Staying Ahead of the App-centricity Game: What's essential to stay secure?

Engaging in all things tech and traveling often are what I live by. While I am a full-time Apps and Networks enthusiast, I love to unwind by travelling around Asia Pacific during my time off. As I travel around our beautiful and dynamic region, one thing that strikes me is the fact that no two visits are the same—as countries here integrate digital technologies in their ecosystems.

While in China, I am in awe of how powerful an app could be. Using WeChat—the app that runs China’s economy—I could do anything I wanted. Just a couple of taps on the app allowed me to buy food at a local vendor, or book a taxi. Indeed, I was blown away by how this app enabled me to do (almost) everything.

However, this app-mania is not confined to China alone. This rising trend of app-centricity that we are witnessing today is happening across Asia Pacific. Back home in Singapore, I often store my payment information in apps such as Grab, Lazada and even DBSPayLah!. To be completely honest with you, I often get mildly irritated (and suspicious) when I’m asked to pay in cash! (Am I the only one? I sure hope not.)

You should know by now that we are also able to sign into different apps with our existing Google or Facebook account, without having to create new log-ins? How so very convenient! Unfortunately, while these features provide us with a fuss-free or frictionless experience, especially since we need not re-insert information and remember passwords, it comes with a compromise—in terms of our privacy and application security. We often readily surrender our information without a second thought. I am guilty of that too, having learnt that human laziness and demand for convenience are the key factors that attackers rely on to exploit our sensitive data.

So if laziness and convenience are the key factors that attackers rely on to exploit sensitive data, what does this mean for businesses?

Security must be proactive and not reactive

Cybersecurity is of a greater concern today, especially here in Singapore. Whether it comes from BOTs mounting DDoS attacks or Malware attempting to infiltrate IOT devices like Home IP cameras, the truth is that we are all at risk of a malicious attack every four seconds. Cyberattacks now have the capability to cripple company finances and are likely to cause massive disruptions in the next five years—with its impact comparable to that of severe weather events or natural disasters.

Businesses, both small and large, must respond, or risk tarnishing a company’s reputation, leading to potential financial losses—close to 70% of customers would stop doing business with a company if it experiences a data breach. As businesses and technologies evolve to face new security threats and increased network traffic, I believe it is paramount that applications, and the networks supporting them, are agile and configured to adapt quickly.

While not every cyberattack is preventable, we can minimize losses and unexpected downtime with a proactive security approach that will enable us to identify threats before they escalate in severity. This will also provide us with visibility into mitigating future problems.

One unsecured device is all is it takes to compromise the entire network of a business

The proliferation of apps has meant that workspaces are no longer confined to the traditional four office walls. Digital workers today are increasingly demanding remote access—and this includes sensitive company information—anytime, anywhere.

While this practice of accessing confidential documents and database via one’s own computers or devices is popular and well-established, it does pose a significant risk to a business’s security posture. This is very much the case in Singapore, where 66% of Singaporeans frequently use their personal mobile devices to check work email via applications.

Mobile malware is evolving in sophistication at an alarming rate and it often spreads because users unwittingly download applications, through which cyber criminals have deliberately infected. Industry experts have warned users that apps primarily designed to increase productivity and efficiency are increasingly being targeted by cyber criminals, as they can use the apps’ connections to gain access to confidential data. In fact, just last year, some 3.3 million malicious apps were detected in Asia Pacific—the highest number globally. To reinforce this point, research from F5’s Threat Intelligence Lab revealed that in 86% of the 443 breaches detected over the last decade, attackers had targeted apps and/or used stolen credentials. Similarly, applications were also the initial targets of 53% of breaches.

In the face of such threats, we have to all take measures to reduce the likelihood and impact of such attacks. Firstly, I would recommend for the installation of security software on business computers and devices, while ensuring that such software includes filters such as anti-virus, anti-spyware and anti-spam. This, along with a firewall, should help in protecting internal networks and portable business devices. 

A company’s cybersecurity is only as strong as its weakest link

Even if we have the most sophisticated security technology, our employees are still the weakest link. In a recent PWC survey, 38% of Singapore companies cited human error as the likely source of cyber incidents, with an IBM study revealing that human error was a contributing factor in more than 95% of cyberattacks.

This goes to show that while employees very often do not intend to inflict harm on their company, they are often an unwitting cause of security breaches. This stems from a culture that fails to prioritize security. While Singapore may be one of the most advanced regions in the world with its cybersecurity strategy and smart initiatives, some organizations have been slow to pick up the pieces after experiencing a cyberattack.

Businesses need to make cybersecurity a top priority by clearly communicating their security policies, educating their employees on how to detect potential threats of cyberattacks, and what to do when faced with such attacks. At F5, we incorporate cybersecurity into our employees’ ongoing training and education curriculum.

The saying goes, “deliberate practice makes perfect.” In order to test if employees have put their knowledge into practice, my team partakes in regular cybersecurity drills to test our readiness. We do so by instilling ‘secure behaviour’ such as always connecting through our company-provided VPN, avoiding access of sensitive information over public WIFI networks, and regularly changing our passwords. These exercises have provided us with the confidence in preventing unintended and accidental data breaches.

Let’s not wait till we become victims of cyberattacks to believe that we are all vulnerable. Remember to be aware and connect with care.