decode these even faster than ever.
In addition, keep in mind that the more you use the same password, the less secure it is. In fact, you become more at risk in a data breach. Therefore, use multiple different passwords; preferably a unique one for each service you use. It goes without saying, don’t use your banking passwords for anything else.
Two-Factor Authentication is Your Friend
As we’re moving on in a digital world, more and more of our services are using two-factor authentication. These measures, while cumbersome, will ensure that access to your accounts is more secure. This is implemented in multiple ways across different platforms using email, SMS or an app.
Using two-factor authentication adds an additional layer to access your account. In most cases, it will notify you when your account is being accessed. This will allow you to react immediately. Many of these two-factor authentication steps allow you to immediately lock down your account and change your password.
Be Vigilant
We will need to be vigilant in the wake of a data breach even if we are not directly affected by it. Acronis’ Candid Wuest reminds us that “data stolen in data breaches is often reused in personalized phishing emails”. With this in mind, keep an eye out for fishy emails or even Nigerian princes. Sometimes information from breaches can allow malicious actors to socially engineer phishing attacks that can mimic emails that you will find urgent or pertinent.
If you had banking or payment information linked to a breached account, you may have to monitor your bills more closely. Your other option is to cancel or change the card in question to make sure that you are able to minimise damage.
It’s a Question of When Not If
The biggest lesson all of us, consumers and companies alike, can take away from the recent breach of Twitch is this; it’s no longer a question of if we will be breached but when we will. It’s an inevitable fact as we progress into a more digital world. As more of our information is placed in the cloud and with corporations, they are increasingly made available to malicious actors if not protected effectively.
The fallout from a data breach is not pretty. More so now when countries have legislation that protects the general public from their data being abused. For companies, the fallout can affect their bottom line as customers look for more secure options. In addition, with GDPR and similar legislation, they could be facing fines for not effectively protecting the collected data.
For regular users like you and me, we have the added headache of trying to make sure we minimise our exposure. Everything from changing our passwords to activating two-factor authentication to even calling the bank to cancel cards; are added inconveniences that could affect our choice in services moving forwards.
Big tech and data breaches are becoming inseparable. We’ve been getting news of breach after breach since early this year. Nearly every tech space from Facebook to Neopets has been breached in the recent past. The latest platform added to that list is the popular streaming platform – Twitch.
Twitch’s data breach could be one of the largest to date. A whopping 125GB of data was uploaded to a (now removed) thread on 4Chan by an anonymous user. The data contained within the files date back to the early beginnings of Twitch. Everything from the platforms source code to their most recent Git commits has been uploaded. Together with this, payout information to the platform’s largest creators since 2019 have also been uploaded.
In addition to this data, the leak also contains data on Twitch’s network backbone which runs on AWS. It apparently contains some proprietary SDKs (Software Development Kits) and also information on “Every other property that Twitch owns” including IGDB and CurseForge. It seems like an unannounced competitor to Steam called Vapor for Amazon Game Studios is also contained within the files. Basically, it seems like everything and anything related to Twitch is within the 125GB.
Some users who have been looking through the data have also found that encrypted passwords and user information. So, it goes without saying that you should change your Twitch password if you have an account and activate two-factor authentication. You can do this in the privacy settings on Twitch itself.
Source: Ars Technica
The leaker made their motives crystal clear in their post. Noting, “Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them.” The hackers also ended the post with #DoBetterTwitch. More worryingly, the 125GB of data was labelled as “part one” which indicates there could be more incoming.
It’s probably apt to mention that the leak comes in the wake of the #ADayOffTwitch protest by creators who are trying to get the platform to take hate raids more seriously. The platform has been plagued by users who have used the Raid and tags features to actively harass others. While Twitch has been trying to be proactive, the most it has done is provide streamers with tools to try to control raids and even sue perpetrators.
The breach has since been confirmed by Twitch itself on Twitter.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
A cybersecurity firm, Acronis, has chimed in calling the breach “one of the most severe data breaches of late”. In fact, they say that there is, “a lot more damage now in store for Twitch”. Candid Wuest, Vice President of Cybersecurity Research at Acronis, also noted that “While [it is] yet unclear how the breach happened, it’s already harming Twitch on all the fronts that count – revenue, operations, users, influencers, market positioning.” He also noted that Twitch could be at greater risk as the availability of the source code will make it easier for malicious actors to attack the site. More importantly, the company is advising that users be wary and change their passwords as well as activate two-factor authentication on their accounts.
Candid Wuest, Vice President of Cybersecurity Research, Acronis
“Leaked data could contain nearly the full digital footprint of Twitch, making it one of the most severe data breaches of late. The 125 GB of data leaked so far might just be the start, according to the comments of the attacker. Internal network plans and marketing plans for future products could now be misused by attackers or sold to competitors. If the source code is exposed, we will see a spike in vulnerabilities discovered in related software. Having access to the source code makes it easy to find weak spots.“
Candid Wuest, Vice President of Cybersecurity Research, Acronis
In just the first four months of 2021, Trend Micro’s Research team detected 113,010 ransomware threats in Malaysia. Ever since the first detected case of ransomware infection in 2005 globally[1], ransomware has evolved. Over the years, ransomware has evolved and has resulted in the emergence of what is often termed modern ransomware; which is even more targeted and malicious in nature.
The recent attack on enterprise technology firm Kaseya[2], where hackers demanded US$70 million (RM290.92 million) worth of bitcoin in return for stolen data, is a stark reminder of the sweeping damage and disruption that modern ransomware is capable of.
Traditionally, ransomware attacks were conducted through a “click-on-the-link” that leads to compromised websites or spam emails. This was typically aimed at a random list of victims to collect moderate pay-out.
Today, threat actors have evolved their strategies to inflict greater damage on a company’s reputation and potentially collect larger pay-outs from high-profile victims. This is what is becoming known as a “double-extortion” strategy in modern ransomware attacks. According to Trend Micro’s research[3], criminals take these steps to personalize the attacks:
Organize alternative access to a victim’s network such as through a supply chain attack;
Determine the most valuable assets and processes that could potentially yield the highest possible ransom amount for each victim;
Take control of valuable assets, recovery procedures, and backups;
Steal and threaten to expose confidential data;
In Malaysia, Trend Micro found that the industries most targeted by ransomware are government, healthcare, and manufacturing[4]. As these sectors continue to play a role in driving economic growth in the country, it is clear that a multi-layered cybersecurity defence system is necessary. These enterprises will need to create such a defence to defend their networks and protect their business-critical data to keep up with the ever-evolving ransomware landscape.
In order to keep up with the ever-evolving ransomware landscape, among the three most important must-dos for Malaysian organizations are:
Maintain IT hygiene factors: Security teams should ensure that proactive countermeasures, such as monitoring features, backups, and trainings in security skills, are in place to enable early detection. Alongside that, everyone in an organization should also have the latest security updates and patches installed.
Work with the right security partners: Start by clearly defining the needs and priorities around enterprise security in an organization. Then, collaborate with a security vendor that aligns with these priorities to create a solid security response playbook to be used on an ongoing basis.
Have visibility over all security layers: In order for security teams to be able to detect suspicious activity early-on and to respond to cyber attacks quicker, organizations should utilize tools such as Trend Micro Vision One, which collects and automatically correlates data across email, endpoints, servers, cloud workloads, and networks. By putting the right technologies in place, enterprises can also help reduce the alert fatigue commonly faced by security operations centers (SOCs), with 54% reporting that they are overwhelmed by alerts[5].
In today’s world of constant attacks, cybersecurity should be a top priority for everyone across the entire organization; and not just be the sole responsibility of the security team. While an organization can eventually recover its data or financial resources post-attack, the loss of trust among customers and partners will be a difficult challenge to remedy. All stakeholders must collaborate, invest in proper resources, and take proactive steps to transform workplace culture and best practices in order to stop pernicious ransomware threats at the door.
Facebook seems to be having a row of things recently. The company initially faced humongous backlash on their implementation of data sharing policies between popular messaging app, WhatsApp, and the larger company. Now, it looks like old wounds are reopening for the company as data from a breach that happened in 2019 has surfaced on forums in hacking forums.
The breach involves over half a million users from over 100 countries with data such as their phone number, emails and even birth date. Malaysia is listed in the countries affected with over 11 million users having been compromised. The breach was first reported by Business Insider. Business Insider has also verified the data in the leak by testing password reset requests. A spokesperson for Facebook has confirmed the data breach. The person also confirmed that the data breach occurred due to vulnerability which was identified and patched back in 2019.
While the data is 2 years old, the fact that it is readily available online at this point is a worrying fact. Data like birthdates, phone numbers and emails can be used to socially engineer scams. In fact, due to the phone numbers being leaked and made readily available, the likelihood in getting scams over SMS and phone calls are heightened.
Acronis Vice President of Cyber Protetction research, Candid Wuest, advises that, in light of the leak, “There is now a higher risk of SMS spam, but also password reset attacks and attacks against other services that use SMS for MFA are now more likely. Users should therefore change from SMS-based MFA service where possible for critical accounts.”
The fact that the leaker has readily made the data available for free can be puzzling. However, according Wuest, “As the leaked data does not contain any passwords or payment card details it is of less value to attackers. Furthermore, at least two third of the data was already available from previous leaks. It is not uncommon to see such data sets being made available for free, as they would not yield much profits on underground site. Such large data sets tend to not stay private for very long anyway.”
The new leak brings into the spotlight the amount of personal data we have available online and especially on social media. It also brings into question Facebook’s privacy policies which govern and protect data stored on their service. What’s even more worrying is the fact that Facebook wasn’t the notifying users, instead, the leak was reported by twitter user Alon Gal who has since been looking at and verifying the data leak. Facebook has only confirmed the occurrence of the breach and has not even notified users that were affected.
As we begin the new year and look back on 2020, it is undeniable that technology has played a crucial role in helping everyone, young or old, to stay connected with our loved ones as we experienced variations of lockdowns in the past year. However, are you aware that there are stark differences in people’s usage behaviours on social platforms, even between those who were born just a few years apart, such as millennials (currently aged 25 to 40 years old) and Gen Z (currently aged 24 or younger)?
Most millenials are digital immigrants, meaning we remember a time before mass technological adoption. This is different from Gen Zs, who are the first generation to be considered true digital natives. They were born into a world of vast technological advances, with the internet as an integral part of their day to day. They don’t know a world without smartphones and broadband internet. Hence, how they think, communicate, use and don’t use the internet is different from the generations before them.
Additionally, as people observe stay at home orders during the ongoing COVID-19 pandemic, they are increasingly turning to indoor activities enabled by the internet; communication, commerce, entertainment, fitness, and learning now take place virtually. This will undoubtedly accelerate digital transformation across many businesses, which will in turn sustain the digital economy.
Gen Z is uniquely well-positioned to continue driving this transformation as they are digital natives familiar and comfortable with new technologies quickly. Digital technology has shaped them, and we should take a page out of the Gen Z book when it comes to some habits and practices.
Value the importance of authenticity
According to Snap Inc. and JWT Intelligence’s “Into Z Future” study, when asked to develop a slogan for their own generation, Gen Z respondents overwhelmingly suggest some variation of “be yourself” – such as “just be you”, “just be yourself”, and “do what makes you happy.” This is a positive mentality to have.
It is important that we value authenticity over ‘perfection,’ which takes courage and confidence. We should not fear judgement or being perceived negatively for being who we are, especially when we are among friends. Honesty is a value that the majority of Malaysians, regardless of their age group, want between themselves and their best friend. The 2019 Friendship Report found that Malaysians want their best friends to be more honest and open about their feelings.
Before we can demand honesty from our friends, we need to first be our true, honest, and authentic self! After all, friendship is a two-way street – Gen Zs seem to have figured that part out.
Not everything is meant to be shared
According to Snap Inc.’s 2019 Friendship Report, millennials come out on top as the most “share happy” of the generations. Millennials are the least likely to say “I wouldn’t share that” across most categories surveyed including their love life, mental health issues, and money concerns. However, oversharing can have negative consequences, such as safety issues, loss of jobs, or risking personal reputation.
As digital natives, Gen Zs are likely to be more private, having learned from the mistakes made by the older generations. Gen Zs’ familiarity with these platforms means that they carefully choose how and where they share. They prefer ephemeral content that disappears, on social messaging platforms such as Snapchat. For example, they prefer to share details about their love life with their best friends over private messages as compared to millennials who would share about it on social media.
Gen Zs understand implicitly that just because we can share something with the world, it doesn’t mean that we should. This is a mindset that we should all adopt.
Bigger isn’t always better when it comes to friendship circle
Gen Zs are adjusting their approach to friendship, which differs from millennials’ desire for a wide network. The former is looking for more closeness and intimacy with a smaller social circle, where they can be their unfiltered, authentic selves. In contrast, millennials are the most likely of any generation to want “as many friends as possible.”
This is the same in Malaysia, where older generations gravitate towards forming friendships with as many people as possible, while Gen Zs (37%) are selective over the people they let into their close circle of friends.
While we all know the positive benefits of having close friends in our lives, a larger pool is not always better. According to friendship experts, a larger group of friends can take a toll on a person because there is greater pressure to open up to many different people and invest in those relationships. It seems that this is a life lesson that Gen Zs have already learned. Based on the above, we can see that there are a lot to be learned from different mindsets, and generation gaps do not just have to be a woeful reminder of “the good old days.” Look at things in a new light and shed your preconceived notions
The question of ‘hackability’ and the overall security of our smartphones is one of those issues that seems to pop up in the news. After all, we use our smartphones for just about anything – sharing photos, ordering food, shopping online, sending emails and messages, banking and financial services, etc. – without realising all of the ways we could be putting our device and ourselves at risk, allowing cyber-criminals to get access to our sensitive data.
While many of us are better informed today about the potential dangers of being connected on our smartphones, hackers and cyber-criminals are also changing their methods of attack. As the global pandemic have left many of us stuck at home and more reliant than ever on our mobile devices, cyber-criminals have also adapted new ways to target users. Over the Movement Control Order (MCO), cybersecurity cases spiked by 82.5% compared to the same time last year, with 18% attributed to attacks against local companies and the remaining linked to home users and others[1].
Recognising Cyberattacks and the Need for Cyber-resilience
Among the new waves of attacks brought on by the pandemic are COVID-19 themed phishing lures, high-risk fake domains, and scams[2]. These new methods employed by cyber-criminals are aimed at taking advantage of the public fear of the virus, combined with heightened stress levels from unfamiliar ways of working. The most common attacks in Malaysia can be attributed to phishing attempts, the spread of malicious code via untrustworthy websites, and passwords, as below:
Phishing Emails – Reports have found that 91% of all attacks begin with a phishing email to an unsuspecting victim, with 32% of all successful breaches involve the use of phishing techniques[3]. While many of us have been educated on recognising phishing emails, these attacks are still effective, and can fool even tech-savvy individuals.
Malicious Websites – Compromised websites is a main avenue for spreading malware infections on mobile devices. Limiting your browsing activity to reputable websites can reduce the possibility of infection.
Password Security – A survey revealed that 59% of respondents use the same password for multiple accounts, citing convenience and a fear of forgetting their password as the reason for this practice[4]. However, this allows cyber-criminals to access all your accounts easily through one single credential. Therefore, it is advisable to use different passwords across accounts.
Cyberattacks continue to grow day-by-day, and it is crucial that we learn to minimise risk, with good cyber habits being a pivotal and essential first step in combatting threats.
Defending your Smartphone, the Moment it is Turned On
As such, while it is important to take steps and measures to protect yourself online, it is also crucial to have a strong security platform on your smartphone, helping you encrypt and secure confidential data. Most smartphone breaches happen because they may not be equipped with advanced security measures, have outdated systems that may not be able to withstand current attacks. Similarly, smartphone owners may also not consider the importance of securing their phones or performing regular security check-ups. However, there are certain devices that come with a safe and secure in-built mobile interface to keep your personal data protected.
For example, Samsung Knox sets a foundation of security to users at both the hardware and software level as a security platform that’s integrated within Samsung smartphones, tablets, and wearables to protect it against malicious threats. Whether it is protection against phishing attacks or potential malware infections, the Samsung Knox platform has security integrated into its DNA, providing multi-layered security with data encryption and run-time protection within Samsung devices to keep sensitive information safe from online threats. Users can safeguard passwords, save private files under a secured folder, and even secure mobile transactions with Samsung Knox. Getting to know your security platforms is just as important when considering the range of services that is available to ensure that it is updated to meet global information and technology security requirements. This helps its users stay ahead of the modern-day threats with its game-changing security features.
Given that smartphone usage has only grown exponentially over the past few years, it is important that we have more security platforms allowing us the freedom and peace-of-mind in staying connected. Similar to how Samsung Knox have.
On top of having a top-tier security platform for your data, having that protection extended to all the essentials in a mobile device is equally important. While many of us are familiar with installing apps on our phones, we may be unfamiliar with the authenticity of the sources producing these apps. Learning to identify unverified and suspicious sources can help users identify potentially harmful apps.
Similar to how Samsung devices come built-in with Google Mobile Services (GMS) to help ensure that your vital applications have the latest updates and patches from verified sources, using trusted sources from well-known app stores like Google Play can help protect you from downloading and installing apps that can harm your devices.
Staying Secure, Safe, and Savvy about Security
Cyberattacks are nothing new, the challenge is in identifying and combatting the updated approach that many cybercriminals are using when it comes to their targets and the frequency of their attacks. Whether it is a hacking attempt by a third-party app or a fraud email redirecting you to a malicious website, most cybercriminals have one common goal: exploit your personal data and use that data to make profit. As such, it is critical that we keep our sensitive information protected at all costs, with the help of a smartphone built with highly advanced security features to always keep you safe from unwanted threats.
2020 will be remembered as the year the world experienced its largest ever work-from-home experiment as the global pandemic forced businesses to move operations online and adapt to a new distributed workforce.
As some markets around the globe gradually ease some restrictions and allow employees to go back to the office, the situation remains in a delicate balance and work as we know it has been redefined for many. Increasingly, organisations are embracing the new work model and the many benefits that come with it including increased employee well-being and better work-life balance. In fact, some organisations are now establishing permanent work-from-home policies with 60 percent of the largest companies integrating flexible virtual-physical collaborative environments by 2021, according to Bain & Company. This is supported by Lenovo’s Work From Home survey which found that nearly half (46 percent) of employees are as productive when working from home as they are in the office, with 15 percent saying that productivity increases at home.
The survey also found that 87 percent of workers feel somewhat ready to adapt to a distributed, work-from-anywhere environment if required. So too are cybercriminals. The looming uncertainty among employees of the delicate, everchanging global circumstances, combined with their unfamiliarity with the new work arrangement, has created a wealth of opportunities for cyber-attacks. Cyber criminals are taking advantage of the situation to launch COVID-themed attacks, phishing attempts and spread fake news. In Malaysia, cybersecurity cases have seen a surge of more than 90% during the Movement Control Order (MCO) so far compared to the same period last year, CyberSecurity Malaysia revealed.
Watch for your blind spots
With employees accessing confidential data from various devices, locations, and unsecured networks, it opens more endpoints and vulnerabilities for cyberattacks. In our hyper-digital and mobile world, hardware security is becoming ever more critical, as across the globe, each person is expected to own 6.58 network connected devices in 2020. In fact, according to cybersecurity solutions provider Sepio Systems, there has been a 300 percent increase in the number of new connected devices from unknown vendors attached to the enterprise network.
While a majority of employees are working primarily from home, it is only a matter of time before they begin heading back to shared workspaces, coffee shops and planes and once again enjoy the flexibility of working from anywhere. This means that an organisation’s network, database and confidential files may be accessed from unsecured VPNs, unknown networks, and rogue access points. Without proper security standards put in place, hackers can easily gain access to an organisation’s network via vulnerable devices and execute attacks remotely. Organisations must take this into consideration and be on the offensive to mitigate potential attacks before malicious entities infiltrate company systems and confidential data.
Adopt a Zero Trust mindset
The nature of a distributed workforce removes the luxury of face-to-face identification and validation. Tech Wire Asia reported that cyber scams based on COVID-19 becomes prevalent in recent months, as hackers look to capitalize on the virus-driven uncertainty affecting individuals, enterprises, and governments. This means that organisations must double down on their efforts in credential and access management and continue to educate employees to identify and weed out impersonation scams and phishing attempts. As hackers grow in sophistication, organisations and employees must take a Zero Trust. In order to protect business and employee data, organisations must implement a system to ensure that the right people have access to the right data at the right time, on a ‘need-to-know’ basis.
Empowering a distributed workforce with cybersecurity
To reap the full benefits of a distributed workforce in the long run, organisations must provide employees with secure devices and create a safe digital environment to operate in, allowing them to focus on the job at hand. This shift to a decentralised work environment means that IT teams must have extended visibility over digital platforms and the organisations digital ecosystems in order to identify and mitigate potential threats in a timely manner.
However, with the shortage of cyber talent and growing digital footprint, this can take a toll on IT teams. IT teams must be supported to enhance their capabilities with solutions that provide both hardware and software security. For example, Lenovo’s ThinkShield solution helps secure devices from development through disposal, giving IT admins more visibility into end points and providing easier and more secure authentication. Lenovo has also partnered with SentinelOne to leverage its behavioral AI technology to predict tomorrow’s attacks today and allow ThinkShield devices to predict cyberattacks and enable devices to self-heal from any attack instantaneously, adding another critical layer to our ThinkShield offering.
As employees have quickly adapted to new work structures in these unique times, organisations must also embrace the risk that comes with it and put in place the right measures and solutions to create a secure and robust environment for employees to operate in. One way Lenovo helps organisations empower employees is by offering services that supports remote workers. For employees who do not have access to IT helpdesks, Lenovo’s Premier Support allows for direct, 24/7 access to elite Lenovo engineers who provide unscripted troubleshooting and comprehensive support for hardware and software. This results in less downtime for end users when things go wrong, freeing IT staff up to focus on strategic efforts.
Only then will organisations and employees be able to reap the full benefits of a distributed workforce and build a stronger digital foundation to effectively navigate and succeed in the new world of work.
Small businesses are some of the most represented in many countries, employing millions of workers and making a huge contribution to the global economy. In fact, they represent around 90% of the business population and more than 50% of employment worldwide. In recognition of the sector, the General Assembly of United Nations declared June 27 a Micro-, Small and Medium-sized Enterprises Day to “raise public awareness of their contribution to sustainable development”. Such initiatives become even more relevant today, when many small companies face challenging times due to the pandemic. With small businesses looking to get going again, now is the time to take on board lessons learned and improvements that can help organizations move forward.
Technology as one of the key factors for survival
To adapt to the new reality, businesses have been strongly advised to adopt and embrace new technologies so they can continue to operating effectively during the COVID-19 lockdown. That meant introducing new digital tools for collaborative working or specific ones for online sales for example, to enable effective remote working while maximizing productivity. Indeed, according to a survey from the Connected Commerce Council, 76% of small enterprises in the US said they rely more on digital tools than before the pandemic and that without their use, a third would have had to close part or all of their business.
However, the attitude towards technology implementation is not uniform: some companies do not feel ready to adopt digital services and are reluctant to accept changes, even when operating under normal circumstances. Any halt to normality, or a crisis, can highlight the value of deploying new technology. I don’t mean dramatic innovations like the implementation of artificial intelligence or the Internet of Things. I’m talking about using technologies that facilitate operations, such as cloud-based or more convenient software.
Expectation of cloud adoption versus reality
Although cloud and SaaS are still buzzwords and their adoption rates considered high, many small businesses of up to 250 employees still use on-premise solutions. According to a survey from Analysys Mason, cloud-based applications are the top priority for these businesses, and 60% of them are planning to increase spending on cloud services. However, the survey also revealed that on-premise solutions still dominate in all types of services – including productivity, procurement, and business management software, among others.
The COVID-19 lockdown revealed the extent to which companies are ready to move the entire office to work remotely. Those that only have on-premises infrastructure may have struggled, as their IT administrators would not have had the tools or knowledge to manage employees’ desktops remotely.
Uncertainty, risks and compliance issues, and a lack of resources are all common reasons to resist making the move to cloud solutions. Lack of resources in particular is cited time and again, with IT managers of small and medium companies often having to maintain their infrastructures on a very limited budget or without any at all. With many businesses currently more focused on meeting immediate demands, it is understandable for strategic visions to be put on hold. But, as soon as the crisis is over, it will be important to bring back priorities and make adjustments to IT operations according to lessons learned.
Resistance to change
Sometimes, even small changes – such as software improvements that are designed to simplify usage – are met with mistrust.
Let me give you an example from our experience at Kaspersky. We regularly update our product features and functionality to enhance the user experience, such as, turning processes from manual to automatic to simplify security management. However, customers get used to manual actions and our support team often receives feedback asking for features to return to the previous way of working.
For example, in older versions of our endpoint security product for Windows, there was an option to manually manage a security application update, run and stop it. In later versions, a seamless upgrade was introduced to reduce the number of manual operations for IT administrators, meaning there was no ‘update’ button any more. The updates rolled out automatically when it was necessary, even when no one was working on a device.
Our product support team received dozens of requests from customers about this update, as they believed the product worked incorrectly. Most of the requests included questions like where to find the manual function, how to use it in the new version, why it has disappeared, and how to bring it back. As well as a reluctance to change, this reaction also highlights a key lesson for us as a vendor: all improvements should be explained to customers very carefully so they understand and buy into the benefits.
Change is scary but inevitable
COVID-19 has brought huge challenges for many small businesses. But if there is one positive to take from the situation is has to be the readiness for changes. All of the examples highlighted above are not only about taking a conscious decision to move to the cloud or a new way of working. It is about making a change to your overall mindset. Businesses should be open to new ways of doing things, especially if it simplifies their work. Changes don’t need to be wholesale, but small ones that make daily routines that little bit easier. During challenging times – like the one we are experiencing – when businesses have to transform on the fly in order to survive, this mindset will serve them well. I personally hope that the current crisis will never be repeated, but it’s always better to be prepared for anything that might come your way.
