Internet dependence has risen across the Asia-Pacific during the coronavirus pandemic — much like in the rest of the world — as living, learning, and working moved online at unprecedented speeds. Across the region, citizens found themselves spending far more time on social media and video calls as businesses rapidly scaled up their investments in technology for education, health care, and other areas.
Yet all this growing dependence, a new Diplomat Risk Intelligence report finds, is also shifting the cyber risk landscape across the Asia-Pacific.
Many cybersecurity trends sweeping the region were already underway in one form or another prior to COVID-19. Phishing emails continued to be a popular vector for cybercriminals to steal information from businesses, government agencies, and civil society organizations large and small. Businesses are increasingly digitizing their processes – again, a pre-pandemic trend — ranging from document-sharing to accessing user data, as more individuals get connected to the global internet by the year. Surveillance and privacy risks to individuals from both governments and companies were rising well before the COVID-19 pandemic, too.
The uptick in digital dependence resulting from lockdowns and quarantines, though, drove cybersecurity and privacy risks in the Asia-Pacific to a new level. Over 70 percent of the 600 respondents to an MIT Technology Review survey say their businesses have stepped up digital transformation during the pandemic. Market research firm Statista records many other Asia-Pacific internet dependencies accelerated by the pandemic: a September 2020 survey found 28 percent of respondents in China and 25 percent in Indonesia, for instance, began using remote learning for their children since coronavirus’ onset. Increased usage was coupled with rising investments in areas like educational and healthcare technology.
Malign foreign interference, cyber espionage, geopolitical force multiplication, and hacking for financial gain still compose a key part of the Asia-Pacific cyber threat landscape. FireEye’s Mandiant Threat Intelligence team identified Chinese government influence campaigns across the Asia-Pacific in 2020, such as by impersonating Taiwanese media outlets to push Beijing’s narratives; these campaigns evolve in sophistication and are unlikely to fade away. North Korea’s Lazarus Group is an active player in cyber espionage, targeting defense and cybersecurity research organizations into 2021, alongside many other regional actors like Russia’s GRU (military intelligence) and the complex web of Chinese actors engaged in cyber-enabled trade secret theft. India and Pakistan have bolstered their offensive cyber capabilities as tensions between the powers escalate — and the list goes on. Magnified by the alleged deployment of commercially available spyware by some states to conduct targeted surveillance against journalists, lawyers, and civil society activists, these developments threaten the trust individuals place in the security and integrity of their online communications.
COVID-19 has also exposed the fragility of global supply chains, especially where redundancies and resilience mechanisms are not built in. The digital sphere is no different.
Net exporters of electronics such as Malaysia or Vietnam are part of a regional supply chain heavily reliant on China, while the Asia-Pacific writ large plays a critical role in the global technological supply chain. When the novel coronavirus hit the country hard, smartphone exports out of China dropped as brands ranging from Lenovo to Apple to Xiaomi witnessed substantial manufacturing delays that rippled across the global supply chain. Growing geopolitical competition over the development of semiconductors reflects this very dependence on China — and growing recognition, in the Asia-Pacific and beyond, that governments and industries must mitigate the risks of heavy supply chain dependence on third parties. In April 2020, Australia, India, and Japan launched the Supply Chain Resilience Initiative for this very reason. As another example, in July this year, the South Korean minister of trade, industry and energy met with Australia’s trade minister to discuss cooperation on rare earth and lithium supply chain issues (both of which are essential for tech development).
The point of concern here is that that threat mitigation efforts and cyber-cooperation initiatives are not equally robust across Asia-Pacific. According to the Global Cybersecurity Index — a United Nations tool that assesses the commitment of countries to cybersecurity measures — only half of the countries in the region have published national cybersecurity strategies and only a handful of countries have implemented them effectively and updated them regularly. Private-public cooperation in the region also needs burnishing with the role of the private sector in national cyber defense strategies rarely being spelled out clearly. This is compounded by a continued underinvestment in cyber defense capabilities across industry and civil society including due to structural funding problems (e.g., for civil society organizations). This underinvestment, in turn, leaves many critical parts of the economy and society vulnerable to espionage and disruption.
Threats to critical infrastructure from state and non-state actors, the challenges and opportunities presented by growing use of technologies like artificial intelligence and 5G telecommunications, and other Asia-Pacific cyber trends are not purely driven by the pandemic. But the novel coronavirus’ fingerprints are all over the shifting landscape. As the new Diplomat Risk Intelligence report details at great length, none of these cyber trends will fade into the background even when COVID-19 is brought under control.