Home Global Addressing ASEAN Weakest Link in Cybersecurity

Addressing ASEAN Weakest Link in Cybersecurity

by Shah Farouq

Cyberthreats often happen when a cyber criminal exploits the weakest link in an organizations cybersecurity which is believed to be the human error.

This issue was discussed by the founder of MCION, Nicholas Ng, senior vice president (SVP) of Cybersecurity at Serba Dinamik Group Berhad, Dato Ts. Dr. Husin Jazri and the director of CSCIS, Anthony Lim during a segment on “ASEAN threat landscape” at the XCION 9th Annual Virtual Conference.

The discussion highlighted the report “ASEAN CYBERTHREAT ASSESSMENT 2021” by Interpol, which showed among the key cyberthreats that people from ASEAN region faced in this digital age are the business email compromise and phishing attacks.

These kinds of attacks happen due to the human error when victims are duped to open emails which are believed to have come from a trusted entity.

Nicholas agrees that humans are the weakest link and with so many companies in ASEAN are going digital without prioritizing cybersecurity, the ASEAN digital space has become a preferred hunting ground for cyber criminals.

“There are some important elements that probably are overlooked by these organizations, that are related to technical skill gap especially when they migrate to the cloud and some multi cloud or hybrid cloud these widen the security gaps to support the organizations initiatives.

“We have seen a lot of security misconfiguration on the cloud services some of these cloud services are in default configuration state,” he added.

Anthony has also commented that phishing has become a big problem among the ASEAN countries and highlighted that awareness is needed to curb the issue at hand.

From Left: Founder of MCION, Nicholas Ng, Jazri, Director of CSCIS, Anthony Lim and Senior Vice President (SVP) of Cybersecurity at Serba Dinamik Group Berhad, Dato Ts. Dr. Husin at the panel discussion

“Nowadays, attackers know we have firewall, security, endpoint and all these things so they are not bother to brute force attack the network, they are going to look for security misconfiguration, because people will make mistakes such as forget to patch their software and they forget something.

“Now the technology is available and very affordable and convenient to deploy, we need to have education awareness for the people about phishing emails.

“People need to be aware of the new authentication methods and awareness on phishing, maybe its time we all should advocate more cross region governmental and  NGO cooperation in the united front to fight against cyber-crimes in the ASEAN region,” he mentioned.

On the other hand, Dr Husin Jazri said that one of the reasons why phishing attacks is made possible is because of the identity management which is not addressed in the much more fundamental way.

“We as humans still rely on a very simple way of authentication which is remembering password which I think could allow more opportunities and wider attack surface for attackers to launch phishing attacks.

“I believe it is time for us to strengthen the identity management on authentication because nowadays it is better to use passwordless authentication methods, there are blockchain and there are biometrics, facial and fingerprints to simplify authentication without people sharing password,” he explained.

Besides that, he thinks it is also time for empowerment to be given, not just the law enforcement to look into the problem but also the communities to be empowered in helping themselves to repulse in all these scams and frauds that is happening very rapidly.

“In Malaysia the scam value lost has gone over billions which is a lot, with that we need to look in empowering communities to work together in a more systematic way. For example, now we have e-security privacy channel (ESPC) which we can enlarge beyond Singapore and the rest.

“The other thing we can do is Jiran Siber, where we empower the technically skill guys as a citizen rather than an organization to work in a community network that could help to support in education and awareness or emergency response. This method could help the law enforcement to reduce amount of fraud and scams in the digital world,” he concluded.

Related Articles

1 comment

DPaaS Saturday, April 9, 2022 - 10:05:16 am

Tim Cook on Twitter once said that the “The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge.”

For many businesses, the dangers associated with cybersecurity can be daunting. For every firm, regardless of size, developing a solid cybersecurity programme is sometimes challenging and difficult to envision. Frameworks are appealing to information security leaders and practitioners because of their unwieldiness. Frameworks aren’t a new concept for cybersecurity professionals, and the benefits are numerous – and they don’t have to be sophisticated to function. The benefits of the NIST Cybersecurity Framework (CSF) and why it should be a cornerstone of your cybersecurity programme are discussed in this email.

As adoption of the NIST CSF continues to increase, explore the reasons you should join the host of businesses and cybersecurity leaders adopting this gold-standard framework.

Comments are closed.

We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy. Accept Read More

ESPC on the go