> continued
Fragmented Progress in Cybersecurity Strategy
The development of cybersecurity strategies vary across Southeast Asia, with Philippines, Thailand, Malaysia, and Singapore faring relatively better than Laos, Brunei, Cambodia, Myanmar, Vietnam, and Indonesia. Malaysia, Singapore, and the Philippines, for example, have set up national cybersecurity agencies. However, wide the interconnectedness of the region means that vulnerabilities in any given country can have spillover effects on other economies and institutions, including public health, safety, national security, and so on. Currently, countries such as Malaysia, Indonesia, and Vietnam have been used as hosts to launch spam botnets, malware attacks, and the like due to weaknesses in security.
Through regional initiatives and summits such as the ASEAN Summit, there have been agreements made to increase cooperation and knowledge-sharing. However, the lack of a legally-binding, unifying framework for the region still leaves ASEAN as a whole underprepared for cyber threats. One of the challenges is that the digitization of ASEAN countries are occurring at varying rates – Indonesia, for example, still faces a vast digital divide in their population. This could hinder efforts at coordination and the standardization of practices.
According to AT Kearney, ASEAN is underspending on cybersecurity compared to the countries with best practices. To reach global benchmarks, each ASEAN country should be spending between 0.35 to 0.61% of their GDP – amounting to a collective spend of approximately $171 billion.
Human Resources and Cybersecurity Capability
At the same time, no matter how comprehensive the frameworks and regulations, they will not provide much benefit without the necessary competence to implement or build on them. Currently, those seeking to enhance their cybersecurity are finding that there is a lack of talent to meet the need.
Efforts to fill the gap in talent have often been organizations-led through the implementation of short-term skills development programs. However, both governments and organizations have to continually have a forward-thinking approach in order to anticipate future trends, technologies, and demand. Government legislation and regulation has to keep up with evolving and new technologies. With cryptocurrency still relatively unregulated, for example, there have been an uptick in cyber attacks on cryptocurrency mining operations in ASEAN member states.
13 The IERP® Monthly Newsletter July 2018