The past year marked the end of the 2010’s and a dynamic period in cybersecurity’s growth from espionage tools, massive data breaches, and ransomware impacts, to government, law enforcement and regulators taking notice of the development in the sector.
To mark the end of this year and decade, Infosecurity talked to a series of people from around the globe, each from a different continent, to gauge their perspective on which trends affected their region, and how cybersecurity impacted local businesses and culture in their view.
Representing Asia is Mihoko Matsubara, chief cybersecurity strategist at NTT Ltd. Asked on what trends she felt had been drivers for cybersecurity in 2019, she led with business email compromise (BEC) as the main trend, as this is “demanding victims to transfer more money than ever before.” This tactics has resulted in millions of dollars being lost, and an FBI press release from September saying that “between May 2018 and July 2019, there was a 100 percent increase in identified global exposed losses”.
Matsubara said that in Asia, executives are often targeted and NTT’s own research has shown that managers are particularly vulnerable.Its own risk value report showed that 48 percent of all organizations say that all their critical data is secure, and a smaller proportion (45 percent) have secured all of their organization’s data. “They are not confident and not ready,” Matsubara said, “And it is more important than ever to be ready as business executives are increasingly targeted.”
In Asia specifically, Matsubara said there is a general positivity towards cybersecurity, and she was seeing more “cybersecurity capacity building,” specifically with the opening of the Cyber Security Agency of Singapore, which she said is responsible for the cybersecurity strategy outside of its borders, as it collaborates at both a “regional and global level.”
In particular, the launch of its centre of excellence in October, and increased engagement with countries including Japan, Australia, USA and UK has seen it focus on building capacity “as they know the region will be at risk if the region has weak cybersecurity”.
She said it was very good to see this movement “led by multiple governments and organizations to increase investment and capacity building” for a common goal. “Asia has a booming economy and everyone is interested in getting into that market, and that is why cybersecurity is becoming more important as IT is everywhere and one of the core elements for the economy and business operations.”
With the centers of cybersecurity often seen as the USA, Israel and Europe, Asia may seem like it lacks a level of maturity when it comes to this industry. Therefore, as well as determining the trends, what is driving cybersecurity forward? Matsubara cited the 2020 Olympic and Paralympic games which will be held in Tokyo, using the 2012 London Olympics as an example of a driver “of momentum for awareness, global collaboration, and national cybersecurity capabilities”.
As the world will be watching Tokyo for those weeks, she said that focus will be on the cyber and physical sides of security, and having delivered a successful Rugby World Cup in 2019, we asked if this is causing cybersecurity to be taken more seriously in the region? She said with everything connected in the 21st century, there needs to be more collaboration by Japan “with different countries and different governments, and Asia needs to pay more attention as it is a great case study to ensure the success and security of a big event like Tokyo 2020.”
Moving on to some other trends, Matsubara said companies are seeing cybersecurity as a driver and enabler for digital transformation. However, she cited statistics from FireEye which said 77 percent of cyber-attacks were against small to medium-sized businesses, and 50% do not have dedicated staff for cybersecurity. “That is why companies like NTT have started to take the initiative to work together with business associations, local chamber of commerce to have cybersecurity workshops and seminars for small and medium sized businesses,” she said.
As a result of these developments, “society is becoming more interested in cybersecurity and as we look towards 2020, we will see greater collaboration between companies and countries”. Matsubara praised the work of the Council to Secure the Digital Economy, which is intended to bring together companies to “combat increasingly sophisticated and emerging cyber threats through collaborative actions”, as this includes Asian companies as this shares best practices on cybersecurity levels.
In conclusion, asked if she feels that things are going to improve in terms of collaboration and overall cybersecurity, she said attackers are using the same tactics, but there is a change in the attitudes of Asian governments and companies to raise awareness and build capacity. However the skills shortage is as apparent in Asia as in the rest of the world, as around two million are estimated to be needed in the region, and this will lead to an increase in machine learning and automation use in Asia.