Southeast Asia Still Has Weak Information Security Against Cyber Threats

 
 

Information technology has undoubtedly become a major part of modern life. People around the world contact others through various networks, and, with such widespread use, more and more critical information is exchanged via digital means. This heightens the risk of cyber attacks, and increases the severity of damage that occurs.  

Southeast Asia is catching up with the rest of the world in information technology — exhibiting strong growth and development across the industry. According to Gartner Inc, Southeast Asian countries — such as Singapore, Malaysia, Indonesia, and Thailand — are among the countries that invest the most in IT. This emphasis on digital infrastructure has clear implications for modernizing the economies of growing, and maturing Southeast Asian nations.

Investors also see Southeast Asia as a potential new market. With how fast the IT industry grows in the region, companies need to stay current with the latest technology trends to provide quality service and productivity in the country. The quality of each nation’s technology backbone may directly determine their economic success.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

Cyber Threats Across Southeast Asia

With the huge increase in internet use, Southeast Asia is more prone to attacks from outside sources. Cyber attacks use various methods to alter computer code, logic, or data, resulting in a data breach or system failure. A telling 2015 report showed that among the Southeast Asian countries, Hong Kong was the most affected by cyber attacks, followed by Taiwan and Thailand.

Persistent malware such as Kaba, which targets government, defense, and media, sends out system information and accepts control commands from a remote server. Another malware example, LV, accesses the host’s crucial information such as NetBIOS name, user, date, locale, and Windows OS, and sends the information to its command and control server. Websites related to entertainment are the most threatened, followed by government websites and financial services.

“Cyber security in the region used to be less attractive for hackers because they target big companies.” Lyon Poh, KPMG’s cyber security partner in Singapore said.

According to Poh, “Southeast Asia still has weak governance in handling sensitive information, thus being a target of cyber attacks. Regardless of what type of business, without investment in information security, can be a target of an attack. Delaying cyber security measures could cost businesses to lose $3 trillion by 2020.”

In a region prone rapidly embracing IT, countries like the Philippines, Singapore, Vietnam and Indonesia, are particularly at risk.

In 2015, Kaspersky Lab ranked the Philippines as the 33rd country most prone to cybersecurity threats, out of 233 nations evaluated. Government websites have been defaced by hackers to voice concerns to the government. The Cybercrime Prevent Act, was passed in 2012  to prevent cybersecurity attacks. The latest cyber attack targeted the Commission on Election’s database, which was breached by LulzSec Pilipinas, exposing millions of citizens personal data to the world.

Singapore (along with Australia, Japan, New Zealand, and South Korea) is dubbed as the “Cyber Five” since they are more vulnerable to cyber attacks than other countries, primarily due to their reliance on technology and high degree of modernization. Singapore scored almost twice as high in terms of cyber vulnerability compared to similar evaluation in 2008. According to David Koh, chief executive of Cyber Security Agency (CSA), the level of awareness for cyber security is still low. Singapore has high internet usage, providing attackers with a broad attack surface. Koh said that businesses should dedicate more fiscal resources toward cyber security, stressing that professionals and cyber security groups should further increase their knowledge and experience with threat mitigation technologies.

Vietnam took the bold move of creating a strategic plan to strengthen the nation’s cyber security. Representatives of Verint System said that the country needed to formulate a cyber security strategy to detect and prevent cyber attacks. They highlighted the importance of cyber security for the smooth operation of national key networks such as transport, banking, aviation, and ministries. A law on cyber-information security (LCIS) passed November 19, 2015, took effect July 1 of this year, endeavoring to ensure the safety and security of information and protect personally sensitive information.

In July 2016, Vietnam suffered a significant cyber attack when a Chinese hacking group named 1937CN hijacked Vietnam’s largest airports and Vietnam Airlines. The attackers hijacked the flight information screens and sound systems in Noi Bai and Tan Son Nhat airports. The systems experienced loss of local control, broadcasting anti-Vietnamese and Philippines propaganda.

According to Indonesia’s then-Coordinating Minister for Political, Legal, and Security Affairs Luhut B. Pandjaitan, cyber attacks in the country were up to 33 percent in 2015. Around 55 percent of the attacks targets e-commerce websites, specifically unencrypted communications that carry valuable information like user credentials and credit card data. He also admitted that Indonesia doesn’t have a coordinated cyber defense to tackle the attacks.

“The most alarming fact is that in 2015, there was a fourfold increase in cyber crimes.” Legal and Security Affairs Minister, Agus Barnas said. Bank Indonesia recorded an increase in cyber crime, rising to 66.7 percent in 2015, an alarming figure.  

Indonesia and Russia agreed earlier this year to cooperate in cybersecurity, pertaining to counterterrorism and cybercrime. Russian Ambassador to Indonesia Mikhail Galuzin said that the importance of boosting cooperation between the two governments is to address the increasing threat of terrorism and crime through the internet.

The Way Forward

The growth of internet-based technologies is not going to change in the near future. As more and more nations focus on providing connections and essential internet services as a means to further their political, military, and economic goals, the number of users will swell. These users will be saving valuable data, conducting commercial activities, and expecting an improving level of security. It is incumbent on services, especially those that handle payment information, to protect user data. Encrypted connections offer valuable protection for users and merchants, and the validation of certificates provides a backstop for merchants and payment processors to be certain of who they are dealing with. Investing in fundamental security is good for merchants, good for consumers, and good for governments. The way forward is to invest now in security solutions that prevent attacks tomorrow.

Paul Baka is an account manager at Website Security Solutions based in Sydney, Australia. Specializing in cyber security for small to medium sized businesses and educational institutions. 

Newsletter
Sign up for our weekly newsletter
The Diplomat Brief