A new report is rallying for ‘an urgent call to action' for ASEAN nations, saying that a ‘radical agenda' may be able to help policy makers and industry leaders defend against cyber attacks.
The report titled Cybersecurity in ASEAN: An Urgent Call to Action, was commissioned by Cisco and conducted by consulting firm A.T. Kearney. It says that the digital economy in the Association of Southeast Asian Nations (ASEAN) may add up to $1 trillion to GDP in the next 10 years, but that figure is at risk because of ASEAN's popularity as both a Launchpad and target for cyber attacks.
According to the report, the entire ASEAN region is the third most populated market in the world with 645 million people – even bigger than the EU. Its combined GDP totals $2.7 trillion, making it the world's seven largest market.
However as its digital revolution progresses, so do the cyber capabilities that threaten to damage ASEAN's wealth.
ASEAN countries are at risk in a number of ways: limited threat intelligence sharing, diverging national priorities, increasing interconnectedness and rapid technological evolution. These factors could lead to the top 1000 ASEAN companies losing $750 billion in market capitalization, the report claims.
“Malaysia, Indonesia, and Vietnam are global hotspots for major blocked suspicious Web activities—up to 3.5 times the standard ratio, indicating that these countries are being used to launch malware attacks,” it adds.
CyberSecurity Malaysia CEO Dato' Dr. Haji Amirudin Bin Abdul Wahab also points out that some countries are taking the offensive approach and engaging in state-sponsored attacks and hacktivism.
Singapore, Malaysia, Thailand and Vietnam have drafted cybersecurity bills, but the rest of ASEAN is lagging. A number of countries have implemented data protection or privacy laws, but the report says few countries have made progress in all areas.
Many of these countries are only dedicating a small percentage of spend towards cybersecurity. Overall, ASEAN cybersecurity spend was estimated to be $1.9 billion last year – around 0.06% of the total GDP. Overall, Singapore leads growth (0.22%) of total spend, but is still far behind other regions such as Israel (0.35%).
However, ASEAN is being held back by a shortage of both a fragmented vendor market and local capabilities and expertise.
“Very few service providers have a regional presence, and most operate only in their country of origin. As one of the fastest-growing segments in the ICT landscape, cybersecurity could be a significant economic opportunity for ASEAN countries,” the report claims.
It also says that the skills shortage is present in ASEAN. Malaysia has 6000 cybersecurity professionals but will need 10,000 by 2020, according to the Malaysia Digital Economy Corporation.
ASEAN is also affected by a ‘significant' digital divide, despite increasing interconnectedness. While Singapore has the highest numbers of mobile broadband penetration and internet use, countries such as Myanmar and Laos trail behind.
The report calls for the need for an ‘active defence mindset': one that encourages countries to work together to defend and use the region's collective resources.
“As the issue of cybersecurity transcends borders, ASEAN countries must continue working together, particularly in the area of sharing threat intelligence, and introduce policies on a regional level to encourage every country to play their part. It is only through such collective effort that ASEAN will be able to safely reap the full benefits of the digital economy. Failure to do so would result in the region falling further behind, exposing its citizens to greater risk,” comments ESET senior research fellow Nick FitzGerald.
The report proposes four steps as part of a regional cybersecurity defense playbook.
- Elevate cybersecurity on the regional policy agenda – work together to implement a Rapid Action Cybersecurity (RAC) framework; and include cybersecurity as top-of-agenda in economic dialogue
- Secure a sustained commitment to cybersecurity – including the regional cybersecurity spending gap; and by using a cyber-hygiene dashboard to define and track metrics
- Fortify the ecosystem – encourage the corporate sector to foster a risk-centric mindset; create a threat sharing intelligence culture; bring cyber resilience to the supply chain; and to implement public-private partnerships and industry alliances
- Build the next wave of cybersecurity capability – address the skills shortage and train security professionals; improve global-local partnerships within the cybersecurity industry; encourage more security R-D in the areas of emerging threats, blockchain and AI; and anchor world-class capabilities.