The high-profile data breaches at Sony Pictures, Target and other US-based companies that dominated the news in 2014 have raised awareness of cyber crime.
But two years before these headline-grabbing incidents, governments and companies across Southeast Asia had already been contemplating the impact of a borderless digital economy where crimes can easily be committed online.
The sub-region has seen an increase of Internet-related crimes even as local law enforcement agencies have started cracking down on cybercriminals based in their countries.
In October 2013, 25 foreigners and three Indonesian women were arrested for their alleged involvement in an email scam worth 30 billion Indonesian Rupees (US$2.3m). A few months earlier that same year in nearby Philippines, more than 350 Chinese and Taiwanese nationals were arrested for running a massive bank account takeover scam targeted at individuals in China. In Thailand local authorities, along with their US counterparts, caught an Algerian national considered to be one of the world’s top-20 bank hacking criminal masterminds, responsible for defrauding tens of millions of dollars from computer networks of 217 banks.
Also by 2013, both Malaysia and Singapore both saw the volume of cybercrimes spiked in their respective territory. In Malaysia, losses caused by lapses in IT security and other online scams were reported to be about 1bn Malaysian Ringit (US$265.7m), with 70% of crimes in the country categorized as cyber crimes, and Singapore suffered financial losses amounting to about US$1bn. Two years ago, a report by security firm Norton noted that Singaporeans netted the highest per capita losses to cybercrime recorded at US$1,158, which in 2013 was four times the global average and twice the figure set 12 months earlier.
Beefing up IT security
With the growing sophistication of cyber threats, companies in Southeast Asia are going beyond the simple antivirus and firewall they used to employ in their organizations.
One of these companies is Bangkok-based XanSiam International, a manufacturer and distributor of dietary supplements as well as other health and beauty products. Established more than a decade ago, the company has grown steadily and now markets its products across the Asean countries.
“You only need to watch the news or surf the Internet to see what the modern-day hacker is now capable of. Implementing proper security measures is no longer an option, it is a must,” said Somchai Intiraworanont, president of XanSiam International.
To ensure that the company plugs all potential security holes, it hired security provider Network Box to upgrade its firewall service to a unified threat management service package.
“DDOS attacks were a problem before we deployed Network Box in the data center,” Intiraworanont said. “Today, we have been noticing a lot of zero-day malware getting stopped in its tracks. There have also been a number of intrusion attempts blocked.”
Besides getting enterprise-grade security services, the company also updated its security policy and fortified its physical security with a round-the-clock guards and the deployment of swipe cards.
With the company’s use of more advanced security services, Intiraworanont is becoming increasingly aware of the dangers that lie in wait for companies in the digital economy.
“With the real-time reporting, we get clear insights on cyber threats and we are made aware of potential network intrusions that have been blocked.”
Even with heightened IT security, XanSiam is unlikely to let its guard down. “The biggest challenge is just trying to stay a few steps ahead of the emerging cyber threats. Nowadays, anyone can become a target and fall victim to malicious attacks,” Intiraworanont said.
Asean is fighting back
As early as 14 years ago in October 2001, the Asean 10-country grouping already included cybercrime in its Plan of Action to Combat Transnational Crime. In September 2013, United Nation Conference on Trade and Development reported that eight out of 10 Asean countries have cybercrime regulation exceeding international standards.
Singapore, as a regional financial and commercial hub where many global companies based their Asian headquarters, has been leading the fight against cybercrime in the sub-region.
This year, the city state set up the Cyber Security Agency (CSA) of Singapore, which consolidates and coordinates the city’s cyber security capabilities across different sectors. Minister of communications and information, Yaacob Ibrahim, who is also minister-in-charge of cyber security said the main point of the CSA is that the different actors in the country – both public and private – “are all connected”.
And the city is now acting as a base for IT security experts both in the private and law enforcement fields who are tasked to monitor the expected influx of malicious threats into Southeast Asia.
For one, Interpol recently opened a new office in Singapore that houses 110 officers from over 50 countries. The Interpol Global Complex for Innovation is equipped with a forensic laboratory to support digital crime investigations and research the newest methods of cybercriminals.
During the complex’s opening in April, the agency’s secretary general Jurgen Stock said: “Cybercrime has been prioritized across the world as people, their homes and national critical infrastructure become smarter, or in other words, networked.”
He added the new complex in Singapore will ensure the agency is “best-placed to assist police forces around the world address emerging threats”.
Furthermore, Microsoft opened its fifth global Cybercrime Satellite Center in Singapore – the technology giant’s third in Asia after Tokyo and Beijing to keep an eye on the malware that will target Southeast Asia as it emerges as an economic powerhouse.
Richard Boscovich, assistant general counsel of Microsoft’s digital crimes unit said: “One of the reasons we are opening a center in Singapore is because it is one of the major financial centers of the world. A lot of money comes through Singapore, it’s a relatively wealthy nation and criminals follow the money.”
Southeast Asia’s reinvigorated efforts against cybercrime are well timed as the subregion is expected to face continuous waves of attacks in the years ahead.
In its report entitled “Southeast Asia: An Evolving Cyber Threat Landscape” issued in March this year, IT security firm FireEye said companies in the subregion regularly attract the interest of cyber spies and criminals looking to steal information on growing industrial sectors – energy, telecommunications, high-tech, transportations and finance.
“We believe, once stolen, this IP often makes its way to Chinese companies. These companies can use the stolen IPs to bypass years of research and development costs and get an inside edge when they deal with competitors in the region,” the FireEye report said.
Furthermore, the territorial disputes over South China Sea are putting government and military entities at risk as they are frequently targeted with malware to steal sensitive security details.
This was first published in August 2015