A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture. Photo: Reuters
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture. Photo: Reuters
Paul Hadjy
Opinion

Opinion

Paul Hadjy

As internet adoption grows in Southeast Asia, SMEs must defend against sophisticated cyberattacks

  • Cyber criminals are zeroing in on the relative lack of security at SMEs to infect numerous computers as a prelude to launching large-scale cyberattacks

TOP PICKS

A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture. Photo: Reuters
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture. Photo: Reuters
Internet adoption in Southeast Asia has surged over the past three years, driven by the mass uptake of mobile phones. Southeast Asia’s internet economy now has 350 million users and is
worth around US$72 billion
– surpassing the gross domestic product (GDP) of more than 100 countries in the world.

The populous region’s current internet leaders are Indonesia, Philippines and Thailand, along with Malaysia. US search giant Google and Singapore state investor Temasek Holdings estimated late in 2018 that 90 per cent of internet users in Southeast Asia use a mobile connection.

Moreover, they predict the number of users will grow from 90 million to 350 million over the next three years, as the ranks are boosted by people in Myanmar, Cambodia and Laos among others.

READ FULL ARTICLE

However, a key vulnerability in the region is the number of small to medium enterprises (SMEs), which typically have lower IT budgets than huge multinational corporations. Ernst & Young estimates that SMEs in Southeast Asia account for more than 95 per cent of all business establishments.

Given this picture, cyber criminals are zeroing in on the relative lack of security at SMEs to infect numerous computers as a prelude to launching large-scale cyberattacks, such as gaining access to a hub’s global connections via a local intrusion.

In 2016, US cybersecurity firm Mandiant reported that 80 per cent of hackers prefer attacking Asia-based organisations due to the relative ease of entry and in 2018, US internet security firm SonicWall reported that encrypted malware attacks increased almost fourfold in the region.

Cybersecurity attacks are not limited by borders, industries or jurisdictions. Notable incidents recently include Cathay Pacific’s data breach in November 2018 where the personal particulars of 9.4 million passengers were stolen and around 400 expired credit card numbers were accessed.

In November 2018, the personal particulars of 500 million customers of global hotels group Marriott were leaked in a breach that went undetected for four years.

As banks upgrade their digital systems and as wealth concentrates across the region, it is critical that measures are put in place to prevent cybercrime. As the two leading wealth hubs in Asia, Singapore and Hong Kong have been developing frameworks to strengthen cyberattack defences.

The Straits Times recently reported that private banks in Singapore manage more than US$2 trillion in assets, while the Hong Kong Private Wealth Management Association and KPMG reported that assets under management in Hong Kong are also expected to hit some
US$2 trillion by 2023
, with almost half the wealth derived from mainland China.
TechWire Asia recently
reported
that Hong Kong lost around HK$2.2 billion (US$280 million) and experienced over 9,000 cyberattacks between January and September 2018.

According to the Singapore Police Force, 5,430 cybercrime cases were reported there in 2017, resulting in losses of over S$95 million.

This month, the Hong Kong Monetary Authority (HKMA) announced a three-part assessment instrument that uses artificial intelligence (AI) to evaluate cyber resilience for the banking industry, known as the
Cyber Resilience Assessment Framework
(C-RAF).

Similarly, the Monetary Authority of Singapore (MAS) has introduced a US$30 million Cybersecurity Capabilities Grant to enhance the financial sector’s cybersecurity resilience. The funds will lend support to the cybersecurity functions of financial institutions and help local financial institutions to train their workforce on cybercrime issues.

As Asia’s digital and ‘Internet of Things’ (IoT) ecosystem matures, cloud adoption is developing. In terms of cloud readiness, Singapore and Hong Kong are well ahead of countries like China, India and Indonesia and are instrumental in driving policies across the region to enforce implementation of data management to enhance cybersecurity defences.

When Singapore was the chair of Asean in 2018, the country committed to draw up a formal Asean cybersecurity mechanism. Asean intends to build a rules-based international framework on cybersecurity to improve confidence and relationships across the region.

Singapore is taking a lead in the region and spent 0.22 per cent of its GDP on cybersecurity in 2017, according to
research firm IDC
, while Malaysia spent only 0.08 per cent.

Misplaced fears regarding security are holding back IT professionals from migrating to the cloud as they don’t believe, or are not sure if, data in the cloud is as secure as in their own data centre. Despite this, the market is growing rapidly. IDC estimates that the global cloud IT infrastructure market in 2018 grew by about 37 per cent to $65.2 billion in 2018.

Artificial Intelligence (AI) is another game changer for cybersecurity and it is changing the fundamentals of the discipline as we know it today. In a recent cybersecurity forum hosted by Baidu, Horangi executive chairman Kevin Lee pointed out how AI has the ability to rapidly perceive anomalies in a system – adding a new level of agility to traditional cybersecurity techniques.

With Asian organisations taking
1.7 times longer
to detect breaches compared to the global median, leveraging AI technology could level the playing field. For example, another challenge that is crippling the region’s ability to manage cyber risks is a severe lack of cybersecurity professionals.

AI may help to address this issue by supporting the efforts of human security experts when facing large cyberattacks by rapidly analysing a variety of data. As such, AI can drive revolutionary changes across prevention, detection and response to produce real-time detection of cyber threats.

As technology advances, it is important to stay compliant and have access to local expertise to help address issues. There is no one-size fits all cybersecurity solution but taking advantage of new technology and deploying it as part of a core business strategy should help – all within a compliance-based framework.

As cybersecurity issues proliferate, companies must think about the strategic deployment of defence measures to lower overall cybersecurity costs and avoid unforeseen bills due to severe data breaches.

Paul Hadjy is CEO and founder of Horangi Cyber Security, a cyber security solutions group. Prior to this he worked at Palantir Technologies, across Singapore, Korea and New Zealand with government and corporate clients on cybersecurity issues.