With the recent hacks around the region and a few surreptitious attempts on my own Instagram account, it has become more and more apparent that cyberattacks are increasing. This may seem like stating the obvious, but our reliance on digital services has made us more susceptible than ever before.

A side effect of the pandemic has been a surge in online purchases and digital payments globally. Within Southeast Asia, the online sector is expected to hit US$300 billion while e-commerce is projected to be worth US$150 billion by 2025 according to Google and Temasek’s e-Conomy SEA 2019 report.

Cybercriminals are increasingly targeting e-commerce platforms for the rich volumes of customers’ personal information and credit card details. Notably in Singapore, the total amount cheated in e-commerce scams increased to $2.3 million in 2019, from $1.9 million in 2018.

More recently, a data breach involving 1.1 million user accounts on Singapore-based e-commerce platform Lazada, were put up for sale on an online forum.

We explored the state of cybersecurity in Southeast Asia for 2020

We had the chance to find out more about the current situation and what we can expect in 2021. Speaking to IntSight’s regional director of Asia, Michael Tan, we picked his brain to better understand the threat we’re facing.

Find out what else he had to share.

Have you noticed any home-grown threats from Southeast Asia? Where do most of the cyberattacks come from?

Phishing attacks and scam campaigns are becoming more advanced and are increasing in Southeast Asia as compared to the rest of the world, typically targeting large organizations and their customers or users. These attacks and campaigns are launched by leveraging stolen credentials and abused trademarks by utilizing ransomware or accessing and selling databases in underground forums.

One example is the recent Lazada/RedMart data breach. The database that was breached in this case was are similar to the ones found in underground forums. While companies need to make their best efforts to prevent, detect and mitigate such breaches, it is important that they make known to their customers that there are no silver bullets to stop cyber criminals, and that they need to practice cyber hygiene.

What are the industries or markets that are most susceptible to cyber-attacks and why?

Generally, organizations with large digital footprint are susceptible to cyberattacks because their attack surface areas tend to be wider and growing. At the same time, they are not able to keep up and dedicate the resources required to stay informed of emerging threats and attack vectors.

In Asia, government organizations, eCommerce, healthcare and finance more susceptible to cyberattacks – those that are active online, on social media, use online trading/banking and touching base with wider groups of audience. The motivation behind cyberattacks for each industry varies, some examples include:

  • For government organizations – state-sponsored operations may use disinformation campaigns to create dissent and disrupt markets, authorities and elections.
  • For eCommerce – retailers now have wider attack surfaces with their online and social media platforms and various payment tools. While they have invested in state-of-the-art platforms and technology to fuel their growth, many overlook investments in adequate security protocols.
  • For healthcare – the amount of sensitive data held by hospitals, clinics and providers are vast, especially in today’s COVID-19-striken world. Cybercriminals know that this type of data is extremely valuable and can be monetized.

What should companies be doing to create a robust defense against cyber threats?

Business are constantly targeted by various threat actors that use different tools and techniques to gain access to their data and networks. Taking ‘just enough’ measures to fulfil regulatory requirements is not sufficient. The most essential component to cyber security strategy is threat intelligence – one that provides them with information that is timely, accurate and actionable.

A good threat intelligence solution for your organization is one that helps you understand your organization’s security posture, what you may be exposing to your adversaries, where you should improve in terms of people, processes and technology. It will be able to mitigate some of the risks before they reach the organization’s perimeters.

What are companies in Southeast Asia getting wrong when it comes to cybersecurity?

Organizations have to be more proactive in protecting themselves against external cyber threats. They should focus on getting actionable threat intelligence that is relevant to them. While obtaining threat intelligence reports have been a norm in our region for years including data specific to regions, industry sectors, and tactics, techniques and procedures (TTP) trends. These reports are no longer sufficient. Organizations need to formulate and implement effective threat intelligence that offer complete visibility and protection continuously in real time with an actionable, effective mitigation process that allows for proactive defense.

How do you see cyber-threats evolving in the next few years?

The predominantly remote workforce in the region has seen more businesses operating on unsecured home networks. Moreover, many work tools were installed quickly without thorough analysis of risks, rendering businesses susceptible to attacks, and cyber attackers will continue to target these remote workers well after the COVID-19 situation tides over.

Another area where cyber threat landscape will continue to evolve is the prevalent utilization of the dark web by cybercriminals for communication and buying and selling of illegal goods and services. We have seen cybercriminals chat about how to design a convincing phishing attack using the COVID-19 theme for example, as well as discussions about hoaxes and scams that they can use.