As businesses and governments increasingly rely on digital infrastructures, the threat landscape has expanded, with cyberattacks becoming more sophisticated and pervasive. From multinational corporations to small enterprises, the imperative to safeguard sensitive information and maintain operational continuity has never been more urgent.
Businesses in Vietnam have faced the highest number of cybersecurity incidents in Southeast Asia, with a staggering 17.1 million cases, according to data from global cybersecurity firm, Kaspersky. This was followed by Indonesia, which reported 14.6 million incidents, and Thailand with 4.7 million.
Overall, Southeast Asia experienced nearly 43 million local threats targeting businesses throughout 2023. Notably, Singapore, despite recording the lowest number of incidents in the region, saw a significant 67% increase in local incidents, rising from 300,000 in 2022 to 500,000 in 2023.
Telecom Review Asia Additional Insights: Vietnam's Cybersecurity Challenges, Insights, and Solution
Local infection statistics, which reflect the number of user computers affected by malware, are a critical indicator of the broader cyberthreat landscape. These infections include malware that penetrated computers through infected files or removable media or initially entered the systems in non-open forms, such as complex installers or encrypted files.
Kaspersky’s data is derived from its comprehensive scans of files on hard drives and removable storage media from the moment they are created or accessed. This rigorous approach ensures a detailed understanding of the local threat environment.
Adrian Hia, Managing Director for Asia Pacific at Kaspersky, emphasized the strategic importance of cybersecurity for the region's economic aspirations. “Southeast Asia shows solid potential to become a major manufacturing hub globally. The region is also consistent in charting steady digital economic growth through the years.
“To be able to continue these feats, organizations, whether operating on IT or OT [operational technology] systems, should build their cyber-defenses."
Read More: Navigating Opportunities and Challenges in Asia’s Digital Economy
How Vietnam's Privacy Laws Address Cyberattacks
Decree No. 13/2023/ND-CP, also known as "Decree 13," focuses on personal data protection. Article 26 of Decree 13 requires entities processing personal data to implement managerial and technical protective measures. Additionally, Article 23 mandates that organizations controlling personal data must report any violations of data protection laws, including breaches or cyberattacks, within 72 hours.
Vietnam's comprehensive law on network information security, enacted in 2015, outlines principles for securing information systems, including networks and servers. For systems supporting online services or government functions, Decree No. 85/2016/ND-CP and Circular No. 12/2022/NHNN provide detailed security standards and practices.
These documents emphasize both managerial and technical aspects of security, including the creation and updating of information security policies, the formation of specialized security teams, and securing human resources. These technical guidelines require secure network zones, remote management practices, access control, intrusion prevention, and malware defenses. Furthermore, they call for rigorous security protocols, including improved network architecture, data protection, and emergency recovery plans to ensure operational continuity.
Read More: Nearly 500K Phishing Attacks Target Southeast Asian Firms
Sectoral Regulations
Industry-specific regulations ensure network information security tailored to the unique needs of each sector. In the securities sector, Article 20 of Circular 121/2020/TT-BTC mandates strict regulations for securities firms offering online trading services. These firms must ensure uninterrupted and efficient transactions while maintaining the security, integrity, and confidentiality of their systems. Robust operating, managing, and usage procedures for online trading systems, as well as backups and contingency plans, are required. Non-compliance can result in fines.
In the banking sector, Circular 09/2020/TT-NHNN outlines a comprehensive management framework and technical measures for safeguarding IT assets, including information, physical, and software assets. Management measures involve cataloging and annually updating IT assets, with appropriate security measures applied based on system classification. Technical strategies include data encryption, loss prevention, mobile device policies, software asset management, and regular security patch updates. To prevent conflicts of interest and ensure effective oversight, legal representatives must be directly involved in information security, incident response, and staff role segregation.
Interesting Read: Uncovering the Digital Maze: IoT and Data Forensics in the Asia-Pacific
Combatting Cyberthreats in Southeast Asia
Several leading companies in Southeast Asia are actively combating cyberthreats through various technological initiatives. The National Supercomputing Centre (NSCC), for instance, is adopting new technologies to fortify and secure its High-Performance Computing (HPC) systems and networks. Among these efforts is the exploration of Quantum Key Distribution (QKD) encryption technology to safeguard data transfers and HPC networks, as outlined by Tan Tin Wee, Chief Executive, National Supercomputing Centre. NSCC is also actively involved in partnerships such as the National Quantum Safe Network, contributing to broader initiatives aimed at bolstering cybersecurity infrastructure.
Similarly, telecommunications giants like PLDT are making significant strides in global cybersecurity efforts. PLDT's inclusion in the Global Cyberdefense Council signifies a commitment to collaborative strategies in combatting cyber threats. Additionally, cybersecurity companies like Group-IB are actively engaging with regional initiatives, as demonstrated by their pioneering role as the first cybersecurity company to join Singapore's new smart district.
In Indonesia, partnerships between telecommunications companies like Telkom Indonesia and cybersecurity solution providers like F5 are elevating cybersecurity services. Indosat's collaboration with Cisco is also contributing to the enhancement of Indonesia's cybersecurity landscape.
In 2023, in the Philippines, NOW Corp. teamed up with cybersecurity leader, Fortinet, to reinforce cybersecurity infrastructure while simultaneously advancing 5G services.
Singapore is at the forefront of regulatory efforts. In 2022, the Cyber Security Agency of Singapore (CSA) implemented initiatives such as the licensing framework for cybersecurity service providers under the Cybersecurity Act. International collaborations, such as the MOUs signed between Singapore and the UK on digital trade, digital identities, and cybersecurity, further underscore the commitment to global cybersecurity cooperation.
Moreover, strategic partnerships between technology giants like Huawei and governmental agencies like the Cyber Security Agency of Singapore aim to raise cybersecurity levels among enterprises, ensuring a safer digital environment for all stakeholders.
Telecom Review Asia Exclusive Insights: Exploring the USD 446.00 Million Thailand Cybersecurity Market in 2024
Conclusion
As Southeast Asia continues to grow as a manufacturing and digital economic hub, the importance of strong cybersecurity measures cannot be overstated. The region's organizations must prioritize building robust defenses to safeguard against the ever evolving cyberthreats and ensure sustained economic growth and stability.
Read More: Implementing AI in Defensive Cybersecurity Strategies in Asia
Featured Report: Boosting Cybersecurity Amid Growing Digital Threats in Asia
Interesting Read: The Role of Al and Machine Learning in Enhancing Cybersecurity in the Asia-Pacific