Intensifying ASEAN’s cybersecurity efforts

People deliver a computer payload while working on a laptop on 22 January, 2019 in Lille, during the 11th International Cybersecurity Forum. (AFP Photo)

While ASEAN is increasingly coordinating its efforts to reinforce regional cybersecurity, more needs to be done to address the constantly evolving threats.

Data fraud/theft and cyberattacks were the fourth and fifth biggest threats facing the world according to the nearly 1,000 decision-makers surveyed by the World Economic Forum (WEF) in this year’s Global Risks Report, and it is clear that stakeholders in the public and private sector as well as academia and civil society should intensify efforts to contain potential fallouts.

Increasing in sophistication and volume, hackers’ attacks and their successful breaches are causing more damage than ever before. According to global IT services and solutions provider Dimension Data, 2018 represented a record year for the number of new business vulnerabilities discovered (a 12.5% upsurge from 2017) worldwide.

In an exclusive interview with The ASEAN Post, Mark Thomas, Vice-President of Cybersecurity at Dimension Data, noted that organisations in ASEAN are accelerating their security transformation by forging strategic relationships with select partners to build security roadmaps and architectures and optimising their infrastructure. Employing 28,000 people across the globe, Dimension Data has offices in six ASEAN countries and a further 41 worldwide.

“(ASEAN) governments have issued various guidelines mandating the private and public sector to upgrade their security infrastructure in order to combat the evolving threat landscape,” said Thomas.

“Mature organisations are ramping up their capabilities by investing in threat intelligence platforms as they look to collect, curate, and share threat intelligence with industry peers and information sharing bodies. For others, we’re seeing increased buy in and collaboration from clients who are looking to exchange experiences and insights via roundtables, security forums, and panel discussions,” he added.

Threats, investments

Noting that crypto jacking, web-based attacks – which have doubled year-on-year – and credential theft are among the biggest cybersecurity threats facing ASEAN, ensuring that executives understand how cybersecurity and data protection can deliver – or, if ignored, potentially erode – tangible business value is just as important for Thomas.

Much like their global and Asia Pacific counterparts, boardrooms in ASEAN are now increasingly prioritising cybersecurity and are more aware of the threat landscape, compliance, risks and technology innovations.  This in turn helps them to identify their focus areas, priorities and investment decisions.

However, ASEAN is still not spending enough on cybersecurity

Source: A.T. Kearney

Latest data shows that ASEAN member states only spent an estimated US$1.9 billion in 2017 — or a measly 0.06 percent of the region’s gross domestic product (GDP) — on cybersecurity. 

Thomas pointed out that to ensure a sustained commitment to cybersecurity and to effectively address the investment gap, ASEAN countries need to spend between 0.35 and 0.61 percent of their GDP — or US$171 billion collectively — on cybersecurity in the period spanning 2017 to 2025 – a small price to pay considering what is at stake.

Data breaches, regional cooperation

Data breaches could cost the region between US$180 billion to US$365 billion in the period from 2017 to 2025 after extrapolating data from the Ponemon Institute’s 2017 Cost of Data Breach Study – a study commissioned by IBM. However, this estimated cost does not apply to catastrophic or mega data breaches because there is limited research or data available about their impact.

There have been several notable data breaches in ASEAN of late.

In mid-March, Japan's Toyota Motor Corporation revealed a data breach had been detected on servers at its subsidiaries in Thailand and Vietnam – before news broke days later that the personal information of 3.1 million clients in Japan was exposed after another attack.

In January, Philippine pawnshop and money remittance company, Cebuana Lhuillier admitted an email server used for marketing purposes was breached – compromising the data of about 900,000 clients. In the same month, Singapore reported its second health data breach in six months after its worst-ever data breach last July exposed the data of 1.5 million patients – including that of Prime Minister Lee Hsien Loong.

Perhaps recognizant of these reports, delegates at the 34th ASEAN Summit in Bangkok in June agreed to work together more effectively to enhance regional cybersecurity cooperation. They also agreed to build an open, secure, stable, accessible and resilient cyberspace – which will support the digital economy of the ASEAN region.

Current ASEAN chair, Thailand actively cooperates with other ASEAN member states and the international community in cybersecurity efforts – including knowledge sharing events which bridge the partnership between public and private sectors, especially crucial since the general public may not have access to such information.

Promoting efforts to work together to address the continuously evolving cybersecurity challenges in the region was the main focus of the ASEAN-EU Statement on Cybersecurity Cooperation which was released on the side-lines of the ASEAN Foreign Ministers' Meeting in Bangkok yesterday.

Ultimately, increased cooperation will make ASEAN more resilient and vigilant when it comes to addressing growing cybersecurity threats.

Related articles:

Strengthening ASEAN’s cybersecurity

Singapore data breach could affect banks

ASEAN’s data governance challenge