Self-extracting archives, double-extension files, and macro-laden documents are some of the new tools in use by hacking group OceanLotus, which operates across Asia. In layman’s terms, these trick users into opening a virus or a document encoded with malware or installing a program that can extract sensitive information.
The risks of cybercrime are widely recognized across the Association of Southeast Asian Nations (ASEAN), and were a focus of discussions at the 32nd ASEAN Summit in Singapore last year. Little wonder, perhaps: Singapore itself ranked 6th in the world for cyber defenses in 2018, according to the Global Cybersecurity Index, followed closely by Malaysia at 8th. Other countries in the region lag far behind.
Singapore is right to try to raise the bar, with regional hubs only as strong as their weakest links. In June 2018, the city-state announced over $20m in funding for a new ASEAN-Singapore Cybersecurity Centre of Excellence.
The rapid growth of the mobile market is one factor driving the region’s vulnerability, according to Paul Hadjy, chief executive officer of the Singapore-based company Horangi Cyber Security. Another is the fragmented nature of the region’s business ecosystem, with many well-connected but under-funded small and medium-sized businesses struggling to cover the costs of security systems. Tech hubs with insufficient scrutiny offer an open door to intruders, and are slow to detect breaches: Asian organizations take 1.7 times longer than the global median, says Hadjy.
Governments in the region are working together to tighten regulation: Laos and Vietnam are cooperating to develop transboundary cybersecurity, alongside e-government and postal service solutions; Thailand has been modernizing its digital laws, and actively seeking public input; while Malaysia has a whole host of initiatives, including best practice guidelines for security services, a dedicated internet banking taskforce, and a government-funded Coordinated Malware Eradication and Remediation Project (CMERP) satellite laboratory.
Given the scale of the threat, some say artificial intelligence (AI) is essential to tackling it, creating smart systems that can rapidly pick up on anomalies thanks to their ability to monitor vast amounts of data.
This is the approach proposed by both Horangi and Palo Alto Networks in the Philippines. Does this mean the region shouldn’t look to cybersecurity for job growth in the future? Not necessarily. A recent joint study by cyber threat intelligence firm DomainTools and the Ponemon Institute, which specializes in data protection research, found that 40% of cybersecurity staff across Asia Pacific, the UK, and the US expected growing demand for professionals with advanced technical skills. Palo Alto’s Philippines Country Manager Oscar Visaya, agrees: “The reason why cybersecurity is difficult is the lack of skilled staff. The complexity needs skilled people to be able to manage it.”