With several countries in the region rolling out their own national cybersecurity strategies to manage the increasing risks that come with digital growth, cybersecurity firm Kaspersky has emphasized the need to carefully review the policy formulation behind each strategy and ensuring that these same strategies remain relevant and able to address emerging issues.
To discuss the shift in behaviour among cybercriminals who are now seeing a larger attack surface opened up by remote work, Eugene Kaspersky hosted the APAC Online Policy Forum II with the theme ‘Guardians of Cyberspace: Can Justice Prevail?’, a sequel to last year’s forum of the same name which tackled the risks and new approaches in ensuring cyber-resilience in the new normal.
Kaspersky shared that the company saw a 20-25% rise in unique malicious file detection for 2020 which led to the company monitoring more than 200 cybercrime gangs responsible for launching hyper-targeted attacks against banks, governments, and critical infrastructure.
“Since the beginning of social confinement, we’ve been observing how the global cybersecurity landscape is being impacted by the pandemic. On one hand, people are at greater risk of cyber-intrusions due to their working remotely and spending more time online. On the other, there are more cybercriminals, and they’re getting more skilled and experienced,” Kaspersky said.
The online event featured a panel of experts from government, industry, and academia such as Nguyen Huy Dung, vice minister for the Ministry of Information and Communications of Vietnam who shared the country’s recent leaps in establishing a national cybersecurity law, standards, and blueprint across both government and private organizations.
Vietnam also adopted a four-layer protection model which involves an in-house team, 24/7 cybersecurity services through a third-party vendor, an independent security audit, and independent monitoring by the National Cybersecurity Center (NCSC) of the Authority of Information Security of the Ministry of Information and Communications.
Dr. Greg Austin, professor of cybersecurity, strategy and diplomacy at the University of New South Wales, highlighted the critical connection between cybersecurity capacity-building and investment in education.
“Globally we are not making enough cybersecurity professionals. Most countries are not prepared to make investments in education for the cybersecurity ambitions they talk about. Digital transformation and defense’s capacity building must include educational transformation,” he added, referring to the plan for the Australian Cyber Security Strategy 2020 investing 26 million dollars for education alone.
Kaspersky recommended the implementation of secure-by-design operating systems to boost cybersecurity capabilities in preparation of attacks today, and beyond. With the region’s threat landscape continuously evolving, governments must be one step ahead of cybercriminals, he said.
“Our analysts’ research-based data shows us the core of the problem – we’ve reached a point where defending cyberspace is crucial to a country’s economy and its population’s safety. Attacks on critical infrastructure, e.g. healthcare institutions, power grids, water systems, etc. have crossed over from the fictional realm to the physical world,” he added.