Southeast Asia's cybersecurity an emerging concern

A photo showing servers specialised in cyber security during the 10th International Cybersecurity Forum in Lille on January 23, 2018. (Philippe Huguen/AFP)

Cybercrime is on the rise throughout Southeast Asia, with the region’s rapid development in terms of digital technologies making it a prime target for cybercriminals. This risk is heightened as ASEAN member countries become more integrated via trade, capital flow and connectivity, driven by the Fourth Industrial Revolution.

Based on a report by global management consultants, AT Kearney, ASEAN countries are also being used as launchpads for cyberattacks, with Indonesia, Malaysia, and Vietnam global hotspots for the launch of malware attacks. Moreover, Singapore was the target of three major cyberattacks last year, namely the Ministry of Defence cyber breach in February, WannaCry Ransomware attacks in May, and Petya Ransomware activity in June.

The financial impact of cyberattacks is devastating. According to the Asia Pacific Risk Centre, the global cost of data breaches is projected to reach US$2.1 trillion by 2019. Such a staggering figure should be a wake-up call for governments in the region to bolster their defences in the digital realm.

From December 2015 to November 2016, Vietnam registered 1.68 million IP (Internet protocol) blocks, placing it fifth among countries worldwide from which attacks against Internet of Things (IoT) devices have originated. As a consequence of these attacks, companies in Southeast Asia could potentially lose up to US$750 billion in market capitalisation.

Source: Asia Pacific Risk Centre

A report by Gartner, pointed out that by 2020, 100 percent of large enterprises will be asked to report to their board of directors on matters relating to cybersecurity and technology risks at least annually, up from the current figure of 40 percent.

Similar to how an unsuspecting person can carry malignant cancer cells in his or her body without being aware of it, a cybercrime victim can often miss the visible symptoms of a potential cyberattack until it’s too late. With threats on the rise, the region’s cybersecurity spending is set to grow.

Last year alone, total cybersecurity expenditure in Southeast Asia was estimated at US$1.9 billion. This figure is expected to grow to US$5.45 billion by 2025. However, it is frustrating to note that the region still remains susceptible to attacks, as it is relatively underinvested in comparison to other markets around the world.

Among ASEAN nations, Singapore is ranked first in terms of cybersecurity spending at 0.22 percent of its gross domestic product (GDP) in 2017, making it the sole country in the region to allocate more than the global average of 0.13 percent of GDP. One of the reasons for this could be attributed to the fact that the country has an ageing population. As such, cybersecurity could be prioritised to protect elderly demographics in the republic, given their limited technological know-how compared to younger citizens.

Malaysia and Thailand followed Singapore in terms of cybersecurity expenditure in 2017, spending 0.08 percent and 0.05 percent of their GDPs, respectively. On the whole, ASEAN member countries spend 0.06 percent of their GDP on cybersecurity.

Source: Asia Pacific Risk Centre

Future development recommendations for ASEAN

There are a number of precautionary measures that can be applied by governments in the region to stifle the encroachment of cybercriminals into their respective digital spaces. First and foremost, training and capacity building should be implemented in ASEAN member countries, with a focus on high quality ICT (information and communication technology) infrastructure and skilled talent that can combat such intrusions.

The region would do well in emulating the Australian government’s initiatives on the matter. The Australian Signals Directorate (ASD) Information Security Hub opened its doors in 2012, with the aim of increasing engagement with schools through outreach programs such as internships and work experience schemes for tertiary students to have a better grasp of cybersecurity in digital industries.

Key research on the latest advancements in information security is also carried out at the hub. This is of course, a long-term plan in dealing with the nascent threat of cyberattacks.

In addition, a functioning cyber-secured economic zone aligned with international cybersecurity standards should be created so as to secure the supply chain from design to delivery, while at the same time ascertaining the safety of these transfers. This would safeguard trade throughout the region, as an essential step towards ensuring wider stability amid rising cybercrime intrusions.

There is still a long way to go in the regional effort to combat cybercrime. Governments must develop measures to effectively implement and enforce breach disclosure laws, while companies should renew long-entrenched approaches to security. Individuals have to play their role in ensuring that good cybersecurity habits are in place as well. These are some of the considerations that could mitigate further exposure to the growing risks posed by cybercrime worldwide.