HCM CITY — Cybersecurity and policy experts discussed strategies to beef up cyberdefences in the Asia Pacific during the pandemic and beyond at an online forum this week.
The APAC Online Policy Forum II, organised by global cybersecurity company Kaspersky, underlined how policies and strategies are formed in APAC, how they remain relevant and effective amidst the continued shift in the region’s threat landscape and how governments can be one step ahead of cybercriminals.
Eugene Kaspersky, the company’s CEO, deep dived on the latest cybersecurity threat landscape and trends amplified by the pandemic, particularly the shift in cybercriminals’ targets from smartphones and personal devices to industrial control systems and the internet of things.
“Since the beginning of social confinement, we have been observing how the global cybersecurity landscape is being impacted by the pandemic. On one hand, people are at greater risk of cyber intrusions due to their working remotely and spending more time online. On the other, there are more cybercriminals, and they are getting more skilled and experienced.
“In 2020 we saw the detection of unique malicious files rise by 20-25 per cent a day. And today our researchers are also closely monitoring more than 200 cybercrime gangs responsible for launching hyper-targeted attacks against banks, governments and nations’ critical infrastructure.”
Deputy Minister of Information and Communications Nguyễn Huy Dũng explained how Việt Nam has taken pro-active steps to secure its cyberspace, including by passing a cybersecurity law and creating standards and a blueprint across government and the private sector.
“No one can cope with cyberthreats alone. No one can be safe alone.”
He described the four-layer of protection model in Việt Nam with an in-house team, 24/7 cybersecurity services by a professional provider, an independent security audit, and independent monitoring by the National Cybersecurity Centre (NCSC).
Another successful project was the ‘Review and remove malware nationwide in 2020’ campaign by the NCSC, which caused the number of botnet IPs to fall by nearly half after scanning over 1.2 million computers and detecting more than 400,000 infected with malware. Kaspersky was among the private partners in this initiative carried out from September to December 2020.
Education and cybersecurity
Dr Greg Austin, a professor of cybersecurity, strategy and diplomacy at the University of New South Wales in Australia, underlined the connection between cybersecurity capacity building and investment in education.
“Globally we are not making enough cybersecurity professionals.
“Most countries are not prepared to make investments in education for the cybersecurity ambitions they talk about. Digital transformation and defence capacity building must include educational transformation.”
Australia plans to invest US$26 million in education to achieve its vision of creating a more secure online world for its citizens, businesses and the essential services, according to the professor.
Graduates from colleges and universities should be exposed to real-life simulations, exercises and red teaming to increase their cybersecurity skills and knowledge, he said.
Azleyna Ariffin, Principal Assistant Director, National Cyber Security Agency (NACSA) of Malaysia, concurred with the need for experts as part of a nation’s strategy, said “We also need to focus on developing skills and knowledge in cybersecurity so that it will be a more effective co-operation if we share the same level of skills and understanding with regard to threats and cybersecurity.”
There is also a need to increase awareness among the public of the dangers lurking online, according to Ariffin.
Nur Achmadi Salmawan, director of the National Critical Information Infrastructure, National Cyber and Crypto Agency (BSSN) of Indonesia, said his agency launched last December a draft national cybersecurity strategy aimed at combating technical threats and even social threats.
“Social media has become a weapon for organisations and individuals to manipulate information for their own interest. It is important to inform people how to use the internet correctly and safely.”
All speakers agreed that regional collaboration, high-level private and public co-operation and sharing of knowledge are essential ingredients in building a country’s cybersecurity. — VNS