Africa
“Over the last seven to eight years, Africa has become highly connected”, Contos began. “Many of the operating systems in use, however, are pirated, meaning they’re not receiving patches or updates”. As a result of this, Africa is a huge target for hackers to leverage, he explained. “It is being used as a hub to target other countries – using command and control attacks, denial of service, phishing and spam.” His concerns for the future are of a botnet cyber army of over a million. “At the moment, Africa isn’t attacking – they’re being attacked and used”. While businesses in Africa “get security”, Contos does not believe the same can be said of the government and end users. “They aren’t as aware, they’re less secure and they don’t have the money to invest.”
South East Asia
“They know that they can’t win physical wars, so they’re putting muscle behind information warfare”, Contos said of South East Asia. In the small South East Asia countries, there are many university technology graduates, thus a mass of people with the skill-sets required for successful information warfare. “South East Asia is using espionage to improve its level and status in the world. Vietnam could take the UK and US on in a cyberwar”, he insisted. “We know that information warfare is real. What happened in Israel and Syria in 2007 is proof of that.” Contos declared only minimum awareness in governments, claiming “People need more concrete things to happen in order to take it seriously.”
Latin America
While Contos has not seen any cyber terrorist activity in Latin America, he is confident it houses many minor actors and hacktivists. Peru, he advised, is increasing its focus and investment in technology. “It’s becoming a mini Silicon Valley”, he said. “Brazil may have been the first to get online banking, but it was also the first to have it hacked”, Contos remembered. Interestingly, Mexico has evolved from having the “most corrupt online banking system” to the most “heavily regulated in the world”. So regulated and secure, in fact, that people not living in Mexico are moving their money into Mexican banks, Contos announced.
Transcending Geography
Some information security trends transcend geographical borders though, and one of those, Contos advised, is that “we need a carrot.” The information security industry has lots of sticks, he said, referring to financial penalties and bad press. “What we now need is a carrot.”
It is general consensus that the next major war or global conflict will be “owned by the cyber guys”. One of the many reasons for this is that attribution and accountability is very difficult in the cyber space.
The consequence and collateral damage from a cyber war should not be under-estimated, insisted Contos. “If hackers take out the grid – which is vulnerable - there will be a dramatic impact on everything. We are so infrastructure dependent that if water or electricity was cut off, people would start trying to kill each other within two or three days.”
While Contos acknowledges that the information security industry has made great strides in the last five years, so have the cyber criminals. “We’ve had so many new attack vectors and threats thrust upon us”, he said. “Yes, it is possible for defense to get ahead of offense, but to achieve this [the industry] needs to talk to each other”. This is the principle behind the Security Connected initiative at McAfee.
“We need to make security usable. We’ve complicated the hell out of this business”, Contos concluded.