SINGAPORE – A rash of website hackings in the Asia-Pacific region has exposed weak cyberdefenses that must be improved to help the area deal with more sophisticated and sinister threats, particularly from criminal organizations, analysts said.
Hackers claiming to be from the global activist group Anonymous compromised several government and commercial websites in Australia, the Philippines and Singapore recently, and vowed to mount wider attacks.
In the latest incident, Anonymous hackers Thursday hijacked a section of Singaporean Prime Minister Lee Hsien Loong’s official website, just a day after he vowed to “spare no effort” to hunt down anyone who attacks the regional financial center’s technological network.
Cloud computing, the proliferation of mobile devices and the increasing use of social media have allowed an escalating volume of data to flow through multiple channels, giving hackers a wider field to ply their trade, analysts said.
They warned that Anonymous, which carries out attacks to highlight issues such as Internet freedom and corruption, is just one of the groups involved, and others with a more sinister agenda could inflict serious damage.
“The more sophisticated group that government and business should fear are the cybercriminal organizations who have much greater resources at their disposal,” said Tan Shong Ye, information technology risk and cybersecurity leader at global business consultancy PricewaterhouseCoopers (PwC).
Their targets could be valuable intellectual property and critical infrastructure, including military and state secrets, Tan said.
Shadowy hackers who have long targeted the West are turning their sights on Asia’s fast-growing economies.
“As countries become wealthier, they have more assets and therefore are more likely to become targets,” said Nina Laven, director for economics and country risk at consultancy group IHS.
“We will likely see the region attracting more attacks,” Laven said.
Southeast Asia and the wider Asia-Pacific region “are growing in significance in terms of cybersecurity issues” as Internet usage becomes more pervasive, said Caitriona Heinl, a cybersecurity specialist at the S. Rajaratnam School of International Studies (RSIS) in Singapore.
“These increasing levels of connectivity are raising the probabilities of cross-border cyber-related threats such as transnational cybercrime,” she said.
Research firm Euromonitor said there were more than 389 million smartphones and nearly 30 million tablets and other portable computers in the Asia-Pacific region in 2013.
Mobile Internet subscriptions alone reached more than 712 million, it said.
Governments and businesses are moving to protect their networks, but hackers, in many instances, are a step ahead.
“While information security risks have dramatically evolved, security strategies . . . have not kept pace,” PwC said in its Global State of Information Security Survey released worldwide in September.
“In other words, most organizations are now defending yesterday, even as their adversaries look to exploit the vulnerabilities of tomorrow.” Most Asian countries have implemented some level of cybersecurity protection by having computer emergency response teams to deal with online attacks, Tan of PwC said.
However, “more needs to be done in the form of investments as well as attention,” he said, citing PwC’s survey showing that the number of security incidents detected worldwide in the past 12 months rose by 25 percent and average losses climbed 18 percent from the previous year.
Asian businesses in general “are still not investing enough in cybersecurity,” Tan added, noting that companies usually invest after they encounter a serious attack.
China, the world’s second biggest economy, and Russia are “showing solid progress” in deploying cybersecurity safeguards while India is playing catch-up, Tan added.
“China’s Internet infrastructure is in fact more heavily guarded than others, thanks to the state’s role in the ‘Big firewall’ of China,” he said.
Laven of IHS stressed that international cooperation is key to fighting cyberattacks.
“Cybersecurity is a cross-border issue. Governments can invest in prediction, detection and recovery, but a lack of alignment between countries leads to security weaknesses that no one government can address,” she said.
Criminal groups could attack well-protected countries from overseas locations with weaker online safeguards, Laven said.
“Until governments can find ways to work together on preventing cybercrime — through penalties, incentives, or funding technical solutions that can be deployed across borders — international attackers will always be able to find weaknesses to exploit,” she said.
Heinl of RSIS said that so far, “national and regional efforts to adopt comprehensive cybersecurity strategies have been somewhat slow and fragmented.”