Asia Pacific (APAC) consumers have plenty of reasons to be concerned about data security. A study showed a jaw-dropping 168% increase in cyberattacks in just a year, between May 2020 to May 2021. 

HOW WILL CHINA’S NEW DATA SECURITY LAW AFFECT HONG KONG IPOS?

Dashveenjit Kaur | 8 December, 2021

Its not surprising that APAC is vulnerable to a data breach as its diverse economic and geopolitical landscape means the maturity of cybersecurity measures vary. 

According to a report from Check Point Research, an APAC organization experiences 1,245 weekly attacks with ransomware, Remote Access Trojan (RAT), banking trojans and info stealers. 

It is easy to see why the region is a hotspot for cyberattacks, and its consumers are wary. This is from the lack of government regulation and extended dwell time before the breach is detected, to Advanced Persistent Threats (APTs), with China in the lead for the state-sponsored variety.

For example, between June 2019 and March 2021, Chinese APT NAIKON targeted military organizations in Brunei, Indonesia, Myanmar, Thailand, the Philippines, and Vietnam. In October and November last year, hacking group Desorden claimed to have exfiltrated the Centara Hotels & Resorts in Thailand twice and stole more than 400GB of data from its servers. 

The group said the data contained personal information on millions of customers worldwide who have stayed in over 70 luxury hotels operated by Central Group, which owns Centara, between 2003 and 2021.

Increasing awareness and cautions towards data security

With COVID-19 variants still impacting the world, online reliance continues to be a part of day-to-day activities from work and socializing to shopping and more. The only difference now is that people are more aware and cautious about data security. 

A survey on APAC consumers found that over 50% are uncomfortable with their collected data, with 90% having one or multiple concerns about corporate data practices. Most respondents, 85%, also acted when they disliked the practices – 23% of which chose or switched to an alternative brand with better data practices, and 22% using the brand less or abandoning it altogether. This has relevance in marketing, for instance.

“Consumers are increasingly aware of the importance of privacy and how their personal information gets collected and used for advertising. Privacy of user data is among the top five technology concerns for consumers in India, and in the top three for consumers in Japan,” said Jessica Martin, head of APAC privacy GTM at Google, who offered some strategies for businesses to navigate the changing consumer sentiment. They are:

• Invest in first-party data 
• Adopt automation solutions to do more with less data
• Build a privacy-first ecosystem

Even while knowing consumers’ growing apprehensive with data sharing and privacy, a Forrester report found most APAC marketers are unprepared for a cookieless future.

The basic expectation 

In collaboration with Campaign Asia-Pacific and World Federation Advertisers, the report also revealed that 59% of the marketers only fulfil the minimum requirements to comply with data privacy regulations. Only 18% believe they are mature regarding their privacy oversight and process. 43% are still relying on third-party cookies in their current marketing practices, and the same amount is concerned about going without cookies.

That makes for a worrying outlook for APAC businesses if they are slow to catch up with the current market mood. As such, data security isn’t an afterthought anymore; it is a basic expectation of the Asia Pacific consumers.  

The post Data security is an expectation for APAC consumers appeared first on Tech Wire Asia.

Hong Kong Stock Exchange, the world’s third-largest financial bourse, has always positioned itself as the prime listing hub for Chinese companies that aim to raise capital abroad. The country has specifically gained from the lingering US-China geopolitical tension, recording its best nine months on record since 1980 as a flurry of Chinese companies redirected their IPOs to the city.

To make matters worse, Chinese companies that have plans to raise capital on Wall Street will now be entitled to greater scrutiny as the US regulators have even imposed a law that allows authorities to delist stocks whose auditors refuse to comply with US oversight. So the only respite for those Chinese companies is in Hong Kong but that might not be the case in the near future,

But now, IPOs in Hong Kong will not be that simple

Beijing has been intensifying probes into tech companies and their data security practices, especially when it comes to the transfer of data outside mainland China, which the government deems a matter of national security. It started when, in July, Chinese ride-hailing giant Didi Chuxing went public in New York — despite being told not to. 

CHINA TO HALT MORE TECH COMPANIES’ OVERSEAS IPO

Jamilah Lim | 31 August, 2021

Soon after that, the Cyberspace Administration of China (CAC) launched a cybersecurity review into the company and proposed a mandate for all Chinese firms with more than a million users to get approval before listing in foreign markets.

Here is where it gets trickier — while many had assumed that IPOs in Hong Kong would be exempt from various red tapes, the Cyberspace Administration of China (CAC) last month released the Network Data Security Management Regulation (Exposure Draft), clarifying that listings in the special administrative region would also need to go through a cybersecurity review if they “affect or may affect national security.”

The sprawling draft Regulation, consisting of 75 articles, unifies data security rules introduced by the Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL). The CAC is seeking public opinions on it until December 13, 2021

A partner at international law firm Pinsent Masons in Hong Kong Paul Haswell told South China Morning Post, “The mood at the moment, given how new the laws are and the fact that we are still waiting for an explanation on the ambit and meaning of some of their provisions, is one of concerned uncertainty.”

In short, the listing review would cause anxiety to Chinese tech firms which were counting on pivoting toward going public in Hong Kong without needing approval. As Bloomberg puts it, “there may not be a wave of Hong Kong share sales by Chinese tech companies as some predicted months ago.”

So far, there are three Chinese tech firms including Microblogging platform Weibo, NetEase’s music streaming service Cloud Village and artificial intelligence company SenseTime, that have upcoming Hong Kong listings. Those IPOs can be taken as test cases for the new regulations once enacted

The post How will China’s new data security law affect Hong Kong IPOs? appeared first on Tech Wire Asia.

Healthcare data continues to be one of the most highly desirable information by cybercriminals around the world today. Not only do healthcare data have a high value on the dark web, but it can also lead to serious implications if the information is exposed or made public.

What makes more worrying about healthcare data is the amount of information that it carries. From medical history records to personal information to even banking details, failure to secure this data properly can lead to organizations facing huge fines and losses should they be breached.

WHY IS IT GETTING HARDER TO SECURE HEALTHCARE DATA?

Aaron Raj | 22 September, 2021

In fact, since the Covid-19 pandemic started, healthcare institutions are now becoming increasingly targeted by cybercriminals. And now with a new variant making data even more important for contact tracing purposes, keeping it secure is a prerogative healthcare companies can’t afford to miss. Part of the reason for this is that healthcare companies simply do not have sufficient skills or experience in dealing with healthcare data. In the US, more than 40 million patient records have been compromised this past year by incidents reported to the federal government in 2021.

At the same time, the use of more IoT devices in healthcare, telemedicine services, and other modern technologies have also led to growth in data which can be hard to be managed by current systems in most healthcare devices. Most medical professionals, aim to only treat patients and often do not understand the importance of keeping data safe and secured.

As such, there have been increasing data breaches in medical facilities with cybercriminals targeting healthcare data to not only steal it but also lock systems that can cripple hospital operations. Some recent examples of a healthcare data breach include the data breach at Fullerton Health, a leading integrated healthcare platform.

The hackers claimed they managed to steal the data of 400,000 people, including the insurance policy details of Singaporeans. A sample of the data uploaded by the unidentified hackers included customer names and identity card numbers, as well as information about bank accounts, employers, and medical history. It also had the personal details of the customers’ children.

Improve healthcare systems or protect healthcare data?

Kamal Brar, Vice President and General Manager, Asia Pacific and Japan at Rubrik

According to Kamal Brar, Vice President and General Manager, Asia Pacific and Japan at Rubrik, no one expected healthcare to see a massive spike in cyberattacks. Kamal feels there are two reasons for this.

Firstly, the sensitivity of patient data and the critical stress on medical facilities and the service providers massive increased. So with that, the focus came onto patient care instead of security systems and data. And with a new variant, which becomes difficult to manage, from a patient care perspective, data becomes crucial because it’s how the data can be used to understand the new variant and patients.

“There is so much data fragmented across different systems. The trend in healthcare is an area of weakness and no one was thinking of it as a new requirement. And when you have such a scenario, bad actors will look for the most sensitive form of data and that’s patient care data. The lucrative nature of getting access to this data is one part while the speed at which the stress on systems goes through led to exploits. Each country had their own challenge in managing data, especially in securing it, which led to ransomware going up three to five folds more,” said Kamal.

The value of the data is now at its highest. As new variants come in, there are processes already in play for countries to follow to manage the situation. Contact tracing, safety protocols have been around for some time. But some of this data needs to be shared. And this data needs to be shared digitally, like for travel and such. Sharing data efficiently continues to be a huge challenge.

“Fundamentally, it is not just patient data. Airlines, insurance companies need data. There is so much information going around multiple ecosystems. And securing them is a big challenge. There have been breaches in the past. Across the board, we are living in a data-driven world and we need to make sure the data in all circumstances,” added Kamal.

Unfortunately, healthcare also has many legacy devices and systems. And there are also IoT devices that are connected to the WiFi or Internet. Telemedicine is also becoming increasingly demanding in some countries. All these components can have vulnerabilities. Legacy systems like patient care systems may not be updated and are heavily exposed to any type of threats.

“There are modernized healthcare devices that are built on a zero-trust architecture. For some of the patient care devices, no one thought that these could be hacked. And when hospitals suffer a ransomware attack, it’s not just financial systems impacted but patient care as well,” explained Kamal.

Visibility and recovery is key 

(Photo by MARIO TAMA / GETTY IMAGES NORTH AMERICA / Getty Images via AFP)

Healthcare needs to look towards a zero-trust policy. Kamal highlighted three guiding principles of the zero-trust policy. First, trust no one, always validate all connections. It was the other way round in the past, but this mindset needs to change. The other part is understanding the impact of a data breach. Healthcare facilities need to understand a data breach or ransomware attack to build their security. Finally, it is about automating the context and response. They need to understand how to trace the impact and what it means. This is where visibility is key and having appropriate recovery and backup systems.

“A lot of companies forget data protection. They need to think of the problem inside out. The most important thing is how quickly can they recover from an attack. If you look at healthcare incidents in the past, it is all about locking the systems. What’s key is how quickly can they recover those systems and get them back up and running,” said Kamal.

At the end of the day, the reality is healthcare data is becoming highly sought after by cybercriminals, and the only way healthcare facilities and service providers can protect their data and systems is to ensure they have full visibility on it. They also need to ensure that employees are fully aware of the importance of keeping data safe and secure.

For healthcare industries and service providers, new variants will only mean higher demand for data. Legacy infrastructures and IoT devices need to be protected. Backup and recovery systems should also be a key feature they look into. Ransomware recovery could not just save the organization but lives as well.

The post Omicron variant may require more stringent healthcare data protection appeared first on Tech Wire Asia.

Just last month, China passed a new Data Protection Act, called the Personal Information Protection Law (PIPL).  While it closely resembles the world’s most robust framework for online privacy protections, Europe’s GDPR, it has its own notable differences. Now, a month later, Chinese authorities released new regulations to classify data based on the level of importance and risk to national security and overseas interests.

The whole point of the new set of regulations published by China’s Ministry of Industry and Information Technology to give much-needed clarity to foreign-listed companies and others required to transfer potentially sensitive information abroad. It is a part of the government’s move to address consumer worries about the gradual erosion of their privacy as tech companies make rapid advances.

Data classification under China’s law

According to the draft regulations, data generated from industrial and information technology sectors in China, including raw materials, equipment manufacturing consumer products, electronics manufacturing, explosives for civil uses, and software, are subject to newly proposed restrictions. 

DID CHINA JUST PASS ONE OF THE STRICTEST DATA PRIVACY LAWS IN THE WORLD?

Dashveenjit Kaur | 24 August, 2021

That said, the government will classify data into three categories: general data which has limited social impacts; vital data that could threaten China’s economic, social, cultural, cyber, ecological, and nuclear wellbeing and compromise China’s overseas interests; and core data that seriously threaten national security and could have major social and economic implications. 

Specifically, depending on a data set’s specific impacts, biological, space, polar, and deep-sea activity, and artificial intelligence data is considered to be vital or core data.

Based on the drafted regulations, all the data from industrial and information technology sectors are to be stored within China, as per relevant laws and regulations. 

The proposed regulations also ban core data from leaving the country. Should there be a compelling reason for the data to be transferred outside of China, they require security appraisals to be taken first for the exports of vital data.

So what’s the impact?

Overall, the latest draft regulations are China’s first attempt to churn out details publicly on how to classify data, which aim to support better implementation of the Data Security Law.

Currently, the law only requires companies to sort and classify their data into different categories based on risk and imposes severe penalties on companies moving “core data” out of China. 

According to an analyst quoted by the Global Times, “The new regulations could have implications for foreign companies operating businesses in China.”

Take data generated by smart internet-connected vehicles for instance — it should face limits if a company wants to transfer it outside of China, Xiang said.

Additionally, violation of the regulations could result in fines, suspension of businesses, and revoking of business licenses.

The post Three new categories of data under China’s new Data Security Law appeared first on Tech Wire Asia.

Lost man-hours, credential and confidential information exposures, and reduced customer confidence & trust will require massive remedial measures, which can quickly bring companies down.

The internet was not designed to prioritize security, especially for businesses. As workforces shift to remote working arrangements, cloud usage has increased. Whilst these are largely positive changes, it doesn’t come without its risks.  

In fact, a global study by IBM identified that these two factors had a significant impact on data breach response. 

And the remedial costs associated with these data breaches? They’re to the tune of a massive US$4.96 million per incident. 

What are data breaches?

A data breach is defined as an event in which an individual’s name and a medical record and/or a financial record or debit card are potentially put at risk — either in electronic or paper format. 

The IBM research assessed data breach costs based on four factors:

• Detection and escalation: Activities that enable a company to reasonably detect the breach. 
• Lost business: Activities that attempt to minimize the loss of customers, business disruption, and revenue losses.
• Notification: Activities that enable the company to notify data subjects, data protection regulators, and other third parties.
• Post-breach response: Activities to help victims of a breach communicate with the company and redress activities to victims and regulators.

A report by Check Point Technologies showed that in the Asia Pacific region, there was a 168% increase in cyberattacks between May of 2020 and May 2021 alone — right around the time the world scrambled to shift to remote working. 

The lowdown on the costs of data breaches

According to the IBM paper, data breaches that occurred during cloud migration projects generally cost higher than at other times.

Cloud-based IT architectures with Edge capabilities may be more vulnerable to attacks from hackers, especially since IoT devices, often with low security, are increasingly used.

However, companies that were in the “mature stage” of their cloud modernization strategy were able to more quickly respond. Those that implemented a hybrid instead of a private cloud approach incurred lower overall costs.

Overall, the report made the following conclusions:

• There is a 10% YOY increase globally in the average cost of a breach
• Southeast Asia was the only region that did not see increased costs from data breaches (remained at US$2.6 million)
• Remote work breaches cost companies US$1.07 million more
• Costs varied widely across industries, with the healthcare industry seeing the highest
• Compromised business emails costed the highest (US$5.04 million)
• Data breach lifecycle took an average of 200 days to identify and resolve, costing an average of US$4.87 million

Zero-trust pivotal to mitigating costs of data breaches

The adoption of AI (artificial intelligence), security analytics, and encryption, together with a zero-trust approach, were the top three mitigating factors shown to reduce the cost of a breach.

This saves companies between US$1.25 million and US$1.49 million, compared to those who did not have significant usage of these strategies. 

Industry experts have been recommending a zero-trust approach for cybersecurity for quite some time. 

CONSUMER CYBERSECURITY AWARENESS STILL LOW, BUSINESSES SHOULD STEP UP – IBM SECURITY

Jamilah Lim | 9 August, 2021

A zero-trust security architecture assumes that authenticated identities or the network itself may already be compromised — even if they aren’t.

This approach treats every user, device, and interaction as a potential threat. As such, every single connection or condition will be continuously validated to ensure that it is legitimate. 

The findings in this report support industry-wide sentiments on zero-trust:

• Organizations without zero-trust deployed spent an average of US$5.04 million
• Organizations with zero-trust deployed spent US$3.28 million (42% difference)
• The top cost mitigating factor is the use of strong encryption (part of zero-trust)

Worryingly, almost half of respondents have no plans to deploy zero-trust — with only 20% saying they have fully deployed it, and 15% partially deployed. 

Aside from a zero-trust cybersecurity approach, it found that organizations with high levels of security AI and automation saved the most in costs — 56% more, to be exact.

Furthermore, these organizations were able to detect and contain a breach must more quickly than those without. 

How to better augment your cybersecurity strategy

Low consumer awareness of cybersecurity and data privacy means that businesses will have to reconsider their cybersecurity strategies, including assessing their cybersecurity risk profiles. 

“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” shared Chris McCurdy, Vice President and General Manager, IBM Security. 

Nevertheless, modern security tactics such as AI, automation, and zero-trust show great promise in helping to mitigate associated costs in the future.

So just how can companies approach this? IBM suggests these:

• Invest in security orchestration, automation, and response (SOAR) to improve detection and response times. 
• Stress-test incident response plan to increase cyber resilience.
• Adopt a zero-trust security model to help prevent unauthorized access to sensitive data.
• Use cybersecurity tools that help protect and monitor endpoints and remote employees.
• Invest in governance, risk management, and compliance programs.  
• Protect sensitive data in cloud environments through policy and strong encryption.
• Embrace an open security architecture and minimize the complexity of IT and security environments.

Compounding the issue of low consumer cybersecurity awareness is a critical skills shortage gap in APAC.

While larger enterprises can afford to have multiple layers of cybersecurity protection, small and medium enterprises (SME) may not be so lucky.

However, cybersecurity is still a high-priority area for any digitalized business, small or large.

As such, SMEs can consider outsourcing their cybersecurity with managed security services (MSS), with a focus on employing zero-trust cybersecurity practices.

The post Data breaches cost SEA companies US$2.6 million per incident appeared first on Tech Wire Asia.

According to reports in various Indian publications, TikTok could re-enter the country as TickTock, based on a new trademark application filed by parent company ByteDance. Reports show that ByteDance had filed a trademark for TickTock with the Controller General of Patents, Designs, and Trademarks earlier this month.

BYTEDANCE’S IPO PLANS SHUT DOWN AFTER SHOWDOWN WITH CHINA’S REGULATORS

Dashveenjit Kaur | 15 July, 2021

While there is no official statement from ByteDance, the company is said to be keen to resume its operation in India after the introduction of new IT rules. In January this year, TikTok shut down its operations in India, letting some 2,000 employees go as they were unsure how long the ban in India would last.

With over 200 million monthly active users, India was the biggest international market for TikTok before the ban. However, geopolitical tensions with China led to India banning TikTok and several other applications which supposedly engaged in activities that posed threats to India’s national security.

The filing of TickTock could mark a change for the video platform giant in the weeks to come. India’s new IT rules have already seen companies like Krafton rebranding their PUBG Mobile to BattleGrounds Mobile India to cater specifically to the Indian market. Another brand is Shein, a China-based fashion e-Commerce platform, which has quietly re-entered India through Amazon. Both Krafton and Shein were part of the slew of apps that were banned last year.

Protestors hold posters with the logos of Chinese apps in support of the Indian government for banning the wildly popular video-sharing TikTok app, last year.  (Photo by NOAH SEELAM / AFP)

The timing for TickTock’s entry is rather interesting, however. ByteDance recently decided to postpone IPO plans in the US or Hong Kong indefinitely after they were ordered by Chinese regulators to focus on addressing data security risks. Companies seeking to raise capital in overseas markets are now facing greater scrutiny after China recently proposed new laws that require all firms heading for an IPO outside of China to undergo a cybersecurity review.

Last month, TikTok started selling some of its AI technology to other companies, including those based in India. The Financial Times reported that some of the features up for sale included the app’s computer vision tech, real-time video effects, automated translation of text and speech functions as well as tools for data analysis and management. ByteDance also allowed customers to tailor tech based on their business needs.

TikTok is also currently banned in Pakistan and Bangladesh. Indonesia announced a ban as well but lifted it after a week. Former US President Trump cast TikTok as the mascot for the US’ growing concerns over China when he signed a series of executive orders to erase the popular short video platform from mobile app stores. The ban has since been revoked under the Biden administration.

While it may be some time before TickTock kicks off, India’s new IT rules and social media rules are setting precedence for governments around the world to closely examine the impact of tech firms on their citizens and local industries.

The post TikTok might be revived in India under a new name appeared first on Tech Wire Asia.

What cybercrime is

According to Norton, a cybercrime is defined as “having personally experienced a crime committed with devices over the Internet”. 

This includes crimes where a computer is used to victimize an individual, such as by theft or fraud, and crimes that target other computers and connected devices to access the data on the device or that affect the device’s operation.

The 2021 Norton cyber safety insights report polled over 10,000 adults from 10 countries around the world on their experiences with and impact of cybercrime and their attitudes towards it. It also sought their opinions on personal privacy and online creeping.

Almost 60% of respondents report spending more time online than before. Over 70% of respondents from all countries agree that remote work has made it much easier for hackers and cybercriminals to take advantage of people.

While over half of respondents are more worried than before about being the victim of cybercrime, a similar proportion doesn’t know know how to protect themselves from it.

Cybercrime is becoming a greater threat

Within the Asia Pacific (APAC) region, over 70% of respondents from India and Australia have taken more precautions online due to concerns about cybercrime. However, only 48% of those in Japan have done so. 

This is supported by research by Checkpoint Technologies, which has found similar results — cybercrime has increased 168% in 12 months since May 2020.

Whilst adults in Japan are the most worried about cybercrime and feel more vulnerable to it than they did before the pandemic, they are also the most likely to not know how to protect themselves from it. Additionally, 82% of them admit that they have trouble deciphering the reliability of online information sources.

BOTNET DRONES RAISE CYBERSECURITY CONCERNS IN SINGAPORE

Aaron Raj | 12 July, 2021

Globally, over 477 million consumers have been victims of cybercrime, with nearly 330 million cases in the past 12 months alone. 

In 2020, Japan saw nearly 19 million cybercrime cases, whereas Australia and New Zealand (ANZ) reported nearly 10 million. India was the hardest hit, seeing close to 120 million cases.

Many have realized how impactful cybercrime is

The top three cybercrimes reported by respondents included:

• detecting malicious software on a computer, Wi-Fi network, smartphone, tablet, smart home, or other connected devices
• detecting unauthorized access on an email account
• detecting unauthorized access on a social media account

On average, victims report spending an average of seven hours resolving issues, with almost half were financially impacted by these attacks. 

Whilst ANZ report spending an average of six hours, those in India report spending over 10 hours. In terms of financial impact, approximately 45% of ANZ respondents incurred losses, whereas India reported a whopping 72%.

Most still don’t know how to deal with identity theft

Within the past 12 months alone, nearly 30 million people in India, four million in Japan, and nearly two million in ANZ people fell victim to identity theft. 

Concerningly, those in Japan are the most worried their identities would be stolen (74%), but 73% have no idea what to do if it actually does happen. Only 23% of Japanese believe that they are well-protected against it. 

These are in contrast to those in India and ANZ, which reported about a little more than half for the above. 

However, a staggering majority of all respondents globally and in APAC wish they had more information on what to do when their identities are stolen.

Protecting online activities

An overwhelming majority of respondents across the globe are concerned about data privacy, with close to 60% saying they are very concerned about it.

Thankfully, results from the survey show that a majority of respondents have taken some steps to protect their online privacy, most commonly making passwords stronger or limiting information shared on social media. This is similar to APAC respondents, except for those in Japan, where only 59% have taken steps to hide their footprints online.

Some of the measures taken to protect their personal data include:

• Stopped using public Wi-Fi 
• Read the Terms & Conditions in full before installing or downloading a device or service
• Changed default privacy settings on devices
• Enabled multi-factor authentication
• Disabled third-party cookies in a browser
• Configured a browser to improve security 
• Used something other than my full name for social media profiles 
• Used a virtual private network (VPN) to encrypt information sent to and from my devices 
• Used anonymous payment methods  
• Deleted a social media account 
• Used an encrypted email service 
• Asked a company to see what personal information they have about me in their customer records 

Dealing with cybercrime is important for businesses

Norton’s survey reflects similar results from a recent IBM Security survey, which found that cybersecurity awareness by global consumers is still concerningly low. 

This trend will greatly impact businesses relying on digital engagement, so companies should bear in mind how these results will will affect their cybersecurity risk profiles — especially as more people access work materials from possibly unsecured devices at home.

Most businesses address cybersecurity reactively when they need to actually have a proactive approach instead. Not only will this keep businesses prepared, but they’ll also be able to use more advanced threat detection methods to deal with tougher threats.

The cybersecurity industry is facing a critical dearth of skilled cybersecurity experts. Countries in the APAC region are not training enough cybersecurity professionals, and in five years, the region is expected to need 5.7 billion people with digital skills training.

This is further compounded by how the cybersecurity industry is facing a gender imbalance — the industry is doomed to stagnation if there isn’t more diversity and inclusion. Over half of women in a CIISec survey believe it will take at least a decade for them to be treated as equals to men. 

In March 2021, Gartner held a Security & Risk Management Summit for APAC leaders, exploring top security and management risk trends for 2021. 

Whilst most solutions require trained cybersecurity experts, there are Managed Security Services (MSS) may be a more affordable solution for startups or enterprises to address a critical issue.

The post Cybercrime is rising, and APAC users can do more to fight it appeared first on Tech Wire Asia.

As the Covid-19 pandemic has redefined the way we live, work and play, pushing most of us online more often, so has our expectations for the digital world. With movement restrictions leading to the increased uptake of digital consumerism especially on e-commerce platforms, Asian consumers needed to trust businesses with their data and information, while organizations had to trust that their employees would stay productive working remotely.

Service reliability most important for digital trust

A recent study by independent identity provider Okta showed the shifting perceptions of trust amidst a rapidly digitalizing world in 2020. When it comes to building a brand’s digital trust, consumers care most about a company’s service reliability, strong security, quick response times, and good data handling practices.

In Malaysia, 250 office workers were surveyed, as part of a total of more than 1,700 office workers across Asia (including Singapore, Hong Kong, the Philippines, Malaysia, and Indonesia). 

Service reliability is, on average, deemed the most important to building digital trust in a brand.

How polled Asian consumers rated the importance of these factors for digital trust in a brand. Source: Okta Report

However, amongst all polled Asian countries, Malaysians particularly valued quick response times from customer service teams, ranking it as the most important factor (26%) when it comes to digital trust of the brand. 

Other factors considered important to Malaysians when it comes to digital trust include service reliability (25%); good security policies (25%); transparent and easy-to-understand data practices (16%). 

Amongst Asian respondents, assessing the digital trustworthiness of a brand is weakly related to the brand’s possession of strong ethical values. The region saw an average of eight percent of respondents prioritizing it, but the lowest of the lot came from Malaysia at five percent.

Asians trust digital channels but are also more security cautious

Regionally, the report found that Asians have a high level of trust in digital channels – only 10% of all Asian respondents said they don’t trust any digital channels to safely handle their data. 

This contrasts with 19% of Americans, the most untrusting group according to the same survey, which was also conducted in the US, Europe, and Australia. 

At the same time, Asians are more cautious than their global counterparts – 71% of Asian respondents shared that they have become more cautious about providing personal information online amid the pandemic – almost double the global average (41%).

Specifically, Asian respondents feel they are most at risk from identity theft (22%). Data breaches (18%) and password theft (16%) rounded out the top three concerns. 

Unethical data practices drive customers away

Asian consumers are most likely to lose trust in brands that intentionally misuse or sell personal data, followed by brands that fall prey to a data breach. 

Over half of Asian respondents (58%) would not likely purchase from a brand or company they do not trust. Specifically, almost half (45%) of Asian respondents cited data breaches as the key deterring factor from spending on goods and services online. 38%  said they had permanently stopped using a company’s services and deleted the app following a breach.

Other factors that would deter purchases include images that misrepresent the product (39%); websites with questionable legitimacy (38%), and websites that request too much personal information (38%).

For brands, consumer loyalty is hard to gain and easy to lose. Digital trust has a big impact on brand awareness and reputation, and ultimately where Asians spend their money online – 50% of Asian respondents have lost faith in a company due to a data breach or security event. 

As such, Okta advises businesses to take a two-pronged approach of driving customer awareness and encouraging better account profile and credential management. Examples include adopting user-friendly identity technologies like minimal or password-less authentication to better assure increasingly wary consumers without compromising their digital experience. 

“Asia-Pacific has far outpaced the rest of the world in online sales growth over the last year. This high demand, coupled with intense competition, has made brand trust a potential make-or-break for businesses looking to grow and retain an online customer base,” said Graham Sowden, Okta’s General Manager for the Asia Pacific. 

Workplace productivity needs high digital trust too

Okta’s study showed that remote arrangements are here to stay, especially for professionals in a rapidly digitalizing Asia. The majority of Asian respondents (61%) said they “always”, “often” or “sometimes” work from home today and want more flexibility in work from home (WFH) policies even post-pandemic.

With that said, Asia-based professionals have been more cautious about potential cyberattacks, and are warier of phishing emails (59%); data breaches (59%), and AI-generated “deepfakes” used to spread false information (58%). 

ARE MANAGED SECURITY SERVICES THE KEY TO CYBERSECURITY FOR SMES?

Aaron Raj | 2 July, 2021

To maintain employee efficiency and protect corporate data in a remote work environment, businesses need to educate staff on security best practices and update legacy technologies that may be vulnerable to online threats. Educating customers is also crucial – businesses should proactively communicate to customers how they are bolstering their cyber defenses, thereby building trust. 

The post Ensure reliable service if you want the digital trust of Asian consumers appeared first on Tech Wire Asia.

However, the outbreak has also catalyzed the maturation of digitalization – demand for digital services has been nothing short of explosive during the pandemic.

Growth of Digital in APAC

The Southeast Asian (SEA) region is not a stranger to digital disruption, innovation, and digitally transformative initiatives, either. Rapid and proactive action by governments to control the spread of Covid-19 has resulted in tight border and movement restrictions.

This has, in turn, jolted businesses ranging from mega entities to small and medium business (SMBs) towards optimizing and increasing adoption of digitalized solutions in order to keep their hungry economies connected and vital. 

Computer security and talent shortage woes

The region has been racing to adopt technologies such as cloud, edge, 5G, artificial intelligence (AI), machine learning (ML), and IoT, in post-pandemic economic recovery efforts. Alas, a menacing darkness looms over this sliver of economic hope: cybersecurity threats.

Earlier last year, Tech Wire Asia reported that cybersecurity was at the forefront of priorities for APAC business decision-makers alongside digital growth. However, the lack of talent in the field is still a major concern.

The 2021 cybersecurity update

In May 2021, Check Point Software Technologies released research data on cybersecurity threats in APAC and found that, compared to May of the previous year, cyberattacks have increased by an alarming 168%. 

In fact, there was a 53% increase from April to May this year alone. The top five countries seeing the largest increase in cyberattacks as compared to May 2020 are Japan (40%), Singapore (30%), Indonesia (25%), Malaysia (22%), and Taiwan (17%). 

The top three sectors most affected by these cyber threats are utilities (39%), internet and managed service providers (ISPs/MSPs with 12% of the total), and software vendors (6%). According to Check Point, the economic devastation brought about by Covid-19 has led to hard times for many. This has precipitated a steep growth in crime, with a significant rise in cyberattacks in particular, within the hard-hit SEA region.

Eight security trends for a safer workplace

Earlier in March 2021, global research & advisory firm Gartner held a Security & Risk Management Summit for APAC leaders, exploring top security and management risk trends for 2021. 

It identified eight trends that APAC leaders ought to look out for this year. 

1. Cybersecurity mesh

Gartner suggests looking at cybersecurity mesh architectures. These enable the centralization of policy management, deployment, and critically, cybersecurity tools that interoperate by providing foundational security services, instead of within silo’d approach. 

2. Identity-first security

The SolarWinds attack emphasized how badly identities are managed and monitored. Identity-first security puts identity at the center of security design, so effective monitoring of authentication can spot attacks against multi-factor authentication infrastructures (e.g. SSO, biometrics).

3. Overhauling remote working policies and tools

A majority of the workforce (64%) are working remotely, and it is expected that up to 40% will continue to do so post-pandemic. Organizations should thus overhaul their policies and security tools for remote working. These include policies for data protection, disaster recovery, and backup to make sure they’re optimized for a remote work environment.

4. Increasingly cyber-savvy directors

Gartner predicts that by 2025, 40% of board directors (currently 10%) will push for a dedicated cybersecurity committee that’s overseen by a qualified board member. 

5. Security vendor consolidation

When it comes to security vendors, the plethora of products by different vendors “increases complexity, integration costs and staffing requirements”. As such, 80% of IT teams said they plan to consolidate vendors over the next three years.

6. Privacy-enhancing computation 

Emerging data protection techniques such as privacy-enhancing computation are predicted to be adopted by 50% of large organizations by 2025. They protect data while being used, instead of when it’s unused or being transmitted, even in untrusted environments. Use-case scenarios include fraud analysis, intelligence, data sharing, financial services (such as anti-money laundering), pharmaceuticals, and healthcare.

7. Breach and attack simulation (BAS)

BAS tools are emerging to provide continuous defensive posture assessments, unlike tools such as penetration testing. With BAS as part of regular security assessments, teams will be more efficient at identifying gaps in their security posture and be able to prioritize security initiatives better.

8. Machine identity management

Non-human entities are increasingly present in organizations. It is thus imperative that they implement machine identity management as part of their security strategies, in order to establish and manage trust in machine identities and their interactions with other entities such as devices, applications, or cloud services and gateways.

Computer security efforts around APAC

Down under, the Australian government updated its ten-year, US$ 1.2B national cybersecurity policy in 2020, channeling US$ 45mil into protection for SMEs. APAC leader in cybersecurity readiness, Singapore also strengthened its policies to deal with the rising tide of attacks on financial institutions worldwide. 

Some private sector players have also been stepping up computer security efforts, such as Alibaba-backed Lazada. The SEA e-commerce giant has been working with white hat hackers to detect security vulnerabilities in its IT environment over the past 18 months, this week making their ‘bug bounty’ program public, offering US$10,000 to anyone for each critical vulnerability they detect in Lazada’s platform. 

Whilst these efforts are commendable, APAC leaders should look towards realigning their strategies with those trends in mind, for consistently stronger and more efficient cybersecurity practices.

The post 8 cybersecurity trends APAC IT leaders should pay attention to immediately appeared first on Tech Wire Asia.