• 
• 

Published on September 16, 2007

Lim Kok Keng, the managing director of Singapore-based e-Cop, has just set up a branch here to tap the rapidly growing market for information-security services in Thailand. The country's recently enacted computer-crime law has created a demand for such services. First, there's the requirement for all enterprises to keep logs for up to a year. That's a huge amount of work that has to be managed professionally.

Second, the so-called information-security management system that is part of e-Cop's service package allows clients to collect evidence to support any legal actions that may arise in the wake of cyber-attacks against their computer networks and other critical assets.

"A simple analogy is that in the physical world we may use gates and padlocks, CCTV and an around-the-clock surveillance system, [which includes guards and control centres for large buildings], whereas in the cyber-world we use firewalls and intrusion-detection systems as well as an around-the-clock surveillance centre for info-security.

"We've just opened such a facility, called the security operation centre, here specifically to serve clients in Thailand, such as those in banking, financial services, the telecom industry, government, logistics and the automotive sector.

"Online stock trading or online publishing systems or databases of commercial banks or the central bank are among the critical assets that need protection", says Lim, who has a degree in business administration from the National University of Singapore.

According to Lim, the global trend of hackers has shifted from mischievous kids or students who just want to make a name for themselves towards those linked with or members of organised international criminal rackets.

Most of these criminals aim at hacking into enterprise systems to steal banking, credit-card and personal data or other high-value assets to sell to others.

"For example, they may try to take a copy of your personal financial or credit-card data out of the banks' databases and other databases while you use the card at e-Bay or other e-commerce websites. "Or there could be espionage from cross-border competitors as happened three-to-four years ago when Chinese-US relations were at a low ebb following the spy-plane scandal.

"Or cyber-attacks like those we earlier found coming from Germany against the systems of banks and insurance firms in Singapore and Brunei.

"As the cyber-cop, our strategic objective is to protect these critical assets by helping clients to withstand and survive today's cyber threats.

"Hence, we need to have early detection and awareness of those potential threats as well as countermeasures.

"For example, if we found from our 24/7 [24 hours a day, seven days a week] monitoring system that a client's network in Thailand was under threat, with multiple break-in attempts by an IP address, say in Germany, we would then issue a warning and counter by using the router disrupter to block its access into the client's network.

"At this stage, blocking is the most effective method. Usually, hackers prefer to go elsewhere if they find a particular target network is being monitored," he says.

In fact, an effective information-security endeavour is not quite humanly possible due to the huge number of incidents that need to be taken into account, even though many of these could be false alarms.

For instance, e-Cop handled as many as 1 billion incidents on behalf of its 100-plus clients in eight markets - Singapore, Malaysia, Indonesia, Vietnam, China, Hong Kong, Taiwan and Japan, in 2006.

From a monitoring point of view, many false alarms need to be filtered out from the entire collection of a client's logs.

Security incidents are then aggregated and correlated in the process of risk management in order to secure a client's network.

According to Lim, most attacks in the Asia-Pacific region, aggregated for the past 12 months, originated in Asean countries and North America, with Asean accounting for 46.2 per cent of the total and North America 21.7 per cent.

"We found that the number of cyber-attacks had been increasing by about 4 per cent monthly, or 56 per cent yearly compounded, in the Asia-Pacific region. It usually peaks at the end of the year.

"Currently, the record is around 3,400 attacks, registered in January this year. We also found that weaknesses in software are the major problem leading to attacks.

"After all, being a cyber-cop could be like being a cat trying to catch the mice, but we always aim to be one step ahead of the threats," says Lim.

Nophakhun Limsamarnphun

nop1122@yahoo.com