KUALA LUMPUR (Jan 24): The consequences of cybercrimes in emerging markets can have a broader impact because of the low cybersecurity maturity, said Netskope.

Kunal Jha, its Asia Regional Director, said one attack in the form of security breach and infrastructure takedown can actually have a broader blast radius within an emerging market than elsewhere and criminals are very well aware of the opportunity to attack.

“Since these emerging markets are very digital, coupled with Asean’s digital economy set to reach the size of about US$1 trillion by the year 2030. Digitally, [Southeast Asian countries] are evolving really fast because of the large populations. However, while we are evolving digitally, we are not necessarily evolving with strong cyber security awareness,” he told DigitalEdge.

Hence, he said, it becomes doubly important for emerging economies to ensure that they are putting their cybersecurity hat on investing in the right resources and making cybersecurity a priority conversation.

“[Economy players] have to start looking at cybersecurity as a type of investment, much like how we look at insurance. That is how cybersecurity plays a role. Its payback is in ensuring that even if one major breach is averted and avoided, you are much better off as a company, as a community or as a country.”

The evolving cyber threat landscape is currently at an unprecedented level of advancement and danger. Regarding the cyber threats faced by Malaysia and other Asean countries, they are likely comparable to global trends.

Grouping the top two threat categories into ransomware and malware, these two primary threat families persistently impact organisations across the region, including Malaysia, says Kunal.

Despite facing similar cyber threats, the level of preparedness in the Asean region does not quite match that of leading cybersecurity markets.

On the difference in preparedness, Kunal highlights major trends such as cloud threats and artificial intelligence (AI) targeting employees with suboptimal cybersecurity practices.

“The distinction lies in more mature markets' emphasis on employee education and training, technological investments to keep pace with evolving cybersecurity threats, and government policies aligned with the changing landscape.”

When asked how individuals at the ground level can safeguard themselves against cybercriminals, Kunal stresses the importance of ongoing education.

Organisations reporting breaches result from poor decision-making by inadequately trained employees or individuals. Hence, vigilance such as double-checking the legitimacy of communication channels is crucial. Specific alerts about new cyber threats are essential, spreading awareness and reducing the likelihood of falling victim to malicious practices.

In terms of deployed measures, technology plays a significant role at the organisational level. It involves building the right security guardrails to shield against threats.

Kunal compares the outdated security strategy of a castle-and-moat, a network security model where no one outside the network or beyond a building perimeter is able to access data on the inside, but everyone inside the network can.

The castle-and-moat security model, where a strong perimeter defence is established to keep outsiders at bay while allowing free movement within, was effective in a time when applications and employees were centralised. However, with the evolution of technology and work practices, this model has become outdated as offices are adopting cloud workspaces

Distributed applications and hybrid work models have become prevalent, breaking down the traditional boundaries of the castle-and-moat approach. Employees may need to access data and applications from various locations, making a rigid perimeter defence less effective. Additionally, the rise of cloud computing and remote work has further challenged the once-centralised nature of security.

Kunal outlines several key considerations for organisations, businesses and governments in the context of combating cyber threats and investing in cybersecurity

“Organisations tend to invest in cybersecurity technology when compelled to do so. One significant way to drive this investment is through governmental bodies allocating resources to cyber defence and offensive capabilities for the country. This implies supporting initiatives that enhance the overall cybersecurity posture of the nation.”

In tandem with that, regulatory frameworks also play a crucial role in guiding organisations on where to invest in cybersecurity. Regulations, he says, should be dynamic and responsive to emerging cyber threats. They need to evolve at a pace that keeps up with the rapidly changing landscape of cybersecurity to effectively guide critical sector organisations such as those in financial services, telecommunication, and manufacturing.

Most importantly, Kunal says, amid the complexity of cybersecurity technologies, the importance of getting the basics right within the organisation itself has to be emphasised.

“This involves having strong cybersecurity leadership, well-trained personnel and a focus on education. Ensuring that the security posture aligns with the investments made in other technological areas is essential for overall cybersecurity effectiveness.”