COVID-19’s Impact on Cybersecurity in ASEAN

A significant development during the pandemic is the rapid rise of cybersecurity threats in governments, companies, and individuals. Several recent statistics have also indicated this trend in the ASEAN (the Association of Southeast Asian Nations) countries.

A recent assessment report of the COVID-19 cybercrime impact on Asia and the South Pacific region by the International Criminal Police Organization, or INTERPOL, shows that the major cybersecurity trends include COVID-19 related fraud, phishing campaigns, and online sale of fake medical supplies and personal protective equipment (PPE). INTERPOL warns that cybercriminals are taking advantage of the economic downturn and people’s anxiety and have enhanced their social engineering tactics by using COVID-19 as a basis for their attacks. According to the INTERPOL report, the key COVID-19 inflicted cyberthreats are phishing/scam/fraud (59 %), malware/ransomware (36 %), malicious domains (22 %), and fake news (14 %). The possible targets include companies, company executives, social media accounts, and new media.

Major Concerns

According to a World Economic Forum (WEF) report, one of the biggest concerns during the pandemic is the increase in cyberattacks and data fraud. A worrisome trend is that cyberattacks and data fraud is likely to continue even after the lockdown. Among them, the ransomware and Business Email Compromise (BEC) are among the most profitable schemes and continue to be top choices for many threat actors. Typical modus operandi includes spoofing email addresses or using identical email addresses. The Palo Alto Networks warns that working from home “exposes employees to new cyber risks with teams possibly relying on more non-corporate-approved IT applications for video, messaging, and file sharing, attracting the cybercriminals that follow those pathways seeking opportunities.”

Cybersecurity is a profitable “future industry” that will grow strongly over the next decade with the accelerated digitalization of the global economy. For example, a study reveals that there is an increase in online shopping during the lockdown. There is a trend in reducing case usage across ASEAN countries. People in countries like Malaysia, Singapore, Philippines, and Thailand conduct more online shopping and reduce cash usage ( by 64, 67, 64 and 59 percent, respectively). In Singapore, the most digitally connected country in the region, cybersecurity is a significant threat. The Cyber Security Agency of Singapore (CSA) indicates there was a 51.7% jump in cybercrimes from 6,215 cases to 9,340 cases between 2018 and 2019. The agency’s recent survey also shows that about a quarter (28 percent of respondents) had experienced at least one cyber incident in the past 12 months. Fourteen percent of these were unauthorized attempts to access online accounts, and 10 percent were the usage of online accounts to contact others without consent.

Several experts have pointed out that traditional cybersecurity solutions are not sufficient and cannot detect or tackle new sophisticated attacks such as the advanced persistent threat (APT). Investment is needed to acquire new cybersecurity technologies. However, the budget issue is a critical area that needs the attention of ASEAN countries. Companies in the region have made cybersecurity among its priority. For example, around 71% of businesses across ASEAN markets have deployed antivirus or antimalware tools, while 58% have implemented cloud-native security platforms.

Currently, there are two major issues in cybersecurity efforts in ASEAN. First, ASEAN is not spending enough on cybersecurity. According to A.T. Kearney, a global management consulting firm, companies in ASEAN faces exposure to the loss of US$750 billion from cyberattacks; They estimated that the ASEAN region needs to spend between US$67 to 171 billion from 2017 until 2025, to improve its cyber resilience. However, the pandemic has been a game-changer, and cybersecurity has become even more critical than before.

Second, reporting an incident is an easily neglected issue. Take the Philippines as an example. Cybercrime in the Philippines is rapidly rising, with phishing campaigns alone up 200% since the country went into lockdown in March. However, some of the larger organizations and individuals in the country might not be reporting incidents of a personal data breach, as it could be viewed as an indicator of disrepute in the country if there is a loss of such critical data. Depending on the situation, some victims might choose to keep silent on a phishing attack, choosing to protect their reputations instead. With the rise of cybercrime, it is crucial for individuals and vulnerable organizations to ensure that their cybersecurity is most updated, staying appraised of the latest in cyber scams and rising threats to improve their resiliency to withstand the post-pandemic cyberthreat climate.

Further Actions

During the COVID-19 period, the ASEAN governments must consider four key areas and take further actions, which include trusted access, safeguarded interactions, data protection, and ongoing monitoring. Intelligence-driven security and analytics are needed for security in motion. Countries in the region also need to work together to deal with cyber threats.

Although cybersecurity spending remains a significant issue in ASEAN countries, some positive moves have been made. Recently, the ASEAN governments issued various guidelines mandating the private and public sector to upgrade their security infrastructure to combat the ever-evolving cyber threat. Moreover, the ASEAN countries will join a cyber defense drill organized by the Japanese government in the coming months. This drill aims to prepare them for possible cyberattacks on critical infrastructure.

Cybersecurity in the ASEAN during the pandemic requires a continued effort and multi-national cyber cooperation and joint actions among different actors in government, industry, and individuals.