With the rise of the Internet, global markets are increasingly moving online, boosting business transactions and economics around the world. The advancement of technology has transformed operations, automating manual procedures and sped up the processing of information, while creating new communication methods. This has provided a way for companies to lower operational costs. However, while governments and corporations rush to tap into the potential of ICT, many are unaware of its inherent risks. With the rapid advancement of technology into all economic sectors – particularly with big data analysis – failure to improve computer and data security could cost the global economy trillions of dollars, not to mention put governments and companies at a higher risk.
A Lurking Threat
Confidential information – sensitive business and personal information, records from government agencies and private organisations – need to be protected. However, many organisations lack the awareness and urgency to deal with security risks, which can escalate. According to international network security company FireEye Regional Director for Southeast Asia Stephanie Boo, so far the reaction and implementation of cyber security measures at national and regional levels have been slow and fragmented.
With only imaginary boundaries, cyberspace is largely unregulated even as attacks have become more frequent and increasingly sophisticated. No thanks to easy access (via the internet) to tools – such as application packages – that can be used to almost effortlessly bypass the security of websites. Multinational security company Fortinet’s 2013 Cybercrime Report indicates that a network of private computers can be infected with malicious software and controlled without the owners' knowledge can be carried out for only US$700.
The real world implications are substantial. In December 2013, American retail company Target was victim of the second-largest data breach in US retail history. Almost 40 million credit and debit cards were compromised, including customer names, credit and debit card numbers, card expiration dates and the embedded codes on the back of the card. The company’s annual report last year showed that the data breach cost the company up to US$146m.
In a separate attack on Sony Pictures Entertainment – the American entertainment subsidiary of Japan’s international consumer electronics firm – in November 2014, about 77 million names, addresses and other personal data were stolen through accounts on its PlayStation Network. While Sony recently revealed that its initial losses are around US$15m (only comprising ‘investigation and remediation’ directly related to the hack), analysts predict that total losses could reach uS$100m.
Closer to Home
In the same year, Malaysia recorded a sharp increase in cyber threats between January and September, with more than 8,000 cases, according to the Science, Technology and Innovation Deputy Minister, Datuk Dr Abu Bakar Mohamad Diah. The highest number of cyber threats recorded involved scams, spam and hacking.
Neighbouring Singapore also suffered high-profile online attacks on government websites. These included data breaches on the Singaporean Prime Minister, Lee Hsien Loong’s website, client information of several local and international companies, and more than 1,500 online identification accounts used by residents to access services including personal income tax filings and pension savings statements were retrieved by nefarious hackers.
Sanjay Bavisi President of International Council of Electronic Commerce Consultants (EC-Council) – a member-supported professional computer security organisation – disclosed that while cyber laws in Malaysia have been adequately developed, enforcement falls short. He added that further improvement can be discussed with academicians, government and relevant industries to create benchmarks to certify and standardise cyber security professionals.
Indonesia’s Minister of Defence Purnomo Yusgiantoro and the Director-General of Security Potentials Pos M Hutabarat have both suggested the establishment of a ‘cyber army’ – an elite group that will defend Indonesia’s information and electronic networks against computer-based attacks. Meanwhile, the Infocomm Development Authority of Singapore (IDA) in collaboration with FireEye started training cyber security professionals since January 2014 to develop malware detection and prevention measures.
A 2014 study, The Link between Pirated Software and Cybersecurity Breaches, commissioned by Microsoft and conducted by research firm International Data Corporation (IDC) Research and the National University of Singapore, indicated that enterprises in Asia will spend up to US$230b in 2014 to counter malware issues intentionally included in pirated software. Of that, US$59b was for security issues and US$170b for data breaches.
However, to combat the threat of cybercrimes, definitive regional norms, protections, and standards first need to be established as Southeast Asia – and the world – grows more interconnected. There also needs to be general education and awareness among countries in the region, including government officials and the public.
Establishing basic security procedures can be implemented using relatively simple security techniques and preventive measures. In addition, the Asia Pacific Computer Emergency Response Team (Apcert), provides training, technical assistance and best-practice sharing.
The security of the Asean region and the efficient functioning of its economic markets require a strong electronic defence system, especially as businesses rush to take advantage of opportunities on the Internet. The first step to achieving this is consistent adherence to protective measures across governments and organisations. Regional and global cooperation are also crucial factors to the successful establishment and maintenance of security against electronic attacks to ensure safer exploration of the potential of the World Wide Web.