Deloitte Asia Pacific cyber risk expert tells StrategicRISK why cybercrime is a ‘real and present danger’ facing Asian firms

Deloitte Asia Pacific cyber risk services leader Victor Keong says that too many organisations in the region do not put much thought into devising a cyber risk strategy because they don’t see themselves as immediate targets of hackers and ‘hacktivists’.

“One reason for this could be that the countries in which these corporations operate do not have the more pronounced and widely reported social issues like environment pollution or abject poverty which are the usual key causes for hacktivists,” Keong told StrategicRISK.

“Another possible reason, especially for corporations in countries like China and Japan, is the false impression that they are one-step removed from being targets as their native language and cultural barriers are tough for hackers from the West to infiltrate.”

Speaking exclusively to SR about issues raised in the Deloitte report Global Cyber Executive Briefing: Lessons from the front lines, Keong cautioned that cybercrime was a “real and present danger facing Asia-based corporations”, particularly the higher profile multinationals.

He cited the recent attacks in Asia on Sony, the Singapore Government and Mitsubishi Heavy Industries as evidence of the reality of this threat.

“The ‘external intrusion’ of Sony’s PlayStation Network in 2011 caused the network outage to last 24 days, with personally identifiable information from 77 million accounts appearing to have been stolen,” Keong said.

“At that time, it was one of the largest security breaches in history. Not only was the theft of great concern in the region, questions were also raised on why there was a one-week delay before Sony warned its users.”

Keong said the lesson that Asia could learn from Sony is that while these security breaches were no doubt costly to the corporation, “what is more important is that these breaches be dealt with and treated as crisis management challenges”.

“These breaches are not simply a technology ‘problem’, and the full force of business, operations and information technology departments need to band together to tackle it head on,” he said.

Top threats

The Deloitte report highlights the top threats for seven key industry sectors – high technology, online media, telecommunications, e-commerce and online payments, insurance, manufacturing and retail.

It also presents several real-life case studies that show that breaches occur in all organisations – not because they are badly managed, but because hackers and cyber-criminals are getting smarter.

They also illustrate that organisations depend on each other for a resilient cyber-space. For example, online media can be used to spread malware, vulnerabilities in the high-tech sector affect other industries that use digital technology, and disruption in online payments impact e-commerce.

Corporations could counter such risks by engaging in “war-gaming exercises” that tested their cyber resilience, Keong suggested.

“True-to-life scenarios of events, or ‘injects’ in war-game terminology, are created to gauge the responses and interaction between business, operations and technology departments during a cyber-breach crisis,” he said.

“This can help corporations identify areas of improvement and, consequently, address the shortfalls observed through the realistic simulation exercises.”