Black hats, hacks and cyber attacks / How Southeast Asia ranks in cybersecurity

By: Robin Spiess - Posted on: February 8, 2019 | Business

A recent report of 60 countries worldwide, released by UK-based tech research company Comparitech, has ranked six of Southeast Asia’s countries among both the worst and best in terms of cybersecurity. We break down how ready Southeast Asia is to stare down cyber attacks

Singapore is the only Southeast Asian country to rank in the top ten in a recent report for cybersecurity Photo: Diego Azubel / EPA

As Southeast Asia’s digital footprint grows, nations across the region are becoming more vulnerable to cyber attacks and the spread of malware. Of the 60 countries analysed in a recent report by UK-based tech research company Comparitech, Indonesia and Vietnam ranked second- and third-worst, respectively, while Singapore stood alone as the sole Southeast Asian country to rank in the top ten.

The report integrated each country’s scores from the 2017 Global Security Index (GCI) and compared information gathered from each of the countries, including: the percentage of mobile phones and computers infected with malware, the number of financial malware attacks on each country, the percentage of telnet and cybernet attacks, and the most up-to-date legislation on cybersecurity. We break down just how ready Southeast Asia’s nations are to cope with these growing cybersecurity threats.

Open to attack

When discussing cybersecurity in Southeast Asia, the countries of the region typically fall into three camps: advanced, developing and underdeveloped. The GCI, compiled by the International Telecommunications Union and most recently released in 2017, split Southeast Asia’s countries into these different categories based on their commitment to legal, technical, organisational, capacity building and cooperation frameworks for cybersecurity.

Those in the “initiating” stage, including Brunei, Cambodia, Myanmar, Timor-Leste and Vietnam, have only just begun making moves to start cyber-related safety programmes. Of these countries, the Comparitech report analysed only Vietnam, which it determined to be among the world’s least-prepared countries for a cyber attack, with the fewest preventative programmes put in place to fend off potential attacks.

Vietnam has consistently ranked among the countries that are both least prepared for and most likely to be targeted by cyber attacks. Last year, of all Southeast Asian countries, Vietnam was hit with the highest number of ransomware attacks, which involve a malicious piece of software that blocks a user’s access to their computer until they pay a certain amount of money.. Nearly one in ten of the country’s mobiles and more than a fifth of the country’s computers are infected with malware. Vietnam is also the seventh-most-likely country to suffer from cyber espionage in the world, which occurs when computer networks are illegally used to gain access to information.

Taking action

According to the GCI, the region’s “maturing” countries, which include Indonesia, Laos, the Philippines and Thailand, each actively engage in cybersecurity programmes. However, Indonesia – which has a handful of cybersecurity initiatives in place – ranked even lower than Vietnam on Cybertech’s rankings. Only edging out Algeria, Indonesia suffers from significant malware attacks, with 25% of its mobiles infected with malware, 25% of its computers infected with malware, and nearly 2% of its banking customers affected by financial malware attacks.

The Philippines and Thailand ranked 36th and 26th from the top, respectively, according to the Comparitech report. The Philippines, though home to the Cybercrime Prevention Act of 2012 and beginning to boost its cyber defences, was slow to begin investing in its cybersecurity and still suffers from a significant number of its devices infected with malware: nearly 11% of its mobile devices and 24% of its computers are infected with malware. Still, the country suffers from half as many financial malware attacks per user as Vietnam, and a third as many attacks from cryptominers by percentage as Vietnam.

Thailand performed the highest on the Cybertech report of all countries in the “maturing” stage, ranking only just below Malaysia, which is ranked in the “advanced” category. Thailand recently revised and reissued its Cybersecurity bill in November 2018, giving a new government agency – the National Cybersecurity Committee – overarching authority to access computers of private individuals and companies, make copies of information and enter private property without court orders. While the new law has sparked debate about the extent to which cybersecurity policy can be pursued without loss of citizens’ civil liberties, the country has nevertheless managed to cut down on malware, and is 68% prepared to protect itself from cyber attack – more than European countries such as Denmark, Ireland and Belgium, which each nevertheless ranked higher than Thailand overall.

Leading the pack

Malaysia and Singapore are considered to be “leading” in cybersecurity, with each nation demonstrating strong overall commitment to cybersecurity across the board. In addition to funding programmes that protect their cyberspace from attack, each country has also introduced technical institutions to raise overall industry standards.

Ranked second in the Asia-Pacific region in the 2017 GCI out of 38 countries, Malaysia has paved the way for the implementation of cybersecurity frameworks for organisations with the creation of its Information Security Certification Body (ISCB), which manages certification services for its homegrown businesses consistent with international standards. Its government entity responsible for information security, Cybersecurity Malaysia, offers professional training in security through both higher education institutions and through its Cyberguru website.

Nonetheless, Malaysia has been among the most targeted countries for web application hackings, according to Cybertech, attracting 3% of the world’s attacks – behind only the US, which attracts 66% of attacks, and Brazil and Germany, which each attract 5%. Due to the prevalence of cyber attacks in Malaysia, the country received a ranking of only 25th out of the 60 Cybertech countries – ranking only slightly better than Thailand, but still standing as the second-safest country ranked in Southeast Asia.

But leading the way in Southeast Asia has long been Singapore, which has a lengthy history of cybersecurity initiatives that include a cybersecurity masterplan launched in 2005, the Cyber Security Agency of Singapore established in 2015, and a comprehensive cyber strategy introduced in 2016. Across the region, Singapore has proven a leader in online protection of children; its internet providers are each licensed under the Broadcasting Act, which legally compels them to offer filtering services, and the city-state’s Media Development Authority blocks hundreds of pornographic and extremist websites.

Singapore has nonetheless become a small hub for origination of cyber attacks, with 4% of all “denial of service” attacks – which involve a website becoming overwhelmed with traffic in an attempt to bring it down – originating from the island nation. It’s also been the victim of various cyberattacks, including at least five major attacks in recent yearsBlack hats, hacks and cyber attacks – one of which targeted the Ministry of Defence and stole the personal data of 850 individuals from the online database portal in 2017.

A Warning

When it comes to cybersecurity there is always room for improvement, even among the best-prepared countries, the Cybertech report added.

“Despite some countries having clear strengths and weaknesses, there is definite room for improvement in each and every one,” the study stated. “Whether they need to strengthen their legislation, or users need help putting better protections in place on their computers and mobiles, there’s still a long way to go to make our countries cyber secure.”

“Plus, as the landscape of cybersecurity constantly changes… countries need to try and get one step ahead of cybercriminals,” the report added.