Mike Sentonas of CrowdStrike wonders just how prepared the APAC banking sector is for the next trend of cyber-attacks.

Mike Sentonas, is it possible major financial institutions in Asia could have been breached without their knowledge?

Absolutely!  Stealing business information and intellectual property is an important motivator for malicious activity and the fact remains that it still can take years for the victim organizations to discover they had been breached. 

A major challenge today is most organisations focus on protecting their networks against malware, exploits, malicious websites, and unpatched vulnerabilities, that works when an attacker uses one of those tools to carry out an attack.

Today, the use of malware for breaches continues to decline, external attackers are increasingly leveraging malware-free intrusion approaches in order to blend in and fly under the radar with the goal to be persistent and to gain long-term access to the enterprise.

«Fintech organisations hold sensitive data»

Fintech is growing exponentially across Asia does this growth also mean more exposure to potential data breaches?

Fintech is an attractive target for attackers, Fintech organisations hold sensitive data, they may not have the same budget as say the large banks and they are using more and more new technologies potentially without the necessary security, all resulting in a higher risk profile.

Biometric access to accounts is also rapidly increasing including voice biometrics – are these new entry points totally secure?

Banks are moving quickly to implement voice biometric access as convenient, yet secure way to access bank information.

Voice biometrics are however definitely not unbreakable, there have been many examples of voice impersonation attacks, where there is unauthorized access or activation of a device as a result of bypassing security mechanisms with recorded or synthesized speech commands.

«Voice biometrics are definitely not unbreakable»

There was an example of a BBC reporter earlier this year demonstrating a successful bypass of a banking voice recognition system with his non-identical twin brother mimicking his voice.

Across Asia we are seeing the rise of Independent Asset Managers (IAM’s) they are typically small organizations how do they protect their clients’ information to an institutional level?

The 2017 Verizon Data Breach Investigations Report (DBIR) found that 61 percent of breach victims are small businesses with under 1,000 employees.

There can be a perception that as a small business you’re less likely to be targeted than a larger, higher-profile organization, but ineffective or limited security coverage can leave small businesses open to attack.

SMBs need to recognize their potential vulnerability and focus on implementing next-generation technology and solid security policies. Look for next-gen endpoint protection delivered via cloud native architecture. It can be deployed within minutes, giving you comprehensive protection without burdening your IT staff.

«Future data leaks will be inevitable»

After the Panama Papers data leak could you envisage a similar scenario in an Asian financial hub?

Data breaches happen every day around the world for a variety of reasons. Future data leaks will be inevitable, it is important that all organisations take necessary steps to prevent against this happening and limit the exposure.

What do law firms, accountants and trust companies need to do to protect their data?

In many ways, I tend to call it doing the basics. It’s being aware of what your important assets are, understanding where they are, who has access and how they are secured to determine the best security architecture for your organisation. 

It is very hard to secure your organisation and your data if you do not have any visibility or an understanding of what makes your company valuable and who has access to it. From here you need to consider education, prevention and detection technologies, strong encryption and data recovery abilities.

Mike Sentonas is Vice President, Technology Strategy at CrowdStrike. His focus is on driving CrowdStrike’s APAC go-to-market efforts and overseeing the company’s customer and partner network. Prior to his current role he was Chief Technology and Strategy Officer, Asia Pacific at Intel Security and Vice President and World Wide Chief Technology Officer of Security Connected at Intel Security.