Cyber-attacks are a major threat to ASEAN’s future prosperity. A recent report from A.T. Kearney stated that ASEAN nations need to markedly increase spending on cybersecurity to ensure the region’s ability to grow its digital economy: between the 10 ASEAN member nations, spending on cybersecurity needs to be around $171 billion between 2017 and 2025, and failing to invest that could cost the top 1,000 companies in ASEAN about $750 billion in market capitalization. The dangers are very real.
What are the risks?
The risks from not protecting ourselves sufficiently against cyber-attacks are many – one of the biggest of which is malware. According to cybersecurity company Kaspersky, in Q3 2017 malware on over 204,000 computers attempted to steal money via online access to end-user bank accounts. 2017 also saw ransomware on the rise – researchers at Malwarebytes reported in June 2017 that 7 out of every 10 malware payloads were ransomware, while Symantec reported that ransomware attacks increased by 36 percent in 2017.
Malware is a huge threat to corporate enterprises. Endpoint security – preventing malware from entering the corporate network through end-user devices like laptops, tablets and mobile devices – remains an area that many organizations simply overlook. But as recently as 2016, research found that around half of people would still happily pick up a USB memory stick they found in their office car park and plug it into a laptop or PC without a thought for what might be on it.
What does this all mean? It means that the corporate data and IT systems that organizations rely on for their business has never been more at risk than today, and that they are not doing enough to prevent their end users from unwittingly installing malware, ransomware and other threats in the enterprise environment. Add this to ASEAN’s own admission that the region is not investing enough money in combating cyberattacks, and it seems clear that we have a challenge to overcome.
What are we doing about it?
There are a number of national, bilateral and regional arrangements and mechanisms in place that Southeast Asian countries hope will manage the challenges and minimize the threats. These include the ASEAN Cyber Capacity Program (ACCP) introduced in 2016 and the ASEAN Cybersecurity Cooperation Strategy launched in 2017. There are international partnerships underway, including work with Interpol and the United Nations to combat cyber-crime in the region. Other initiatives include focusing on incident response and confidence-building, while several countries have established domestic cyber agencies.
What else can we do?
The best approach to preventing malware attacks and mitigating their impact is to take a proactive approach. Some useful tips and practices:
1. Keep all security updates and patches installed, plus also switch on automatic software updates whenever possible, especially for end-user devices.
2. Train and remind end users to avoid suspicious links and emails. Emphasize that it is very rare for any work-related company to ask for your password or other personal information via email: this is typically the sign of a phishing attack and potential malware.
3. Train and remind end users to avoid suspicious websites. Tell them to be on the alert for websites that request sensitive data or require them to download or install any software and to seek help if they are unsure about the legitimacy of a work-related website.
4. Be aware of the software you are downloading. Before installing anything new on a work machine or device, investigate the program and its reviews to check it is legitimate.
5. Limit application privileges. Malware often relies on wide-reaching access to devices and machines to execute its purpose, so using account controls to limit what employees can do on their corporate devices may well prevent malware from taking root.
In ASEAN, region-wide initiatives are already underway and can help drive greater collaboration and fight malware and cyber-attacks collectively. In 2016, Singapore launched a program designed to provide more cybersecurity resources to other member states, and the ASEAN group itself has also committed to working together to combat cybercrime. These are good, proactive steps, but there is still work to be done.
ASEAN companies should also recognize that this is not a journey on which they need to embark alone. The right partner can help them protect against malicious attacks quickly and continuously, and in Orange Cyberdefense we have the expertise and experience to help all our ASEAN partners win the fight against malware and ransomware now and in the future.
According to Forrester, “Ransomware is just malware with an intimidating twist.” You can protect yourself from ransomware. Read the new Orange whitepaper featuring research from Forrester, “Ransomware Protection: Five Best Practices.”