While there are massive economic opportunities from promoting digital integration in ASEAN, the disparity amongst ASEAN member states' cybersecurity preparedness capabilities are sources of potential weakness to cyber crimes. This edition of Birds-Eye-View highlights what the recent wave of cyber attacks and data breaches in Southeast Asia means for organisations and the increasingly online populations in the region.
The potential opportunities that arise from a digitally connected ASEAN are immense. By employing digital technologies to improve efficiency and introducing new ways of doing business and connectivity here, ASEAN’s digital economy is estimated to be worth up to US$625 billion – eight per cent of the region’s GDP by 2030. Although there has been much optimism in Southeast Asia’s digital opportunities, it is important to acknowledge the digital disparities that exist amongst Southeast Asian nations. According to a recent report by Bain & Company, while ASEAN SMEs contribute to more than 50 per cent of ASEAN’s combined GDP and represent 99 per cent of the region’s enterprises, 45 per cent of these enterprises lack an understanding of digital technology. Investments earmarked for cyber securities in ASEAN also remain low, with an average of 0.07 percent from their gross domestic product.
Some experts suggest that funding towards cybersecurity ought to be increased to 0.35 percent and 0.61 percent compared to their GDP in 2025. GROWING THREATS WITH GOING DIGITAL Such numbers are no doubt important, given the rise of cyber attacks and data breaches globally. In fact, these two threats have been identified as the fourth and fifth most serious risks in the World Economic Forum's 2019 Global Risk Report. The economic costs of these risks are enormous. According to a recent Frost and Sullivan’s report, which surveyed 1,300 businesses and IT companies in the AsiaPacific, cyber attacks is likely to cost this region USD 1.745 trillion. In 2017 alone, Indonesian companies estimated to have lost USD 34 billion. In South East Asia, trends and statistics have pointed out that governments and vital institutions here are also not spared.
What is evident from the existing literature on cyber security, the motivations of the perpetrators vary widely. These range from lone hackers committing security breaches and fraud, to organised crime activities, and the promotion of hate speech and defamation to destablise governments, to state-sponsored attacks to influence or retaliate to political outcomes and decisions of other countries.
What is evident from the existing literature on cyber security, the motivations of the perpetrators vary widely. These range from lone hackers committing security breaches and fraud, to organised crime activities, and the promotion of hate speech and defamation to destablise governments, to state-sponsored attacks to influence or retaliate to political outcomes and decisions of other countries.
HUMANS ARE THE WEAKEST LINK
While investing in bank grade security systems are ideal, human error is the Achilles Heel of the systems.
The human user behind the system is often the culprit that introduces malware into the system unknowingly.
This happens when users download unauthorised files from unsecured sources, pair unauthorized USBs / blue tooth devices with their hardware and, sharing emails that carry the malware.
Speaking at the 2018 Annual Conference of the Association of Chartered Certified Accountants (ACCA) in Singapore, Deloitte's Cyber Security expert Thio Tse Gan noted that the lack of governance and readiness are the recurring themes of cyber attacks. There is thus a need to cultivate a culture of readiness. It's not about 'if' you get attacked, it's 'when' you get attacked.
CULTIVATING A CULTURE OF READINESS
Microsoft notes that over 90 percent of cyberattacks can in fact be prevented with maintaining most basic best practices, such as strong passwords, the use of multi-factor authentications for log-ins on and ensuring that all systems and softwares up to date.
Steps that can be taken to mitigate and decrease the chances of an attack include:
Educating users on the protocols when handling emails and USB/ Blue tooth devices;
Ensuring that work emails accounts are separate from private email accounts—and best to check them on separate devices;
Limiting the sites that employees are allowed to visit using office computers and laptops—enforce a sense of urgency and importance amongst users about the importance of adopting a “hygienic” cyber environment, Conducting periodic checks on systems and its patches, what is secured today may not be secured; in addition, there are many security patches, and each patch in either the software or hardware can also at times introduce new flaws within the system;
Making sure users know how to generate a secured password
Responses in the wake of a cyber attack are equally critical. Not only do cyber attacks cause alarms for an organisation’s internal security, but also tarnishes the organisation’s public image. How organisations choose to respond to cyber attacks or leaks is no doubt increasingly critical in any organisation’s crisis communications strategies. While cyber attacks erode public trust in any given organisation, it forces organisations to practice more accountability to its stakeholders
Regionally, governments and the private sector need to work hand-in-hand to promote this readiness culture. Some effort has begun. Singapore, for instance, has initiated ASEAN Cyber Norms Workshops to raise awareness of ongoing global cyber norms, and has also invested S$10 million in the ASEAN Cyber Capacity Building Programme to build the technical capability and knowledge within the region.
ABOUT THE AUTHOR
Sofiah's experience in the think tank world has been seminal to her professional development. With the growing global prevalence of Non-Traditional Security (NTS) issues (i.e. resource scarcity; food, water and energy insecurity; pandemic outbreaks; disaster and climate risks), Sofiah has helped mainstream NTS in ASEAN policy making circles while at the S. Rajaratnam School of International Studies (RSIS). She also co-led two programmes in the RSIS Centre for NTS Studies and participated in several international leadership programs. She has and continues to write on policy-relevant perspectives on Sustainable and Human Development, and Contemporary Muslim World issues.
Mid-way through her PhD at the Australian National University, Sofiah co-founded Hornbills: Concepts and Communications (HBCC) – a consultancy firm that specialises in the communication of politics, and the politics of communication. HBCC is in the business of creating and communicating content – whether it be through traditional or social media, or offline events such as forums, festivals and roundtables. Their Asian, European and Middle Eastern clients range from social enterprises and SMEs, to corporates and government agencies that require assistance in communicating their perspectives and strategies effectively. In particular, Sofiah specialises in thought leadership content creation services for CEOs and other leaders of organisations.
Sofiah recently started a podcast called “Breaking Silos” that speaks to the core of what she does and believes in, and interviews others who are, in their own way, breaking cultural, geographical, industrial and sectoral silos.
Learn more from Sofiah Jamil and the rest of our speakers in our upcoming Global Leadership Summit. Register now Enjoy More Benefits and Prizes worth up to US$2500 for VIP or Premium Pass! at https://www.ctsolutionsglobal.com/transforming-thriving-together. Use SOFIAH to get 10% discount