ASEAN businesses are still challenged by cybersecurity problems, especially with the data protection landscape in the region fast changing. With recent media reports of cyber attacks targeting regional entities, it is clear that cyber security threats are on the rise.
Cyber attacks are not just for Fortune 500 companies anymore. As a result of the availability and widespread use of computing technology, small and medium-sized enterprises (SMEs) have become attractive targets for cybercrime, with many having been compromised or suffering from data loss.
The Covid-19 pandemic has demonstrated the importance of the internet and computers for SMEs to keep and grow their business. Over the past 18 months, the pandemic has increased malicious emails, phishing attacks, fraud and malware. Criminals target SMEs as well, knowing that many employees are now working remotely without adequate cybersecurity defenses.
The growth of this region is happening mainly in Indonesia, Vietnam, Malaysia, Singapore and Thailand. SMEs are at the forefront of this growth. However, they face unique challenges in cybersecurity. This is because they typically have less sophisticated infrastructure than larger firms with dedicated security teams. They also may not have the financial resources to cover cyber security vulnerabilities.
The majority of these businesses are unprepared to deal with cyberattacks, unaware of how to protect their data. They also simply do not realize the extent of the damage that a cyberattack can cause them.
The recent cyberattacks on the systems of several ASEAN countries, including Indonesia and Malaysia, indicate that SMEs, businesses operating in the region should consider cybersecurity as one of their top priorities.
Cybercrime surpassing transnational organized crime
Cybercrime has surpassed transnational organized crime as the biggest threat to the global business environment, with an average of two data breaches per day in 2016. The surge in cyber-attacks against SMEs across ASEAN is expected to rise over the next few years. According to Kaspersky Lab, a security solutions provider, 40% of these attacks are conducted via email.
The costs of cybercrime increase in scope and severity with the increasing “industrialization” of malware (or crimeware). For example, according to McAfee Enterprise & FireEye research, there was an 89% increase in cyber threats in Singapore amid smaller security budgets.
The Singapore Cyber Security Agency (CSA) reported 89 ransomware cases, up 154% from the 35 cases reported in 2019. The cases affected primarily small and medium enterprises and emerged from the manufacturing, retail, and healthcare sectors.
Meanwhile, CSA’s SingCERT (Singapore Computer Emergency Response Team) handled a total of 9,080 cybersecurity cases in 2020, the second increase in a row.
In Malaysia, Kaspersky Security Network recorded some 767,000 business owners coming under attack from Internet-borne malware last year. Approximately 269,533 phishing attempts were targeted against Malaysian SMEs in the first half of 2020, 56% more than the first half of 2019 at 172,906.
Cybersecurity acts assisting ASEAN businesses
The implementation of the Cyber Security Act in 2018 provides clarity to ASEAN SMEs about their cyber liability and digital due diligence obligations. The law provides much-needed regulatory oversight on the cybersecurity practices of enterprises in Singapore and those operating here.
In 2019, the ASEAN-EU Statement on Cyber Security Cooperation recognized the increasing role and challenges of ICT in all sectors of society. It highlighted the need to strengthen cooperation to prevent and combat malicious cyber activity.
The ASEAN Economic Community (AEC) has also provided cybersecurity solutions to SMEs. The AEC’s Network Operations and Cyber Security Expert Group (NOCEG) was set up to provide cybersecurity standards to help protect its members from malicious actors and cyberattacks.
In addition, the National Cyber Security R&D Programme Office (NCRDPO) launched its short-term Consultative Group on Information Security (CGI) project, aiming at providing cybersecurity solutions for ASEAN SMEs.
SMEs are facing many challenges in defending themselves against cyber threats. Some may not have the financial capacity to deploy security solutions to protect their data and information systems. Meanwhile, others may lack the necessary expertise and human resources, however with a growing number of cyberattacks and data breaches against businesses; it is becoming more apparent that information security needs to be taken seriously.