The populous region’s current internet leaders are Indonesia, Philippines and Thailand, along with Malaysia. US search giant Google and Singapore state investor Temasek Holdings estimated late in 2018 that 90 per cent of internet users in Southeast Asia use a mobile connection.
Moreover, they predict the number of users will grow from 90 million to 350 million over the next three years, as the ranks are boosted by people in Myanmar, Cambodia and Laos among others.
However, a key vulnerability in the region is the number of small to medium enterprises (SMEs), which typically have lower IT budgets than huge multinational corporations. Ernst & Young estimates that SMEs in Southeast Asia account for more than 95 per cent of all business establishments.
Given this picture, cyber criminals are zeroing in on the relative lack of security at SMEs to infect numerous computers as a prelude to launching large-scale cyberattacks, such as gaining access to a hub’s global connections via a local intrusion.
In 2016, US cybersecurity firm Mandiant reported that 80 per cent of hackers prefer attacking Asia-based organisations due to the relative ease of entry and in 2018, US internet security firm SonicWall reported that encrypted malware attacks increased almost fourfold in the region.
Cybersecurity attacks are not limited by borders, industries or jurisdictions. Notable incidents recently include Cathay Pacific’s data breach in November 2018 where the personal particulars of 9.4 million passengers were stolen and around 400 expired credit card numbers were accessed.
In November 2018, the personal particulars of 500 million customers of global hotels group Marriott were leaked in a breach that went undetected for four years.
As banks upgrade their digital systems and as wealth concentrates across the region, it is critical that measures are put in place to prevent cybercrime. As the two leading wealth hubs in Asia, Singapore and Hong Kong have been developing frameworks to strengthen cyberattack defences.
According to the Singapore Police Force, 5,430 cybercrime cases were reported there in 2017, resulting in losses of over S$95 million.
Similarly, the Monetary Authority of Singapore (MAS) has introduced a US$30 million Cybersecurity Capabilities Grant to enhance the financial sector’s cybersecurity resilience. The funds will lend support to the cybersecurity functions of financial institutions and help local financial institutions to train their workforce on cybercrime issues.
As Asia’s digital and ‘Internet of Things’ (IoT) ecosystem matures, cloud adoption is developing. In terms of cloud readiness, Singapore and Hong Kong are well ahead of countries like China, India and Indonesia and are instrumental in driving policies across the region to enforce implementation of data management to enhance cybersecurity defences.
When Singapore was the chair of Asean in 2018, the country committed to draw up a formal Asean cybersecurity mechanism. Asean intends to build a rules-based international framework on cybersecurity to improve confidence and relationships across the region.
Misplaced fears regarding security are holding back IT professionals from migrating to the cloud as they don’t believe, or are not sure if, data in the cloud is as secure as in their own data centre. Despite this, the market is growing rapidly. IDC estimates that the global cloud IT infrastructure market in 2018 grew by about 37 per cent to $65.2 billion in 2018.
Artificial Intelligence (AI) is another game changer for cybersecurity and it is changing the fundamentals of the discipline as we know it today. In a recent cybersecurity forum hosted by Baidu, Horangi executive chairman Kevin Lee pointed out how AI has the ability to rapidly perceive anomalies in a system – adding a new level of agility to traditional cybersecurity techniques.
AI may help to address this issue by supporting the efforts of human security experts when facing large cyberattacks by rapidly analysing a variety of data. As such, AI can drive revolutionary changes across prevention, detection and response to produce real-time detection of cyber threats.
As technology advances, it is important to stay compliant and have access to local expertise to help address issues. There is no one-size fits all cybersecurity solution but taking advantage of new technology and deploying it as part of a core business strategy should help – all within a compliance-based framework.
As cybersecurity issues proliferate, companies must think about the strategic deployment of defence measures to lower overall cybersecurity costs and avoid unforeseen bills due to severe data breaches.
Paul Hadjy is CEO and founder of Horangi Cyber Security, a cyber security solutions group. Prior to this he worked at Palantir Technologies, across Singapore, Korea and New Zealand with government and corporate clients on cybersecurity issues.