Microsoft’s commitment to support governments, businesses and users against cybercrime

The study reflects that while governments across Asia-Pacific are strategically looking at adopting IT solutions to streamline and enhance the efficiency of their work, management of data and delivery of public services, a networked environment is being actively targeted by cyber threats affecting safety & security of government data, national security, critical infrastructure, and international diplomacy.

In Asia, it is estimated that there are over five million IP addresses connected to millions of infected devices observed in the region, including India and China. And among the top 25 infected countries globally, eight of them are from Asia. The Asian countries in the list are India, China, Indonesia, Thailand, Vietnam, the Philippines, Malaysia and Sri Lanka.

These are just two of the latest findings shared by the team at Microsoft’s Digital Crimes Unit (DCU). In fact, according to the latest third-party studies and statistics, Asia Pacific is currently the most actively targeted region for cybercrime attacks. It therefore comes as no surprise that 79 per cent of CIOs in Asia are concerned about security, privacy, transparency and compliance of cloud-related solutions in a recent survey by Microsoft.

A white paper published by the National University of Singapore and market research firm International Data Corporation estimates that consumers in Asia Pacific would spend about $10.8 billion (more than 40 per cent of world total) in identification, repair and recovering data, and dealing with identity theft from malware on pirated software in 2014.

The same study also projected that infected pirated software and lost data would cost enterprises in the region around $229 billion (more than 45 per cent of world total) for the same year.

Looking at the economic impact on both consumers and businesses, consider that the 2013 GDP for Cambodia is $14.04 billion while Vietnam’s GDP for the same year is $171.22 billion. These alarming numbers have prompted Microsoft to take a more proactive stance in Asia, as part of its global fight against cybercrime.

Particularly, Microsoft stepped up its efforts to fight malware, reduce digital risks and protect vulnerable populations, to create a safe digital world for consumers, governments and businesses in this region with the new opening of the Cybercrime Satellite Centre in Singapore in the early of 2015.

“Microsoft is committed to expand its cybercrime fighting work across the globe to protect computer users, customers, and governments through threat intelligence sharing partnerships and public-private collaboration. Our Singapore, Tokyo & Beijing satellite centres are examples of that expanded commitment to bring more awareness and capability around cybercrime and help reduce malware threats and digital risks in Asia,” said Keshav Dhakad, regional director of Intellectual Property & Digital Crimes Unit, Asia, Legal & Corporate Affairs, Microsoft.

The Cybercrime Satellite Centre in Singapore will serve as the Asia Pacific hub for Microsoft to drive customer, industry and law enforcement engagement on cybercrime threats in the region. At the same time, it will be used to leverage cyber threat intelligence and use big data cyber forensics analytics to help Microsoft’s customers and partners make informed decisions on cybersecurity vulnerabilities and its link with unsecure IT supply chain.

Last but not least, it will act as a nodal point to drive strategic threat-intelligence sharing partnerships and collaboration with key stakeholders such as National Computer Emergency Response Teams (CERTs) & Internet Service Providers (ISPs) to foster a more secure and safer Internet ecosystem in Asia Pacific.

At the forefront of this battle is the state-of-the-art Cybercrime Centre in Microsoft’s Global HQ at Redmond, US, a tangible example of Microsoft’s commitment to protect its customers from cybercrime.

Dhakad said proudly, “At the Centre, our customers, partners and vendors can witness live global cyber threat intelligence, and learn a huge deal about malware and their threats as we research them. It’s a unique factor for us to stay ahead of the curve on cybersecurity, understand new threats, and build trusted applications, cloud services and products”.

The Singapore Cybercrime Satellite Centre is one of five such Microsoft facilities in the world, with the others located in Washington (US), Beijing (China), Berlin (Germany) and Tokyo (Japan), and these numbers will only grow with time. The Centre will support all major Southeast Asian countries, Korea, Australia, New Zealand and India.

Dhakad pointed out, “As a productivity and platform company in a mobile-first, cloud-first world, we strongly believe in trusted applications, devices and Cloud services. We want to deliver the best experience to our customers and partners, but with a deep commitment to cybersecurity, privacy, compliance and transparency, ensuring that users of our technology and Cloud services have a clear sense of ‘trust’.”

Fighting cybercrime pro-actively is one such way Microsoft demonstrates ‘trust’. Out of 15 global botnet takedowns in the last six years, 12 actions were led by Microsoft.

“Any device that runs Windows 10, Windows 8 or 8.1 is protected by the most advanced and breakthrough cybersecurity features, including ground breaking malware resistance and authentication features. This new Operating System will move away from the use of single-factor authentication options like passwords, and deliver options to help enterprises protect against common causes of malware on PCs,” Dhakad said.

He concludes, “With fighting malware and cybercrime, we also want cybercriminals to know that Microsoft platforms will always remain hostile to their nefarious activities, and we will continue to invest in innovative technology and tools that help us fight new threats to protect our customers. That’s where we’ve been successful in creating a secure, trusted and reliable environment-be it on-premise or on the Cloud.”

With economic losses as a result of malware and pirated software expected to hit the Asia Pacific region hardest, the global efforts to fight cybercrime to create a safer world are more relevant than ever before! Many security loopholes can be addressed by ensuring that best practices guidelines are enforced for the purchase, maintenance, and upgrading of IT infrastructure, software and services, according to the white paper.

This includes following a cybersecurity roadmap to identify which risk areas require attention and more resources.

Roadmap to constructing a resilient cyber-security strategy for governments: A resilient cyber-security strategy must be holistic and address different stages of an attack, including prevention, response and mitigation. An effective roadmap towards constructing a resilient strategy should include steps taken to:

• Raise awareness through regular training on cyber-hygiene to government officers and staff and mandate usage of genuine & current software products, safer internet practices, and added malware protection through anti-virus solutions. On the other hand, government IT procurement officers, government contractors and agencies should be strictly regulated, audited and sensitized towards the standards of security and safety of public data as well as national security;

• Ensure Readiness by having a central agency responsible for coordinating cybersecurity preparedness and prevention protocols and for coordinating cyber-security responses in the event of a state-targeted attack. Establish a strong and empowered Computer Emergency Response Team (CERT) and create or join a network of trusted CERT partners to share information and cyber-threat intelligence and mock attack exercises;

• Prevention of attacks through building and maintaining a safe and secure network infrastructure, good Operation System and clean and genuine IT supply chain through strong IT maintenance and procurement practices. Develop, implement and enforce cybersecurity standards for IT vendors and suppliers for all public sector, particularly for critical infrastructure and sensitive national projects;

• Responding effectively by establishing domestic, regional and international legal avenues for pursuing redress following a cyber-attack. Develop best practices for recommended timeframes and standards for constant upgrading and updating software used in the public sector;

• Mitigate damage by establishing a cyberforensics team in place which can work alongside the CERT, private industry and police to investigate security breaches and prevent further losses. Develop or join a cyber-security network of other government or international organisations for information, intelligence and alliance-building purposes.