Strengthening ASEAN’s cybersecurity

An IT researcher shows on a giant screen a computer infected by a ransomware at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation) in Rennes. (Damien Meyer / AFP Photo)

Terrorism in Southeast Asia has long been a threat. Previously, the spectre of terrorism haunted the region via threats of physical violence, from bombings to kidnappings. However, in the current internet age, terrorism has found new methods to attack its targets. Cyberterrorism in the region has been a growing concern and experts have called out the region’s slow response to it.

At the moment, Southeast Asian countries are lagging behind when it comes to cybersecurity. Based on a report by global management consultants, AT Kearney, ASEAN countries are also being used for cyberattacks, with Indonesia, Malaysia, and Vietnam serving as global launchpads for malware attacks.

In October last year, the personal information of around 46 million mobile subscribers in Malaysia was compromised. The personal details leaked included home addresses, national identification card numbers, and SIM card information. It was reported that the data breach had actually occurred in 2014 but was only found out last year. This is due to the lack of data breach notification laws in the country which would require a company that has had its data breached to notify its consumers.

Singapore has also been the victim of cyberattacks. Last year, the country was the target of three major cyberattacks, namely the Ministry of Defence cyber breach in February, WannaCry Ransomware attacks in May, and Petya Ransomware activity in June.

These incidents exemplify how far behind the region is in terms of cybersecurity. Cybersecurity at this juncture of time is particularly necessary as internet penetration in the region is at its highest and will continue to grow. Hootsuite’s report on Southeast Asia’s digital usage indicates that the region has an internet penetration rate of 58 percent which means there are more than 370 million internet users currently.

According to data from AT Kearney, Southeast Asia is not spending enough to protect its citizens from cybersecurity attacks. Despite high levels of growth, data shows that ASEAN member states spent an estimated US$1.9 billion in 2017 or a measly 0.06 percent of the region’s gross domestic product (GDP) on cybersecurity. Meanwhile, the financial impact of such attacks can be crippling and devastating. According to the Asia Pacific Risk Centre, the global cost of data breaches is projected to reach US$2.1 trillion by 2019.

With technology advancing faster than ever and embedding itself deeper into our lives, ASEAN countries need to realise the importance of cybersecurity. As technology gets more pervasive, the more vulnerable we are to exploitation by cyber criminals, unless there is proper protection in place.

One of the biggest threats in cyberspace last year was the emergence of ransomware. Ransomware is a form of digital extortion where attackers use a trojan to gain access to a user’s computer and threatens to publish the victim’s data or perpetually block access to the victim’s computer unless a ransom is paid.

Source: Asia Pacific Risk Centre

Financial threat

People’s finances could be at risk with internet banking, e-wallets and even cryptocurrency. Without proper security measures in place, people could lose their livelihoods in the event of a cyberattack. Earlier this year, hackers managed to get away with US$440 million in cryptocurrency after hacking a Japanese cryptocurrency exchange.

The overall financial impact of cyberattacks can be devastating to an economy. According to the Asia Pacific Risk Centre, the global cost of data breaches is projected to reach US$2.1 trillion by 2019.

One of the steps ASEAN can take moving forward is to introduce a digital strategy to combat cyberattacks and data breaches. However, a deeper understanding of the tech sector and the workings of the internet is required. Aside from that, the initiative needs to transcend borders, as information and data moves freely without borders on the internet.

ASEAN has also taken steps to cooperate with other countries to tighten cybersecurity. During the recent ASEAN Summit, ASEAN and the United States (US) released a joint statement reaffirming their commitment to strengthening cybersecurity. Russia has also made similar pledges in developing cybersecurity cooperation with ASEAN.

In combating cybersecurity, a common misnomer is that most attacks are carried out by cyber criminals. However, governments need to realise that corporations are just as capable of carrying out questionable actions when it comes to personal data, as seen in Facebook’s multiple scandals this year. Governments also need to figure out how to have an overarching strategy that can keep multi-national corporations in check as well as ensuring that the right infrastructure is in place to prevent attacks from cyberterrorists.

Related articles:

Philippines feels the heat from hackers

Vietnam's new cybersecurity laws a threat to freedom