Cybersecurity in the Pacific Century
The Asia Pacific region is re-emerging as a leading geopolitical and economic power following a century of American dominance. Digitalization is powering much of this growth; driven by high-quality technical education, fierce commercial competition and vigorous digital initiatives deployed by regional governments.
However, this growth is at risk due to the level of cyber threat awareness and protection that exist across the digital supply chain, as compared to international peers, and in combination with an increased level of malicious activity from cyber-criminals. ESET is seeking to help solve this problem, bolstering its regional presence and most recently, by entering the Japanese market, with a dedicated Japanese office – complete with its own world-leading cyber education resource “WeLiveSecurity” in Japanese. To further support the Asia Pacific region (APAC), ESET is well as organizing the 22nd AVAR conference in Osaka, Japan – from November 6 - 9, 2019.
The Pacific Century
As a region, Asia Pacific’s geopolitical importance is growing in lock-step with its economies. This fact is strongly reflected in both its rapid adoption of digital technologies – by consumers and businesses – and its role in producing them. This is neatly captured by the term “The Pacific Century,” which has moved from being the provocative title of a documentary – a play on the widely used “American Century” that represented the period from 1918 – to a cornerstone of US foreign policy within one decade.
Since the turn of the last decade, China and India have become two of the major engines of the global economy, and these economies have clearly leveraged technology to take advantage of their scale, productivity and ability to execute at speed.
India, for example, has been educating large numbers of extremely proficient IT graduates for a generation, demonstrated the aerospace and satellite business, as well as the diaspora in leadership positions in many leading technology firms. China has leapt forward in areas such as quantum computing, introduced mega-scale online business such as alibaba.com and Tencent and even combined legislative and technological efforts like the Great Firewall (of China).
Many of the biggest gains have been enabled by technology. This includes the wider digital marketplace as well as areas including the collection and sale of data. However, ultimately the promise of Asia is largely in the ‘scale’ of that technology and the commerce that follows. But, along with its growth comes the increasing realization that the Asia Pacific (APAC) region is seriously attractive to cybercriminals and other malicious actors.
APAC market, a Honeypot?
While government mega projects and gigantic businesses lead the way, Asia’s economy is really driven by the success of small and medium businesses (SMBs). A huge tapestry of SMBs has emerged – they are often digitally savvy, employ the vast majority of workers, produce most of the goods and services and add most of the value. Unfortunately, ESET has discovered that costs associated with cybersecurity often deter this lifeblood of the Asian economy from making serious considerations about security solutions.
These are often the same SMBs that supply larger businesses and governments. These connections and business relationships are expressed in both physical and digital supply chains which, if disrupted, could damage business continuity and trust relationships both up and downstream of the supply chain.
As the APAC region continues to grow, innovate homegrown technologies, as well as deepen economic activities in domestic markets, it is attracting increasing attention from malicious actors. This trend will continue to grow in proportion to the wealth, intellectual property and data being generated.
In a recent example, high profile attacks in March 2019 saw the infamous Winnti group unleash a Pan-Asian supply chain attack targeting the highly-profitable gaming industry. Active since 2018, GoBotKR is a botnet operation which has been targeting users via backdoor-laced torrents mainly from South Korea, but also China and Taiwan. Other larger attacks, like NotPetya, have even caused collateral damage with global consequences to many critical industries. The impact, increasingly significant reasons for AV vendors and malware researchers to dedicate focus to the region.
Malware researchers at ESET and elsewhere have detected increasingly sophisticated malware and malicious activity in the Asia Pacific region. Between cybercrime and Advanced Persistent Threat (APT) activity such as the Ke3chang group/APT15 – believed to be operating from China – malicious actors have shown considerable innovation. This demonstrates that APAC is not too far from the hacker vs counter-hacker tug of war taking place in Europe and the Americas.
From regional hacking to global privacy concerns
As data breaches rise, businesses are faced with the simple reality that a cyberattack could lead to the loss of client information. This fact was already hinted at in our 2017 SMB survey in APAC. At that time, Hong Kong stood out with 44% of those surveyed stating that a loss of clients’ contacts and financial details was their biggest worry when it came to a breach.
In the two years since, citizens both in APAC and other markets have been pushed to evaluate where they, their businesses and their governments stand on privacy. Business links to Europe and the US – two continents where regulatory statutes are more and more set-in place to protect users’ data – put Asian businesses at risk of hugely significant fines, should personally identifiable information be made public.
United we stand
Cybersecurity gets stronger when detailed knowledge of threats and threat actors are shared between people and organizations tasked with protecting against them. To encourage this collaboration further, ESET contributes its findings to the MITRE ATT&CK knowledgebase, for example, with respect to Ocean Lotus, an APT group active in cyberespionage in Asia, especially Vietnam and Cambodia.
Another way to contribute to improved cyber security in Asia is to support research. In 2019 ESET will organize the 22nd International AVAR Cybersecurity Conference in Osaka, Japan. One of our goals for this year’s focus, Hacker versus counter-hacker: From retribution to attribution is to raise further awareness among the wider region and the security community to the extent to which Asia Pacific is being deliberately targeted. Fundamentally, awareness is just as critical for Japan as it is for its neighbors on both sides of the Pacific. Between updated malspam campaigns like “LoveYou” and threats to IoT, even Japan’s advanced economy is at risk.
These facts mean that there are several distinct journeys to embark on all at once. Perhaps most critical is security awareness and education. Only when the general public and employees build a better understanding of online threats, rights and responsibilities will legal and technological mechanisms stand the best chance of being effective.
To help address this, ESET in partnership with Canon Marketing Japan, opened ESET Japan in Tokyo, to better develop the Japanese market. This effort comes complete with a Japanese language version of WeLiveSecurity – the world’s leading cybersecurity research and awareness portal.
Enjoy Safer Technology is our “motto” and we mean it
This October, our Tokyo office will have a major role in bringing to market the 13th version of ESET’s home Windows products which deploy with a new Advanced Machine Learning layer integrated into ESET NOD32 Antivirus, ESET Internet Security, and ESET Smart Security Premium to improve detection capabilities. These layers of defense have been cleverly designed to not just detect everyday threats but also to monitor for cases of never-seen-before or zero-day threats. These well-rated products offer great protection at multiple price points and feature sets.
The 2019 edition also has both new and improved features including smart home protection via Connected Home Monitoring, Anti-Phishing software and an improved Password manager with integrated 2FA.
With much of Asia Pacific market now covered by major offices in Singapore, Sydney (Australia) and Tokyo (Japan), ESET will be better able to prioritize both business and research objectives and provide leading-edge cybersecurity for the region. For more cybersecurity solutions and best practice subscribe here and for the latest on research and new threats become an active reader at www.eset.com/blog.
Also, have a look at the AVAR agenda to get a look at the latest threats to APAC and beyond.
Learn more about Cybersecurity in the Asia Pacific: “State of Cybersecurity in APAC: Small Businesses, Big Threats”.