Cybersecurity threats have always been a concern for governments, businesses, and individuals, but COVID-19 and the current state of fear and vulnerability have allowed cybercriminals to put a new twist on attacks that already exist.
The rise in online shopping as a result of lockdowns has also exposed customers to greater cybersecurity risks. Meanwhile, remote workers who are possibly relying on more non-corporate-approved IT applications for messaging and file-sharing have created a more fertile seedbed for cyber fraud.
According to a recent Interpol report about the impact of the coronavirus on cybercrime in Asia and the South Pacific region, the major cybersecurity trends include corona-related fraud, phishing campaigns, and online sale of fake medical supplies and personal protective equipment.
“Interpol warns that cybercriminals are taking advantage of the economic downturn and people’s anxiety and have enhanced their social engineering tactics by using COVID-19 as a basis for their attacks,” Atlas Institute for International Affairs wrote, citing the report.
Data released by Interpol and quoted by the international affairs think tank shows that the main inflicted cyberthreats in recent months have been phishing/scam/fraud (59%), malware/ransomware (36%), malicious domains (22%), and fake news (14%). The potential targets include companies, company executives, social media accounts, and new media.
“Ransomware and business email compromise (BEC) are among the most profitable schemes and continue to be top choices for many threat actors. Typical modus operandi includes spoofing email addresses or using identical email addresses,” the institute says.
The increase in cyberthreats is a trend seen all over the world, and, as Interpol says, is a major matter of concern in member countries of the Association of Southeast Asian Nations─known as ASEAN─that are accelerating the digitalization of their economies.
According to Atlas Institute for International Affairs, people in Southeast Asia are conducting more online shopping, with Malaysia, Singapore, the Philippines, and Thailand have reduced cash usage by 64, 67, 64, and 59 percent, respectively.
Cybersecurity is also a significant threat in Singapore, the most digitally connected country in the region.
“The Cyber Security Agency of Singapore (CSA) says there was a 51.7% jump in cybercrimes from 6,215 cases to 9,340 cases between 2018 and 2019. The agency’s recent survey also shows that about a quarter (28 percent of respondents) had experienced at least one cyber incident in the past 12 months,” the think tank wrote.
Fourteen percent of the incidents were unauthorized attempts to access online accounts and 10 percent were the usage of online accounts to contact others without consent, it added, citing CSA.
Need for More Investment
Experts argue that traditional cybersecurity solutions are not enough to detect or tackle new sophisticated attacks such as the advanced persistent threat (APT) and that more investment in cybersecurity technologies is needed.
Companies in the region have made cybersecurity a priority. For instance, as Atlas Institute for International Affairs says, around 71% of businesses across ASEAN markets have deployed antivirus or anti-malware tools while 58% have implemented cloud-native security platforms.
However, the think tank points out that two significant challenges are hindering cybersecurity efforts in ASEAN.
Quoting global management consulting firm A.T. Kearney, it says ASEAN is not spending enough on cybersecurity and faces exposure to losses of around $750 billion from cyberattacks.
“They estimated that the ASEAN region needs to spend between $67 to 171 billion from 2017 until 2025 to improve its cyber resilience. However, the pandemic has been a game-changer, and cybersecurity has become even more critical than before.”
According to the Atlas Institute for International Affairs, the second challenge is that reporting an incident is an easily neglected issue.
For instance, it says cybercrime in the Philippines is rising fast, with phishing campaigns alone have increased 200% since the country went into lockdown in March.
“However, some of the larger organizations and individuals in the country might not be reporting incidents of a personal data breach as it could be viewed as an indicator of disrepute in the country if there is a loss of such critical data.”
The think tank maintains that ASEAN governments need to take further actions in four key areas, namely trusted access, safeguarded interactions, data protection, and ongoing monitoring.
Countries in the region also need to work together to deal with cyberthreats, especially during the ongoing pandemic, it noted, adding that continued efforts to this end could help them emerge stronger and more united.