This week’s blog comes to us from our very own Nick Itta, VP Sales APAC.
With 2018 coming to a close, I’ve engaged with companies and organizations across Asia Pacific, discussing their plans of attack for strengthening cyber security. During these conversations, several recurring themes have emerged, providing some insight into what we can expect in the year ahead. Here are my five predictions for the state of Asia Pacific’s DNS security in 2019:
1. Learning from 2018’s Lessons on Personal Data Protection
In 2018, multinational companies in the region, like Cathay Pacific, and throughout the world were subjected to large scale cyber-attacks that compromised their customers’ personal data. Research from EfficientIP’s Global DNS Threat Report 2018 found that nearly one-third of businesses in Asia Pacific were subject to data theft via DNS, significantly increasing by more than 7% from 2017.
Consequently, organizations are beginning to understand that ceasing and desisting the attack is only half the battle. Once personal data has been stolen, organizations suffer from brand damage that’s hard to immediately repair and loss of customer trust that’s difficult to regain. It is widely recognized that using DNS is one of the most popular methods for exfiltrating data. So, in the coming year, we can expect businesses to become more vocal about how they’re protecting their customers’ personal data and look to using context-aware analysis of DNS security as a foundational step for protecting it.
2. Going Beyond GDPR: Regulatory Shifts for Greater Data Protection Across Asia
Since May 2018, businesses around the world have been grappling with GDPR compliance. Many businesses here in Asia Pacific have yet to implement GDPR-compliant infrastructures at the DNS level. Accordingly, Gartner believes that more than $1 billion euros in sanctions will be issued for GDPR compliance by 2022.
As companies reconcile with these changes, we’re also seeing a wave of regulatory transformation here within Asia Pacific. Vietnam’s new cybersecurity law, which will come into effect on 1 January 2019, is a prime example of how governments in the region are defining their own terms for data compliance. Thailand is also in the midst of amending their cybersecurity bill, detailing the responsibility of Critical Information Infrastructure (CII) providers to prepare, protect and ensure the infrastructure is safe from cyberattacks. Indonesia’s Communication and Information Ministry is also expected to pass a law on data protection that would impose penalties for personal data breaches.
With this, organizations will now have to ensure that they’re meeting manifold levels of global and local requirements for cyber and DNS protection. Concurrently, Asia Pacific companies can no longer look at becoming GDPR-compliant as a short-term project – but rather a component amongst a larger ecosystem of measures and requirements to ensure that cybersecurity solutions are sustainable, satisfactory, and effective.
3. Dependency of Cloud on DNS
Cloud services are transforming enterprises across Asia Pacific, tremendously improving operational efficiency and productivity. DNS services play a critical role in enabling access to cloud services and routing traffic to internal and external applications. Despite this inherent relationship, organizations with cloud services often fail to adequately protect their DNS.
In Asia Pacific alone, EfficientIP found nearly half of organizations experienced cloud service downtime due to DNS attacks in our 2018 report. Without adequate DNS security, the benefits of using cloud services become futile. As cloud services expand in 2019, we can anticipate companies will assess and recognize that that progressive approaches to business operations require far more than conventional security solutions.
4. More User Devices, More IP Addresses, More Risk of a DNS Attack
The more user devices connected to an organization’s network, the more traffic it is required to process, making it more difficult to analyze and more vulnerable to a DNS attack. In recent years, we’ve seen an upward trend in employees’ preferences to work both from user devices, such as mobile phones, as well as remotely. In fact, a study conducted by Internet Society found that 90% of respondents in Asia Pacific use their mobile devices to send and receive e-mails.
Concurrently, organizations are also increasingly using IP addresses through applications, databases and microservices – all carrying sensitive data. The bigger problem at hand, however, is that organizations are not adequately equipped to handle processing increasingly larger volumes of traffic and maintain visibility over IP resources.
Accordingly, companies must understand the importance of buttressing their network with a holistic approach to DNS security, like 360° DNS Security, protecting them from the outside-in and inside-out. As employees demand greater flexibility with regard to how and where they work, organizations’ DNS security will need to become ever-more agile and comprehensive with their approach to security.
5. A Shift from Reactive to Proactive DNS Security
With the breadth and depth of DNS attacks’ impact increasing through Asia Pacific, organizations are truly beginning to understand the importance of DNS security. Aside from the fiscal costs – which are higher in several countries within region than the global average – business continuity and reputation are challenged.
To this effect, companies and institutions across all sectors in the region are assessing the shortcomings in their approach to cyber security. More often than not, the first line of security – DNS – is left exposed. In 2019, it is both our prediction and intention to ensure that organizations in Asia Pacific are taking proactive steps to protect their DNS from attacks, and to offer adaptive countermeasures, keeping business services up and running and customers’ data secure.
Stay up to date by downloading our 2021 DNS Threat Report.