Deloitte Southeast Asia’s head of strategic risk consulting, Dr Janson Yap, says the growth of cyber-related threats is outstripping the creation of mitigations to address them
We live in a world that is becoming more automated and technology-enabled. Since the 1980s, business models have significantly changed and the online community has enabled 24/7 borderless business.
There are now serious cyber-related challenges in the areas of security, politics, economics, society, information, education, technology, regulations, the environment and human capital.
“Many enterprises do not even know that they have been hacked or attacked.”
In Asia, where developing economies dominate the geographic footprint, there are concerns that cyber-related issues have outpaced the mitigations in place to address them.
The following cyber-threats, both present and imminent, are real and complex, and more must be done to mitigate the damages and consequences arising from them:
One of the biggest issues is the rise of cyber crimes that capitalise on the internet. From hacking to intentional stealing of information, crimes with the intention to harm can be committed virtually, physically and in various different combinations.
Most enterprises have experienced security breaches, incidents and attacks to some degree. Many enterprises do not even know that they have been hacked or attacked.
The rise of social media and electronic business usage in Asia at the individual level means that personal financial data is uploaded onto the internet regularly. Understanding and addressing cyber security is an increasingly important requirement for global business in today’s progressive society.
The use of big data in analysing voting trends ahead of political campaigns and elections is well documented. Previous elections in Malaysia underestimated the power of social media, forums and blogs to shape public opinions. Recent elections led to increased usage of such vehicles.
Educationalists are being pressured to change their education agenda in the face of the knowledge society and a technology-enabled world. Education methods are more mobile and global. Students need to be more educated in order to be better equipped to address the various cyber challenges.
Climate change and sustainability are big issues in Asia. The recent environmental problems resulting from the haze issues in the Association of Southeast Asian Nations (Asean) region were due to forest fires caused by slash-and-burn techniques. Advanced technology systems are able to help spot and fight such fires.
On the other hand, threats of cyber warfare can cause huge environmental issues and risks.
Talent is a key issue in the 21st century. There is an acute shortage of talent to understand and address cyber-related issues. This is an area of growth that needs more attention. Continuing education has become a key proponent of workforce education in order to remain relevant.
Other cyber issues to watch
Deloitte Southeast Asia director Eric Lee says news of an economic crisis in one part of the world can now be broadcast instantly across geographies and time zones. “Capital markets react and respond to economic news as it emerges,” he says.
He adds that while the expansion of Asian economies has been based on the mobilisation of resources, innovation will be the key driver in increasing productivity and competitiveness in the region’s next phase of growth. Lee asks: “Can Asia transform from an innovation backwater to a hotbed of innovation?”
Thio Tse Gan, a partner at Deloitte Southeast Asia, believes societal and social norms are transforming. “The younger generations are tech-savvy and naturally transform their environments as they grow to become economic consumers and decision-makers in businesses and governments,” he says.
“The change in the behaviour of users globally as a result of the adoption of smart devices has created a significant challenge to the traditional model of trust within organisations. Users are increasingly using their personal devices to access corporate resources, as they would be using their corporate PCs and notebooks, and internet resources simultaneously.
“This creates an opportunity for perpetrators to target mobile devices to gain access to sensitive information.”
Thio Tse Gan says several organisations are jumping onto the cloud-computing bandwagon, attracted by the ability to lower their total cost of ownership and increase their cost structures.
“However, placing sensitive corporate information in public cloud services increases the risk of security, performance and availability [problems],” he warns. “The loss of controls over sensitive data stored with the service provider (which may be subjected to abuse) means that the cost may outweigh the benefits.”
“Data leads to information. Distilled information leads to knowledge and, when correctly applied, to wisdom and understanding. Intelligence is the higher order in this value chain. There is data everywhere and its growth is exponential. Data-security analytics is the way of the future.”
So says Victor Keong, also a partner at Deloitte Southeast Asia. He argues that the power of security analytics will provide insights never seen before.
“It will also enable us to manage information security via predictive human-behaviour analyses,” Keong says. “The ease of obtaining information about almost any organisation makes everyone an easy target for data loss/leakage. We need to be smart and aware of what information we are disseminating, and have good tools to enforce sound information-security policies.”
Regulations and legal
Bangkok-based Deloitte Southeast Asia director Pinyo Treepetcharaporn says legislators, regulators and legal professionals need to review existing codes and standards to address the complexity of the cyber world.
“There are a number of cyber laws and regulations across Asia, such as intellectual property, privacy and cyber crime laws,” he says. “It is always a challenge for organisations, especially multinational corporations, to ensure their IT systems and IT operations comply with local laws and regulations. Measurement and visibility on compliance levels are also required by management.”