Can justice always prevail in the cyberspace?
This is the resounding question tackled thoroughly in the recently concluded Asia Pacific (APAC) Online Policy Forum II, a brainchild of the global cybersecurity company Kaspersky.
Dubbed as “Guardians of the Cyberspace: can justice always prevail?”, the conference featured top industry and policy experts from the region including:
The program was hosted and opened by Eugene Kaspersky, CEO at Kaspersky, wherein he deep dived on the latest cybersecurity threat landscape and trends amplified by the pandemic. Particularly, Kaspersky noted the shift of cybercriminals’ targets --- from smartphones and personal devices to industrial control system (ICS) and Internet of Things (IoT). He also shared the perspective of the private sector to addressing challenges in building cyber-resilient and cyber-secure digital transformation in APAC.
“Since the beginning of social confinement, we’ve been observing how the global cybersecurity landscape is being impacted by the pandemic. On one hand, people are at greater risk of cyber-intrusions due to their working remotely and spending more time online. On the other, there are more cybercriminals, and they’re getting more skilled and experienced. In 2020 we saw unique malicious file detection rise 20 to 25 percent a day. And today, our researchers are also closely monitoring more than 200 cybercrime gangs responsible for launching hyper-targeted attacks against banks, governments, or nations’ critical infrastructure,” reveals Kaspersky.
Attended by more than 1,000 participants from across the region, including C-level officers from various sectors, top government officials, and members of the media, the forum underlined how policies and strategies are formed in APAC, how these remain relevant and effective amidst continued shift of the region’s threat landscape, and how governments can be one step ahead of cybercriminals.
Four-layer of protection
Mr. Nguyen Huy Dung, Vice Minister of Vietnam’s Ministry of Information and Communications (MIC) shared how the country has conducted active steps to secure its cyberspace, which include establishing national cybersecurity law, standards, and blueprint across government and private organisations.
“No one can cope with cyberthreats alone. No one can be safe alone,” Mr. Dung emphasised.
He highlighted the four-layer of protection model in Vietnam which involves an in-house team (first layer), 24/7 cybersecurity services by a professional provider (second layer), an independent security audit (3rd layer), and an independent monitoring by the National Cybersecurity Center (NCSC) of Authority of Information Security, Ministry of Information and Communications (4th layer).
Another successful project cited is the “Review and remove malware nationwide in 2020” campaign by the National Cyber Security Centre (NCSC) of the Vietnam Authority of Information Security which resulted to the number of Botnet IPs nearly halved and over 1.2 million computers scanned, detecting more than 400,000 of those infected with malware. Kaspersky is among the private partners in this initiative conducted from September to December 2020.
Education and cybersecurity
Dr. Greg Austin, Professor of Cyber Security, Strategy and Diplomacy at University of New South Wales, underlined the crucial connection between cybersecurity capacity building and investments in education.
“Globally we are not making enough cybersecurity professionals,” said Dr. Austin. He added that, “Most countries are not prepared to make investments on education for the cybersecurity ambitions they talk about. Digital transformation and defense’s capacity building must include educational transformation.”
He also noted that The Australian Cyber Security Strategy 2020 will invest 26 million for education out of the total $1.67 billion budget allocated, for over 10 years to achieve the vision of creating a more secure online world for Australians, their businesses and the essential services upon which we all depend.
As a suggestion, Dr. Austin noted that graduates from colleges and universities should be exposed to real-life simulations, exercises, and red teaming to increase their skills and knowledge about cybersecurity.
Ms. Azleyna Ariffin Principal Assistant Director, National Cyber Security Agency (NACSA) of Malaysia echoed the need for experts and that it should be a part of a nation’s strategy.
Adding the exponential rise in technology use and the number of threats amidst the still on-going pandemic, she said, “We also need to focus on developing skills and knowledge in cybersecurity so that it will be a more effective cooperation if we share the same level of skills and understanding with regards to threats and cybersecurity.”
This is among the key priorities of Malaysia Cybersecurity Strategy 2020-2024, announced last October, with allocated budget of $434 million and five pillars to improve the cybersecurity management and capability of the country.
Social awareness, shared responsibility
Aside from formal education, Ms. Ariffin added the need to increase awareness for the mass public regarding the dangers lurking online. She noted that NACSA is partnering actively with the Ministry of Education and the Ministry of Communications and Multimedia in Malaysia to spread the message strategically.
Mr. Nur Achmadi Salmawan, Director of National Critical Information Infrastructure, National Cyber and Crypto Agency (BSSN) agreed and shared that BSSN also involves several government agencies, the academia, and the society to spread cybersecurity awareness among Indonesians.
Focusing on protecting national interest and promoting national economic growth, he highlighted that BSSN has launched last December the Draft National Cyber Security Strategy for the country. The strategy is aimed to combat technical threats and even social threats in Indonesia.
“Social media becomes the weapon for organisations and individuals to manipulate information for their own interest. It is important to inform people how to use the internet correctly and safely,” Mr. Nur added.
Acknowledging the COVID-19 aftermath of increased reliance in technology and devices, all of the speakers with Kaspersky agreed that regional collaboration, private and public high-level cooperation, and knowledge sharing are essential ingredients in building a country’s cybersecurity.
Kaspersky adds: “Our analysts’ research-based data shows us the core of the problem – we’ve reached a point where defending cyberspace is crucial to a country’s economy and its population’s safety. Attacks on critical infrastructure, e.g. healthcare institutions, power grids, water systems, etc. have crossed over from the fictional realm to the physical world. In order to build a safer world and boost our cybersecurity capabilities, from the current crisis and beyond, it’s time to embrace secure-by-design operating systems while at the same time enforcing high-level international cooperation.”
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.