NICOLAS SWAYA WRITES — A new type of war is raging across the globe, and the potential aftermath could be devastating. Both cyberwarfare and cybersecurity are becoming increasingly important in our world. Countries are learning how to best cope with the cyber threat, some just coming to understand just how dangerous it can be. Southeast Asia has been progressing slower than other global regions. Black Hat, Southeast Asia’s top security conference, was held this March and some of the outcomes were alarming.
Nearly 70 percent of those surveyed at the conference believed that a critical cyber-attack would affect multiple Southeast Asian countries within the next two years. Respondents believed that the most likely suspects responsible for such an attack were Russia, China and North Korea.
ASEAN, the association of Southeast Asian Nations, has made improving cybersecurity in the region a top priority. Its goal is to spread awareness and advocate for laws that improve digital safety. Many ASEAN members have no dedicated cybersecurity agency, and fewer still have robust cybersecurity regulations.
ASEAN also stresses the connection and necessary cooperation between the public and private sectors, as both stand to benefit from better security. ASEAN has found most companies are reluctant to invest in necessary due to the high upfront costs – something government could, in theory help through loans. It should also be noted that countries in Southeast Asia tend to invest into offensive Internet capabilities, rather than defensive.
Issues covered during the Black Hat conference briefings ranged from cryptocurrencies to popular mobile payment services such as Circle Pay, Square Cash and Venmo. Zhen Zhu, an analyst stated, “Mobile payments…expose a lot of vulnerabilities in which adversaries can readily acquire the payment token during a valid mobile transaction… [T]he attacker can purchase anything.” Cybersecurity can affect anyone, from a corporation to an individual sending a Venmo payment. Attitudes toward cryptocurrencies like Bitcoin and Ethereum seemed skeptical, as the security behind the technology is still in development.
While Black Hat encourages the development of secure Southeast Asian infrastructure, organizers want the public to know that most attacks come from avoidable social engineering scams. Companies need to invest in further employee training to help them understand the basics of Internet protection. Entire corporations can be brought down by an employee clicking a malicious URL. An estimated 30 percent of Black Hat respondents thought that a lack of government spending was the biggest reason Southeast Asia has fallen behind in the cybersecurity industry. Black Hat participants also felt that there was simply a shortage of qualified people in the region to innovate and implement needed changes to ensure security.