IT Professionals in ASEAN Confronting Rising Cyber Security Risks

We Keep you Connected

IT Professionals in ASEAN Confronting Rising Cyber Security Risks

IT Professionals in ASEAN Confronting Rising Cyber Security Risks
Your email has been sent
The ASEAN region is seeing more cyber attacks as digitisation advances. Recorded Future CISO Jason Steer said software digital supply chains are one of the top risks being faced.
In July 2023, the Association of Southeast Asian Nations officially opened a joint cyber security information sharing and research centre, or Cybersecurity and Information Centre of Excellence, in a bid to increase the region’s shared cyber threat defences.
The centre is a response to a changing threat landscape. At the opening of the ACICE, Singapore’s Ministry of Defence said Singapore alone experienced a 174% increase in phishing attempts between 2021 and 2022, while Southeast Asia cyber crime had increased 82%.
Recorded Future Chief Information Security Officer Jason Steer told TechRepublic some customers in the region felt digitisation was turning data from gold into uranium due to cyber risk. He named digital supply chains and AI as key risk considerations for ASEAN CISOs.
Jump to:
The ASEAN region, like other emerging markets, is experiencing a rapid acceleration in digitisation. With the growth of cloud providers like Microsoft and AWS, businesses and governments are using these services to make operations more scalable, whether that is to digitise processes like invoicing and payroll or to better manage remote work growth.
This digitisation trend comes with risk. At threat intelligence firm Recorded Future’s local conference in the region, Steer said CISOs in ASEAN were more conscious than ever now that, although they want lots of data about clients because of the value it can drive for their businesses, there is a rising consciousness that the appetite for data also brings risks.
SEE: Australia’s cyber shields strategy needs data science considerations.
“One of our guest CISOs made the point that, historically, data has been viewed as gold,” Street said. “But, when looking at what organisations have experienced over the last 12 to 18 months, data is now viewed more like uranium: The more data you have, the more risk, and the more you have to do to protect and secure it. How do you manage that risk appropriately now?”
ASEAN CISOs are right to be worried. The Asia-Pacific region as a whole was the most attacked region in the world in 2022, according to a report from IBM (Figure A).
Further, a July 2023 survey by Cloudflare of 4,000 cyber security managers in the region found that 78% of those interviewed had experienced at least one cyber security incident in the previous 12 months. Of those attacked, 80% reported four or more incidents, and 50% had experienced 10 or more.
ASEAN nations are keenly feeling this increase in activity. Cloudflare’s report found that, in Malaysia, Indonesia and The Philippines, the largest challenge for cyber security leaders was defending against cyber attacks in the form of phishing, web attacks and business email compromise (Figure B). For CISOs in Singapore and Thailand, this risk was topped by the need to secure their remote workforces, an increasing need in a cloud-driven working environment.
The risks of digitisation are amplified by organisations who now rely on their digital supply chain. For example, 48% of Singapore-based respondents to Cloudflare’s survey who were rating the top issues with their cyber security architecture named limited oversight over their IT supply chain as an issue, just behind their applications and data being stored on the public cloud (50%).
Steer said that all organisations in ASEAN, and for that matter around the world, were buying digital solutions from product vendors but were not necessarily tracking the cyber security postures of this extended ecosystem. If one of those critical tools in the supply chain is down, the impact will be felt on the business because a cog in the business process has gone down.
“At Recorded Future, if AWS goes down for 20 minutes, that would be the whole platform down until we transition to the next region,” Steer said. “You can mitigate some of these supply chain issues to some extent, but it is important for organisations to ask what their plan is to recover and restore operations and how long they can be down until it impacts their ability to service clients.
“The supply chain in large organisations is getting longer and bigger; it is not just third parties, but their suppliers. This is a hard thing to think about, particularly when you don’t sign contracts with a supplier’s suppliers. While there may be little you can do, you need to at least start to think about what that looks like and how to manage risks better.”
The impact of conflict or geopolitical tension is of concern in ASEAN, as it is a region that relies on trade. Steer said tensions such as those between China and The Philippines in the South China Sea, an important shipping lane, was on the minds of CISOs in organisations. This conflict has the potential to impact digital supply chains as well as increase uncertainty around cyber threats facing organisations, governments or infrastructure.
ASEAN CISOs are considering the positive and negative impacts that the explosion in artificial intelligence tools may have on cyber defences and attack trends in the region. One of the key discussions, according to Steer, is the governance of organisational data.
PREMIUM: Stay compliant with this data governance checklist.
CISOs are walking the line between outright banning AI tools like ChatGPT to ensure organisational data is protected from leaks or going all in on AI to realise the potential business advantages.
Steer said a discussion point around AI in the region was election manipulation, particularly from state actors. With a variety of precedents around the world from previous recent elections, he said threat actors, empowered by the ease of creating content using AI tools, now had the ability to create more convincing fake disinformation campaigns. This could impact the likes of Indonesia’s election coming up in February 2024, which would influence business and politics.
The opportunity to fight fraud and improve security could improve with AI. Steer said users authenticating to a banking application would normally use their username, password and strong multi-factor authentication. In a world of AI, more data could add layers of security to accounts, such as where log-ins occur, what time log-ins typically happen and the IP address they usually come from.
“With a lot more data points, there is not only the chance to create a better user experience, but better prevent fraud and account takeover as well,” Steer said.
The launch of the ACICE showed ASEAN nations are continuing to work more closely together on cyber security. The region has also developed a joint cyber security strategy and data protection framework and is working on creating a unified ASEAN security emergency response team. Skilling up ASEAN workforces is on the agenda; Malaysia has committed to training and certifying 20,000 cyber security professionals by 2025 as part of its cyber security strategy.
SEE: Microsoft invests in Australia’s cyber security and technology skills priorities.
Steer said Singapore and Malaysia stand out in the region for advanced cyber security practices. The large number of global companies using it as a base has boosted the local talent pool and infrastructure. Other nations, like The Philippines, are raising the bar as well as regional cyber security standards rise, in part because of the supply chain governance and risk frameworks they are being compelled to follow to keep up with competitors in the region.
Stay up to date on the latest in technology with Daily Tech Insider Australian Edition. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that are most relevant to AU markets that will help you stay ahead of the game. Delivered Thursdays
Stay up to date on the latest in technology with Daily Tech Insider Australian Edition. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that are most relevant to AU markets that will help you stay ahead of the game. Delivered Thursdays
IT Professionals in ASEAN Confronting Rising Cyber Security Risks
Your email has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
Onboarding new employees and providing them with the equipment and access they need can be a complex process involving various departments. This New Employee Checklist and Default Access Policy from TechRepublic Premium enables the IT and HR departments to effectively partner and ensure new hires receive a standard set of equipment and features. From the …
Recruiting a video game animator with the right combination of experience and technical expertise will require a comprehensive screening process. This hiring kit from TechRepublic Premium provides an adjustable framework your business can use to find the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS AND SKILLSETS Beyond sheer …
Some operations and tasks don’t require painstaking attention to detail. Unfortunately, processing payroll isn’t one of them. With sensitive salary and wage information, bank and direct deposit accounts, Social Security numbers and other personal information in play, the stakes are high. This guide — and the accompanying spreadsheet — from TechRepublic Premium will help you …
Quality assurance refers to the processes being used to manage the project and to build the deliverables. This is in contrast to quality control, which refers to the activities used to create the deliverables. Because you are not responsible for the creation of the deliverables (quality control), you need to be comfortable that the outsourcer …
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE