Live streaming, edge computing, social distancing… and cyber-threats. Welcome to the new reality!

Live streaming events increased by 300% between March to August 2020, according to Uscreen.

With the need to reduce – or even eliminate – live audiences to ensure social distancing amid a pandemic, whether it was the 46^th US president being sworn in in January this year or watching your favorite sports team or music band performing live, streaming platforms have raced behind the scenes to deliver a fast and seamless digital experience for audiences everywhere.

At the same time, they had to work hard to protect audiences from online threats.  

To improve the quality of live streaming and operational efficiencies while managing multiple live streams, leveraging the Edge has become a key strategy.

As Asia Pacific continues on an accelerated digital transformation journey, the concept of the Edge will take on much more significance as traffic demand from online audiences continue to grow. Yet, as more organizations move towards multiple Edge environments, cybercriminals will evolve their attacks by targeting vulnerabilities in these places.

For insights into the digital transformation that’s taking place – and the inevitable cyber-threats that come with it – CybersecAsia interviewed Parimal Pandya, Managing Director, Asia Pacific & Japan, Akamai:

Victor Ng (VN): The recent US Presidential Inauguration was one example of a high-profile event that has shifted online and was viewed by many, including people in Asia Pacific. Going forward, what are some other changes in online habits that you expect to see across this region? 

Parimal Pandya (PP): The US presidential inauguration live news streaming traffic during the ceremony peaked at 12 Tbps on the Akamai Intelligent Edge Platform. The peak, which occurred as President Biden was taking the oath of office, was roughly eight times higher than what we typically see.

This was one example of a major global event being watched intently online by millions. In Asia, we have seen great interest for major events such as the Melbourne Cup in Australia and the Indian Premier League (IPL) – We can expect to see this trend of more live streaming of events as people adjust to continued physical distancing.

Asia Pacific is currently home to half of the world’s mobile phone subscribers and the largest number of wireless Internet connections. The region is leading the charge for a mobile-first economy. Media consumers here are already accessing content and taking in these digital experiences from anywhere at any time – at home, at a cafe, or on a train.

In our increasingly connected world, consumers are expecting quality digital experiences, and businesses have to continue to find ways to deliver these in a fast, secure and smart manner.

Businesses will shift their focus to the edge of the Internet. This is where billions of users, tens of billions of devices and vast available bandwidth congregates. This is where businesses engage with the customers, protect their data, drive revenue and maintain their digital trust.

VN: What digital innovations and trends is Akamai seeing coming out of Asia in 2021, and what are some of the cybersecurity issues that may arise from them? 

PP: Asia is leading the growth for many economic, technological and developmental indicators, but nowhere is that more apparent than in the growth of user-generated content (UGC) and its accompanying revolution in short-form video, driven in large part by the proliferation of UGC platforms and video-sharing apps across the region.

Gaming is another area in which Asia leads. Some of the biggest mobile gaming markets can be found in China, Japan and South Korea. This is driven in large part to the increasing adoption of 5G, which is resulting in greater adoption of mobile gaming titles.

Asia’s financial industry is also leading the way in leveraging blockchain and artificial intelligence to not only strengthen their digital transformation efforts to also enable friction-free experiences that users have come to expect. Use of APIs have grown multifold, more so as the need to enable new business models, partnerships and modern application architectures has grown.

In light of these trends, any sector that is seeing unprecedented growth in users will inevitably be a rising target for attacks, and this is consistent with our own observations.

In fact, between July 2018 and June 2020, Akamai observed more than 10 billion web application attacks across all customers, with the gaming industry alone accounting for 152 million attacks. Our data suggests that credential stuffing attacks against login APIs reach higher concentrations in the financial services industry.

This seems straightforward due to the financial motivation behind such attacks. It goes without saying that financial services are among the most attractive targets for cyber-attackers, with criminals turning to automation tools to help them scale up their operations.

VN: In 2021 and beyond, the only certainty seems to be uncertainty! Going forward, how can organizations adopt a more adaptive, dynamic and intelligent approach to cybersecurity while balancing agility and still be cost-efficient?  

PP: The global threat landscape is constantly adapting, evolving and growing. Combine this with the increasing complexities of business IT environments, and it’s easy to lose sight of what’s important. A good starting point is to consolidate security controls with a secure access service edge, or SASE.

SASE converges the functions of network and security point solutions into a unified cloud service. With a cloud-based infrastructure, businesses have the flexibility to implement many different security services under a single platform, and instead of buying and managing multiple point products, they will be able to reduce costs by reducing the need for additional IT resources.

Another way to balance agility and cost efficiency is for businesses to consider managed services alongside their purchasing decisions for cybersecurity products. Given the increasing complexities of attack vectors, it will become harder to find skilled cybersecurity professionals with experience broad enough to address all manner of complexity in a given situation.

Managed services make it possible to leverage outside expertise that often brings with them best practices to ensure current processes align with industry changes.

Furthermore, many of our customers tap on the Akamai platform to gain an edge on their cybersecurity strategy. Akamai’s platform offers an unmatched scale of coverage, embedded in thousands of networks and carriers around the world at the very edge of the Internet. This allows us to gain visibility into the real-time state of the Internet that no other security provider can match to see emerging threats in real time.

We interact with 130 terabytes of data, billions of devices, and trillions of DNS transactions every day, giving us great visibility and intelligence to protect your business 24/7/365. And because we surround all your architectures from the edge. This way, we offer our customers consistent security no matter where your apps live. Whatever cloud provider they may be using, no matter where their data center may be located, they can establish and maintain a consistent security posture working with us.

VN: Is the increase in digital consumption in recent months the main reason for the increase in cyber-attacks? Which industry sectors do you think are particularly vulnerable?

PP: Cyber-threat actors take advantage of vulnerabilities, whether it’s weaknesses in software, computing devices, networks or the human administrators themselves. As most of us for the first time in the history are working from our homes, away from secure office environment, attackers have realized this shift, and are quick to adapt and take advantage of the situation to exploit businesses and their consumers.

For instance, in the pandemic we have seen more people use their corporate-issued devices for personal uses. There was about a 134% increase in the used of work devices for streaming and about 67% and 37% increase for gaming and social uses respectively. We also saw an increase in Malware activity by more than 400% during the same period, showing that attackers are taking advantage of the fact that employees are using their corporate devices for personal use as lines are blurred on the use of corporate-issued devices for private or work-related matters.

What this means is organizations are unquestionably more at risk with people working from home and it is even more critical that organizations have a robust security posture to account for a workforce that is mobile. The concept of Zero Trust – where only authenticated and authorized users and devices can access applications and data – can help enterprises enhance their security posture regardless of the working arrangements for employees.

We have also seen significant uptick in phishing, credential stuffing and web skimming attacks. Large-scale DDoS attack that Akamai recorded in 2020 only added more stress to an already stressed core infrastructure of the Internet.

High-tech, finance, retail and media have all seen significant rise in Phishing attacks. Account takeover threats are highly targeted towards online video, gaming, retail, hospitality and financial services. Stolen media login accounts are being sold for under $5 per account. DDoS targets both gaming and financial services the most. In the current environment of increased digital presence, pretty much all businesses could be potential targets.