APAC has a major security problem.
According to IBM, the Asia-Pacific region became the hackers’ favourite last year after suffering 26% of global cyberattacks. Individual nations are feeling the pain: government agencies in Indonesia and India have been hit particularly hard in recent months, with a New Zealand government contractor also breached. Attacks against Japan have doubled over the last three years and Australia has suffered a succession of high-profile breaches.
A storm of threats is gathering – with ransomware a real worry
So why is APAC in the line of fire? The socioeconomic and geopolitical environment presents unique opportunities for hackers. The region boasts a number of strong economies that have ridden out much of the economic slowdown, which means while there is a certain degree of wealth and affluence in these economies, security in many nations is still playing catch-up. APAC has a real mix of maturity levels in terms of cybersecurity, with Singapore, Malaysia and Japan in the top ten of the Global Cybersecurity Index, and Australia and India not far behind. However, states such as the Philippines and Myanmar ranked outside the top fifty, and smaller players such as Timor-Leste sit near the bottom of the table.
Regulations are also inconsistent between different states, and geopolitical threats over areas such as the South China Sea are growing. Add to that mix relatively poor identity and access controls that leave a sizable attack surface open to hackers, and a rising tide of ransomware (up 56% year on year) and it’s clear change is needed.
Singapore is also under siege – but its new blueprint offers hope
It may rank highly on some security measures, but Singapore has a cyber target on its back. In 2021, the country was adjudged to have the sixth most exposed databases in the world, while Mimecast found that almost every organisation (97%) had been the target of phishing attacks.
In 2015, the Cyber Security Agency (CSA) was formed to develop a national strategy to tackle cyber threats. And in the last few months, mindful of the threat of sophisticated ransom gangs, Singapore has announced a ransomware taskforce, made of experts from across a range of disciplines, with technology, cybersecurity, financial regulation and law enforcement all represented.
The task force's blueprint, announced at the end of 2022, is built on four pillars: defensive hardening, measures to disrupt ransomware groups, recovery assistance for victims and a commitment to international collaboration. It’s a welcome approach: rather than introducing piecemeal measures, this is a multi-pronged strategy that aims to offer support to individual organisations while making life harder for the hackers.
The blueprint aims to tackle ransomware through defence and support
Their recommendations first focus on defensive hardening, prioritising government agencies, critical infrastructure and small and medium-sized enterprises. Risk mitigation measures such as credential management, network segregation, robust backup systems and an effective restoration plan are all highlighted as part of the solution plan.
It’s a sensible approach: smaller businesses often underestimate the threats they face, and experts have highlighted the important role zero trust can play in securing APAC. Critical infrastructure is increasingly targeted by more sophisticated groups, and Singapore’s regularly updated Code of Practice offers specific guidance to organisations that operate in the sector.
The blueprint recommends supporting recovery via a one-stop portal for ransomware-related resources. These would include decryption keys and response checklists for victims and preventative measures such as alerts and advisories. The Counter Ransomware Task Force also hopes to encourage the uptake of cyber insurance, which can mitigate risks even if it does not cover ransom payments.
Disrupting the gangs is a vital part of the puzzle
These measures may help individual organisations manage risk, but they are just one part of the picture. To tackle the ransomware problem at source, Singapore aims to disrupt criminal gangs’ business model by discouraging the payment of ransoms (although these are not illegal yet – something Australia is considering) and tracing ransomware payments. It is considering making it mandatory to report ransomware payments, which would make tracking down the money trail to ransomware groups a bit easier.
The final pillar focuses on collaboration with international partners. It proposes an international framework for information exchange, sharing intelligence and anti-money laundering measures including the consistent implementation of Financial Action Task Force (FATF) standards around the world.
The blueprint is backed with practical measures
A plan, of course, is only valuable if it’s carried out well. But Singapore’s recent actions in cybersecurity are promising. Some of the steps they’ve taken include:
A practical, continually updated guide to incidents and vulnerabilities, with specific guidelines for each warning, and a score ranking the severity of threats.
From 2022, cybersecurity vendors have needed to be licensed, with applicants assessed on whether they are “fit and proper”.
A new training centre, the ASEAN-Singapore Cybersecurity Centre of Excellence, opened in 2021. It offers training and consolidates knowledge from across Southeast Asia.
Several agreements with other nations, including a knowledge sharing deal with the UK and a five-year agreement to cooperate with Malaysia on data protection and cybersecurity
Encouraging businesses to apply for Cyber Essentials and Cyber Trust certification.
It remains relatively early days for Singapore’s new strategy. But it’s refreshing to see a government tackle ransomware in a holistic, multi-disciplinary way, rather than just suggesting more regulations.
Singapore’s example lays out a cyber maturity roadmap for other APAC players
By combining resources for individual organisations with a wider focus on regulation and collaboration, Singapore’s blueprint offers grounds for optimism. Its multi-pronged approach aims to make businesses safer while simultaneously putting hackers on the back foot. While in the long-term, any national cybersecurity strategy should have a global outlook, in the short term, there need to be hard measures on ensuring some degree of resilience for key sectors and institutions, which seems to be the intention behind their blueprint. Singapore is stepping in the right direction – will the rest of APAC follow in their footsteps?