Terrorism in Southeast Asia has long been a threat. Previously, the spectre of terrorism haunted the region via threats of physical violence, from bombings to kidnappings. However, in the current internet age, terrorism has found new ways to attack its targets. Cyberterrorism in the region has been a growing concern and experts have called out ASEAN’s slow response to it.
At the moment, Southeast Asian countries are lagging behind when it comes to cybersecurity. Based on a report by global management consultants, AT Kearney, ASEAN countries are also being used for cyberattacks; with Indonesia, Malaysia, and Vietnam serving as global launchpads for malware attacks.
In October 2017, the personal information of around 46 million mobile subscribers in Malaysia was compromised. The personal details leaked included home addresses, national identification card numbers, and SIM card information. It was reported that the data breach had actually occurred in 2014 but was only discovered a year later. This is due to the lack of data breach notification laws in the country which would require a company that has had its data breached to notify its customers.
Singapore has also been the victim of cyberattacks. In 2017, the country was the target of three major cyberattacks, namely the Ministry of Defence cyber breach in February, WannaCry Ransomware attacks in May, and Petya Ransomware activity in June.
These incidents exemplify how far behind the region is in terms of cybersecurity. Cybersecurity at this juncture of time is particularly necessary as internet penetration in the region is at its highest and will continue to grow. Hootsuite’s report on Southeast Asia’s digital usage indicates that the region has an internet penetration rate of 58 percent which means there are more than 370 million internet users currently.
According to data from AT Kearney, Southeast Asia is not spending enough to protect its citizens from cybersecurity attacks. Despite high levels of growth, data shows that ASEAN member states spent an estimated US$1.9 billion in 2017 or a measly 0.06 percent of the region’s gross domestic product (GDP) on cybersecurity. The financial impact from cyberattacks can be crippling and devastating. According to the Asia Pacific Risk Centre, the global cost of data breaches is projected to reach US$2.1 trillion by 2019.
With technology advancing rapidly and embedding itself deeper in our lives, ASEAN countries need to realise the importance of investing in cybersecurity. As technology gets more pervasive, the more vulnerable we are to exploitation by cyber criminals, unless there is proper protection in place.
One of the biggest threats in cyberspace last year was the threat of ransomware. Ransomware is a form of digital extortion where attackers use a trojan to gain access to a user’s computer and threatens to publish the victim’s data or perpetually block access to the victim’s computer unless a ransom is paid.
People’s finances could be at risk with internet banking, e-wallets and even cryptocurrency usage on the rise. Without proper security measures in place, people could lose their livelihoods in the event of a cyberattack. Earlier this year, hackers managed to get away with US$440 million in cryptocurrency after hacking a Japanese cryptocurrency exchange.
The overall financial impact of cyberattacks can be devastating to an economy. According to the Asia Pacific Risk Centre, the global cost of data breaches is projected to reach US$2.1 trillion by 2019.
One of the steps ASEAN can take moving forward is to introduce a digital strategy to combat cyberattacks and data breaches. However, a deeper understanding of the tech sector and the workings of the internet is required. Aside from that, the initiative needs to transcend borders, as information and data move freely without borders on the internet.
ASEAN has taken steps to cooperate with other countries to tighten cybersecurity. At a previous ASEAN Summit, ASEAN and the United States (US) released a joint statement reaffirming their commitment to strengthening cybersecurity. Russia has also made similar pledges in developing cybersecurity cooperation with ASEAN.
In combating cybersecurity, a common misnomer is that most attacks are carried out by cyber criminals. However, governments need to realise that corporations are just as capable of carrying out questionable actions when it comes to personal data, as seen in Facebook’s multiple scandals recently. Governments also need to figure out an overarching strategy that can keep multi-national corporations in check as well as ensuring that the right infrastructure is in place to prevent future attacks from cyberterrorists.