Study: HK has less malware infections but more phishing sites than global average

Microsoft last week released the Microsoft Security Intelligence Report volume 14 (SIRv14), an biannual report includes data from the second half of 2012 and contains threat intelligence from over a billion computers worldwide.

According to Microsoft, the Malicious Software Removal Tool (MSRT) detected malware on 2.2 of every 1,000 computers scanned in Hong Kong in the Q4 2012, compared to the worldwide average of 6.0. The study also found 6.23 phishing sites per 1,000 hosts in Hong Kong, up from 6.01 in the third quarter of 2012, which is also higher than the worldwide average of 5.10

Concerning antivirus, the study shows 2.5 out of 10 computers on average do not use up-to-date Antivirus. Without this vital protection layer, computers are 5.5 times more likely to be infected with malware, the report shows.

"People intuitively understand the importance of locking their front door to prevent their homes from being broken into. Computer security is no different. Surfing the internet without an up-to-date Antivirus is like leaving your front door open to criminals," said Tim Rains, director, Microsoft Trustworthy Computing. With the release of this new research, Microsoft is urging people to make sure they have up-to-date Antivirus installed on their computers."

"Regardless of whether you use a free or paid for solution, the importance of Antivirus cannot be overstated," Rains added. "By taking the proper measures to protect your computer, including the most basic step of installing Antivirus, people can dramatically reduce their risk of becoming a victim."

In an interview with Asia Cloud Forum, Rains explains whether enterprises can guard themselves against these cyber threats with cloud adoption, and whether a computer can still be compromised by using public cloud services.

Asia Cloud Forum (ACF): Is cloud adoption a sure way to guard enterprises against the cyber threats described in SIRv14?

Tim Rains (TR): There are two parts of the cloud. There is the data center, and there are also clients that are being used to access the cloud. If the clients are compromised by malware identified in the SIRv14 report, the data might be [still be] safe from the data center, but now it's being accessed by clients that are compromised.

Often times I call that the forgotten part of cloud security. Because people are very focused on the data center security, but they should be equally focused on the client side [to guard against various cyber threats.]

ACF: Can my computer be still compromised by malware if I use a public cloud service hosted in a third-party facility?

TR: If you are using your laptop, for example, to access any cloud-based service, if there is malware on that system, then there are a lot of malware that you can keystroke log in, which watches as you key in. Certain malware actually does screen scripting, which enables it to see what's on your screen. These malware can also enable your microphone and your camera in order to get all sorts of information. And so, one of the key things that [cloud service] customers have to do, is to figure out which content or what data is appropriate to store on the cloud, and what they have to store locally.

By going through this data classification process, a cloud service user can understand the value of data and decide: Is it appropriate to put it in the cloud? Or do I need to store it locally in my own infrastructure? It is critical to go through such data classification process to understand what the risk is by moving data to the cloud.

ACF: What has Microsoft done to enhance the security of its cloud services?

TR: For a lot of enterprise customers that want, or are considering cloud computing, what they want to know is the cloud service that they are considering is operating in the way that is consistent with how they operate their own infrastructure.

For customers that have compliance obligations, if they don't keep those obligations then they can get shut down by the government. And so when they consider cloud computing, they face this new paradigm, where most of the security controls are out of their control. And this is obviously an uncomfortable feeling.

[As part of the Cloud Security Alliance,] what we are trying to do is to give organizations enough transparency into how we [Microsoft and other partners belonging to the Cloud Security Alliance] do security controls, and define security standards for cloud computing. In this way, we provide enough transparency to customers, so they can understand how our services are being operated.

[Enterprises are also concerned about] industry standards -- one of them being ISO27001, an industry standard for security management. What we've done at the Cloud Security Alliance, is come up with a list of controls that are based on ISO27001 -- an industry standard that a lot of customers know really well.

Then Microsoft tries to provide enough insight into how we manage those controls that they can understand how we are managing our cloud services. And that level of transparency, really helps them feel comfortable with the cloud, knowing that it is being operated responsibly, and on a standards-based way, and knowing that it is aligned with how they want their data and applications managed.