While the internet has facilitated an explosion in innovation, commerce, and social connection, it also poses a risk of information system breaches that could compromise our privacy and leave us vulnerable to identity thefts. Strange as it may sound, consumers’ PCs, smart phones, Wi-Fi networks, bank accounts, merchants swiping credit cards, and other devices are constantly susceptible to cyberattacks.
These risks disrupt enterprises, inflicting substantial losses at times, not to mention the damage in terms of reputation. They also represent a threat to national security on a bigger scale. Even while secure network systems are continually being developed to address the cyber dangers, the dynamic nature of cyberspace necessitates continuous refinement of these systems and the laws that regulate them.
The risks exposed by cyberattacks and other related crimes have grown dramatically as technologies and the internet are utilized more frequently by SMEs to enhance business processes. Such data breaches result in immediate financial damages, as well as legal action taken by persons whose personal information was compromised. Although ASEAN is one of the largest manufacturing hubs in the Asian region, these security concerns have received less attention. Only 21.9% of the 1533 stakeholders surveyed in Southeast Asia recently selected cybersecurity as a priority area. The unpredictable nature of the threat environment necessitates a multilayered strategy that incorporates effective personnel training, data protection, and threat detection and response.
As per a report, there were around 2.7 million ransomware occurrences in ASEAN during the first nine months of 2020. The number of ransomware attacks has skyrocketed this year compared to the same period last year. The estimated total exposure of the top ASEAN corporations is in the billions of dollars, stifling innovation in the fields of technology, business, retail, and finance. Interpol has launched a global awareness campaign to protect communities from cybercriminals who may use the pandemic as cover to steal data, perpetrate online fraud, or otherwise cause havoc in the digital sphere.
Underinvestment in cybersecurity has only made things worse. Even though cybersecurity threats are increasing, most ASEAN countries, except for Singapore, spend a much less proportion of their GDP on cybersecurity than the rest of the world. Furthermore, different perspectives on cyberspace have led to the paucity of any efficient method or structure for international cooperation in cybersecurity.
In the ASEAN ICT Masterplan 2020, cyber dangers were formally acknowledged as a threat that might impede ASEAN’s progress as a digitally enabled community. One of the eight areas of focus of the document was on ensuring the safety of digital information. Unfortunately, several ASEAN countries still have deficiencies in their cybersecurity policy framework. Some countries in ASEAN have become global hotspots that are used as launchpads for cyberattacks elsewhere. Foreign investment and economic growth are stymied as a result, undermining regional security and increasing ASEAN’s risk profile.
Key goals for 2020 included creating a standardised method for reporting cyber incidents and forming a regional ASEAN Computer Emergency Response Team (CERT) comprised of representatives from the CERTs of the member states. Some of these goals have been accomplished, but ASEAN still has work to do in developing a comprehensive cybersecurity strategy for the region. This includes setting clear priorities, building a transparent governance framework with defined roles and responsibilities.
With a predicted regional GDP addition of US$1 trillion over the next decade, ASEAN is poised to become the world’s fastest-growing digital market. At the same time, cybercrime is predicted to increase dramatically while also becoming increasingly sophisticated.
The European Union’s regional cyber resilience and cooperation have seen substantial improvements. It has established challenging yet achievable objectives, improved communication, and standardised procedures among its member nations. In this regard, ASEAN should learn from European Union practise as well. ASEAN needs a more comprehensive cybersecurity legislative framework, or what we would call coherent cyber governance.
Such a framework would need member nations concerted action to reduce cyber dangers. Building on existing platforms like the ASEAN Ministerial Cybersecurity Conference, the ASEAN Cybersecurity Coordinating Committee, and the ASEAN Regional Forum Inter-Sessional Meeting on Security in the Use of Information and Communication Technologies, ASEAN can further improve coordination with member states and beyond.
Dr. Sameer Kumar, Associate Professor, Asia-Europe Institute, Universiti Malaya, Kuala Lumpur