Information shared among board directors is often highly sensitive and confidential. Hackers know the value of this information and are continually scheming ways to penetrate defences and steal data. Board members and top company executives are responsible for ensuring the value and reputation of their business and brand. Today, that value is closely tied to an emerging risk across Asia – cyber attacks.
A cyberattack is a deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyber attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cyber crimes, such as information and identity theft.1
Several known cyberattacks in Asia in the past three years include2:
Singapore, 2017: Cyberattackers accessed official classified information at the Ministry of Defence and stole personal information of 850 personnel.
India, 2016: Cyberattackers introduced malware in the payment services systems compromising 3.2 million debit cards from at least five banks.
Bangladesh, 2016: Cyberattackers stole US$81 million from the central bank by hacking into an official’s computer and transferring the funds to the Philippines.
Japan, 2016: 7.9 million individuals’ personal details were exposed when Japan’s largest travel agency was compromised.
Thailand, 2016: An individual with a malware-equipped ATM card stole US$350,000 from 18 ATMs belonging to a local savings bank.
Vietnam, 2016: Cyberattackers breached an airline’s system and leaked online the personal information of 400,000 frequent flyers.
Philippines, 2016: Sixty-eight government websites were compromised, including defacement, slowdowns and distributed denial-of-service (DDoS).
Hong Kong, 2015: Personal data of 6.4 million children were leaked in a cyber attack of a digital toymaker firm.
The cost of cybercrime to the global economy is predicted to hit US$6 trillion annually by 2021, up from US$3 trillion in 2015.3
According to a 2018 study by the Centre for Strategic and International Studies (CSIS) and online security company McAfee, cyber crime has inflicted US$171 billion in damages in the Asia-Pacific (APAC) region, nearly a third of the global total of US$544.5 billion.
Ever wondered what happens during a cybersecurity attack? Watch a compelling discussion which offers practical insights across the private and public sectors.
The study found that various markets in Southeast Asia have already been used as launch pads for attacks. These are “vulnerable hotbeds of unsecured infrastructure” where computers can be infected easily for large-scale attacks, or as well-connected hubs to initiate attacks.
The pace of cyber threats is relentless, evolving as fast as, or faster than the technology. The number of attempted malicious attacks is escalating along with the cost to organisations of addressing the incidents that penetrate their defences.
Board directors acknowledge that the risk is increasing, but there is much they still don’t know. Most directors are not IT experts, nor do they need to be. To effectively oversee risk management of cyber issues, they need knowledge and understanding of the changing digital environment and how it forms part of a wider business context. Without this insight and the ability to benefit from new technologies, organisations risk being overtaken by their competitors.
AT Kearney’s 2018 report, Cybersecurity in ASEAN: An urgent call to action supports this. The report found that “The region’s growing strategic relevance makes it a prime target for cyberattacks. Cyber resilience is generally low, and countries have varying levels of cyber readiness. Specifically, there is a lack of a strategic mindset, policy preparedness, and institutional oversight relating to cybersecurity.”
While boards need to consider cyber risk from a strategic perspective, they must also have some operational information. As part of their role overseeing the adequacy of risk management, it’s essential for directors to know the key elements of their organisation’s cyber risk protection and responses.
The Blackhat Asia Conference 2018 survey confirmed that there is a need to change the mindset towards cybersecurity. According to the survey, most organisations in APAC (58 %) believe a “detect and respond” approach is more important than prevention. However, this mindset towards cybersecurity may require re-evaluation, given the continued prevalence of data breaches in the region. In 2016–2017, 52% of organisations reported a cybersecurity breach with a further 30% reporting financial losses of over US$100,000 from those breaches.
When hackers charge as little as US$500 to hack the accounts of executives and board members, accessing a company’s intellectual property, finance and strategic information comes at a low fee for the attacker and high cost to the target of attack. With cyberattacks becoming more sophisticated and frequent, now is not the time for complacency. Can you be sure of the security of your organisation’s information?