§ ASEAN needs to spend US$171 billion between 2017 and 2025 to be in line with global best-in-class countries
Companies across the Association of Southeast Asian Nations (ASEAN) bloc face a growing risk of cyberattacks which could expose the region’s top listed firms to a US$750 billion erosion in current market capitalisation according to new research* commissioned by Cisco.
 |
| Source: Cisco and AT Kearney. AT Kearney suggests the use of a Rapid Action Framework for the ASEAN region to enhance regional cyber readiness. |
The research, Cybersecurity in ASEAN: An Urgent Call to Action, conducted by global management consulting firm AT Kearney, stresses that ASEAN’s growing strategic relevance, driven by economic expansion and ongoing digital adoption, make it a prime target for cyberattacks. It is simultaneously becoming a launchpad for such attacks.
A combination of nascent policy preparedness, absence of a unifying regional governance framework, shortage of skilled talent, underestimation of risk and lack of adequate investment are among the factors that are contributing to the heightened risk.
The research report emphasises that cybersecurity risk across the bloc will continue to escalate as the bloc gets more digitally-interconnected.
A combination of nascent policy preparedness, absence of a unifying regional governance framework, shortage of skilled talent, underestimation of risk and lack of adequate investment are among the factors that are contributing to the heightened risk.
The research report emphasises that cybersecurity risk across the bloc will continue to escalate as the bloc gets more digitally-interconnected.
Divergent national priorities across ASEAN countries and varying paces of digital evolution will foster a pattern of sustained underinvestment in cybersecurity, AT Kearney said.
The region currently spends an average of 0.07% of its collective GDP on cybersecurity annually. It would need to increase the spending to between 0.35% and 0.61% of GDP between 2017 and 2025 to be in line with the best-in-class benchmark, based on spend levels as a percentage of GDP for Israel. The research estimates that this translates to US$171 billion in collective spend needed across ASEAN countries during the period. Limited sharing of threat intelligence, often because of mistrust and a lack of transparency, will weaken cyberdefence mechanisms.
Naveen Menon, President ASEAN at Cisco said: “Digital innovation and adoption are central pillars of economic growth for ASEAN. Its success hinges in large part on the bloc’s ability to combat the cyber threats. Cybersecurity needs to be an integral part of policy discussions at the semiannual ASEAN Summit, with the aim of developing a unified policy framework for the region.
"At the same time, countries have to understand that defending against cyberattacks goes beyond investing in the latest solutions. A holistic approach must be adopted in which the human element of cybersecurity is also addressed. This includes raising public awareness and providing sufficient training to staff in order to ensure healthy Internet hygiene is developed."
*The study was delivered through a combination of interviews across a wide spectrum of policy makers and corporate decision makers, expert discussions and analyst reports.
The region currently spends an average of 0.07% of its collective GDP on cybersecurity annually. It would need to increase the spending to between 0.35% and 0.61% of GDP between 2017 and 2025 to be in line with the best-in-class benchmark, based on spend levels as a percentage of GDP for Israel. The research estimates that this translates to US$171 billion in collective spend needed across ASEAN countries during the period. Limited sharing of threat intelligence, often because of mistrust and a lack of transparency, will weaken cyberdefence mechanisms.
Naveen Menon, President ASEAN at Cisco said: “Digital innovation and adoption are central pillars of economic growth for ASEAN. Its success hinges in large part on the bloc’s ability to combat the cyber threats. Cybersecurity needs to be an integral part of policy discussions at the semiannual ASEAN Summit, with the aim of developing a unified policy framework for the region.
"The corporate sector also needs to start treating cybersecurity as a business-wide issue that can only be tackled by adopting a risk-centric approach to building resilience, rather than just an IT problem.”
The cybersecurity threat landscape is evolving rapidly due to the following additional factors:
- Emergence of new technologies such as the Internet of Things (IoT)
· The end points in an IoT network often tend to be unsophisticated devices such as household gadgets, making it easier for attackers to hack the network. IoT attacks are already prevalent in Asia.
· In 2016, 60% of all IoT-based attacks originated from Asia, most likely because of the historically vulnerable profile of products in Asian markets.
- A global trend of shortage of skilled and qualified cybersecurity professionals
· This is mirrored across ASEAN. Malaysia, for instance, currently has 6,000 cybersecurity professionals but requires 10,000 by 2020.
· Specific skillsets like behavioural analytics and digital forensics are in acute short supply.
· There is also inadequate expertise in cybersecurity support sectors, such as cyberinsurance, where effective frameworks and knowledge are needed to accurately assess the value at risk.
Nikolai Dobberstein, Partner at AT Kearney and lead author of the report, said: “As our technological landscape changes and new threats emerge, it’s never been more important for countries, governments, and the public and private sectors to come together and collaborate to share best practices. Cybersecurity is something that impacts us all, and particularly in ASEAN, where countries have strong ties to one another. We can only be as strong as our weakest link.”
Nick FitzGerald, Senior Research Fellow, ESET, commented that cybercriminals are following the money when it comes to ASEAN's cybersecurity vulnerabilities. "With ASEAN currently being the seventh-largest economy, it is of utmost importance that countries here understand the consequences of cyberattacks and begin preparing for such immediately. At present, ASEAN in general has much to do and taking into consideration the rapid rate at which the digital economy grows, lapses in cybersecurity preparedness will be further exploited," he said.
The cybersecurity threat landscape is evolving rapidly due to the following additional factors:
- Emergence of new technologies such as the Internet of Things (IoT)
· The end points in an IoT network often tend to be unsophisticated devices such as household gadgets, making it easier for attackers to hack the network. IoT attacks are already prevalent in Asia.
· In 2016, 60% of all IoT-based attacks originated from Asia, most likely because of the historically vulnerable profile of products in Asian markets.
- A global trend of shortage of skilled and qualified cybersecurity professionals
· This is mirrored across ASEAN. Malaysia, for instance, currently has 6,000 cybersecurity professionals but requires 10,000 by 2020.
· Specific skillsets like behavioural analytics and digital forensics are in acute short supply.
· There is also inadequate expertise in cybersecurity support sectors, such as cyberinsurance, where effective frameworks and knowledge are needed to accurately assess the value at risk.
Nikolai Dobberstein, Partner at AT Kearney and lead author of the report, said: “As our technological landscape changes and new threats emerge, it’s never been more important for countries, governments, and the public and private sectors to come together and collaborate to share best practices. Cybersecurity is something that impacts us all, and particularly in ASEAN, where countries have strong ties to one another. We can only be as strong as our weakest link.”
Nick FitzGerald, Senior Research Fellow, ESET, commented that cybercriminals are following the money when it comes to ASEAN's cybersecurity vulnerabilities. "With ASEAN currently being the seventh-largest economy, it is of utmost importance that countries here understand the consequences of cyberattacks and begin preparing for such immediately. At present, ASEAN in general has much to do and taking into consideration the rapid rate at which the digital economy grows, lapses in cybersecurity preparedness will be further exploited," he said.
"At the same time, countries have to understand that defending against cyberattacks goes beyond investing in the latest solutions. A holistic approach must be adopted in which the human element of cybersecurity is also addressed. This includes raising public awareness and providing sufficient training to staff in order to ensure healthy Internet hygiene is developed."
FitzGerald also advised ASEAN countries to continue working together, particularly in the area of sharing threat intelligence, and introduce policies on a regional level to encourage every country to play their part. "It is only through such collective effort that ASEAN will be able to safely reap the full benefits of the digital economy. Failure to do so would result in the region falling further behind, exposing its citizens to greater risk," he said.
Explore:
Read the Cybersecurity in ASEAN: An Urgent Call to Action report
*The study was delivered through a combination of interviews across a wide spectrum of policy makers and corporate decision makers, expert discussions and analyst reports.
No comments:
Post a Comment