RSA Conference Asia Pacific Japan 2015, Thursday Recap

Posted on by Fahmida Y. Rashid

Day Two of RSA Conference Asia Pacific & Japan was jam-packed. With 33 sessions, three keynotes, and a busy Expo floor, there were plenty of opportunities to learn, meet with vendors and clients, and network with like-minded peers from around the region. RSAC APJ

Several morning sessions focused on the Asia-Pacific region’s threat landscape. IBM Security’s George Tubin described how the Dyre malware family combined phishing and malware to steal login credentials for online banking systems and then initiated wire transfers for large amounts of money. IBM Security’s Tal Darsan followed suit with details about Tsukuba, a banking Trojan which specifically targeted Japanese Facebook users and customers of 20 Japanese financial institutions. Web-based fraud is a growing problem in Asia-Pacific. Organizations should quantify and prioritize risks associated with customer Web sessions and transactions, the speakers said.

Smart Cities, Security Concerns
The idea of Smart Cities is gaining a lot of traction in Asia-Pacific, with the Digital India campaign and Singapore’s Smart Nation initiative as notable examples. Governments are building out information technology and communications infrastructure to effectively and efficiently deliver services such as governance, education, healthcare, housing, and mobility to the populations. Smart cities represent the risks posed by the Internet of Things on a large scale: the attack surface is huge and complex. Ken Allan, cybersecurity leader at Ernst and Young who presented a keynote speech on Wednesday, told Channel News Asia that smart cities were a good idea but opens up yet another area for cybercriminals to target.

The dangers have been discussed before. Cesar Cerrudo, CTO of IOActive described how traffic control sensors are vulnerable to attack at RSA Conference 2015 in San Francisco.

At RSAC APJ, MITRE’s Irving Lachow and former principal adviser to the U.S. Secretary of Defense Robert Butler described elements needed to build digitally secure and safe cities: developing a comprehensive privacy policy, increasing the average citizen’s awareness of digital threats, deploying security technologies, creating dedicated cybersecurity teams, and establishing public-private partnerships.Lachow and Butler encouraged cities to incorporate privacy and security policies and principles in all smart city projects. Extend existing partnerships, such as improving computer incident response readiness by collaborating with the capital city on smart city projects, or work with Interpol to counter cybercrime on the municipal level. An information sharing organization, such as the model established by the FS_ISAC can make it easier for financial and telecommunications organizations and state/city governments to share intelligence.

Despite the high levels of interest, smart nations and smart cities are still in early stages. Yu Chien Siang, a computer security consultant to Singapore’s Ministry of Home Affairs, said they were “still nascent” during a fireside chat on Tuesday.

Understanding Cyber-Maturity
Dr. Tobias Feakin explored the concept of cyber-maturity, noting that countries in the Asia-Pacific region had different levels of security understanding and readiness. The Asia-Pacific region is home to some of the “least networked” countries as well as the “most networked” countries. Australia has a more mature conversation around national security threats, for example.

Feakin discussed how organizations can apply cyber-maturity concepts, such as looking at how growth in the digital economy in the Asia-Pacific impact potential growth, and identifying risks. “When making policy decisions look beyond your usual horizons and try and assess how they will be impacted upon by political trends, legislation, and societal considerations,” Feakin recommended.

Friday marks the last day of RSA Conference Asia Pacific & Japan 2015, and there are more sessions ahead presenting region-specific insights. 

Fahmida Y. Rashid

Information Security Journalist, Editor-in-Chief, RSA Conference

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community