With more than 1 billion internet users and growing in Asia, the region is increasingly facing a higher volume and more sophisticated cyber threats.
In light of concerns growing globally, the International Telecommunications Union, the United Nations specialised agency for information and communications technology, is working to develop and implement strategies to combat global cyber crime.
At a recent meeting in Bangkok, leaders in the cyber security industry spoke about the challenges of tackling cyber crime in a borderless internet environment and how internet users can protect themselves.
“The growth of cyber crime and cyber threat is simply a natural consequence of so many of the world’s people embracing the advantages brought into our world by ICT [information and communications technology],” said Hamadoun Touré, the ITU secretary-general.
Mr Touré said that while the lack of borders online allows for greater international communication, it can create additional difficulties when developing effective responses to cybercrime.
The ITU, together with its cyber security executing arm, the International Multilateral Partnership against Cyber Threats (Impact), forms the world’s largest global cyber security alliance. The ITU works with governments, academics and industry experts to tackle the issue of cybercrime across the ITU’s 193 partner countries.
ITU-Impact aims to address these borderless cybercrimes through a framework for international cooperation. In 2007 the ITU created the Global Cyber Security Agenda, a framework to address issues of cyber security in countries around the world. The GCA builds on existing regional and national cyber security initiatives in member states and aims to propose strategies for solutions and improve security in information technology.
“No country is 100% immune to any attacks,” said Philip Victor, director of the Centre for Policy and International Cooperation with Impact. “Our main aim is to enhance cyber security readiness.”
Mr Victor and Sameer Sharma, senior adviser with the ITU, explained how countries can benefit from the help of ITU-Impact and its industry partners; when a member country is concerned about a cyber threat or attack, it can make a request through the ITU or Impact for assistance.
ITU-Impact then goes into a country and works with regional stakeholders including banking, communications and power infrastructure groups to tackle the cyber security issue. ITU-Impact also carries out “cyber drills” with member countries, which involve simulation attacks and providing training on how to mitigate attacks.
But there are challenges that come with implementing effective strategies on a global platform. Industry experts at the ITU event spoke of the difficulties of responding to threats efficiently. Challenges include the varying levels of preparedness in countries, limited resources, an absence of legal frameworks, and physical geographic divides.
“We have tried to address some of these issues in different ways and forms,” said Anuj Singh, COO of Impact. Mr Singh said ITU-Impact customises and localises initiatives in member countries to ensure the needs of each region are best met.
“Essentially [we] bring to the table experience and expertise which can then eventually benefit the member states; looking at what is happening at a global level and to try and to see if they can [implement] these practices within their own country,” he said.
According to Interpol, cyber crime is one of the fastest growing areas of crime. On its website, Interpol says the global nature of the internet allows criminals to launch attacks from anywhere in the world and the speed, convenience and anonymity of today’s technologies allow for cybercriminals to carry out a variety of crimes.
Interpol describes cyber crime as “attacks against computer data and systems, identity theft, the distribution of child sexual abuse images, internet auction fraud, the penetration of online financial services, as well as the deployment of viruses, botnets, and various e-mail scams such as phishing.”
Trends in cyber crime have also changed in recent years.
“What we have seen in the past is many of the hackers were lone wolves. They’re staying in a room; they attack something for fame, for fun. But in the last five years we’ve seen the threats becoming much, much more severe. It’s usually based on either profit or some kind of defacement for an entire country or from state-sponsored ‘hacktivism’,” said Alex Lei, director of security sales for Semantec Asia South Region, Thailand, at the ITU event.
Mr Lei referred to the recent attacks on Southeast Asian governments carried out by the international hacker group Anonymous.
In November, people claiming to belong to Anonymous hacked into the official website of Singapore Prime Minister Lee Hsien Loong, as well as the website of The Straits Times. Government websites in the Philippines were also targeted by Anonymous in November.
A 2013 Data Breach Investigations Report by US-based Verizon, which looked at 47,000 reported global security incidents, asserted that groups and businesses big and small are vulnerable to attacks. Mom-and-pop businesses, public agencies and multi-nationals had all suffered from cybercrime.
It also determined data breaches in 2012 were of a large scale and diverse in nature, “perhaps more so than any other year”.
“All in all, 2012 reminded us that breaches are a multi-faceted problem, and any one-dimensional attempt to describe them fails to adequately capture their complexity,” read the report.
A 2011 Norton Cybercrime Report also found that people in developing countries are also at greater risk of falling victim to cyber crimes. In emerging markets, 80% of adults have been victims of cyber crime, compared with 64% in developed countries. In Asia, 85% of Chinese adults and 80% of Indian and Singaporean adults identified themselves as victims of cyber crime.
Stuart Clarke, director of investigation services for Nuix, a worldwide IT technology provider and ITU partner, said increases in volume and availability of electronic information, or big data, are also putting internet users at greater risk.
“If you imagine every document you generate, every e-mail you send, social media — all of the data that you’re putting on the internet — this all contributes to big data. And it’s a massive risk for us because any kind of cyber attack now has the potential to be much more devastating,” he said. “There’s a lot more information out there and there’s a lot less control around that information.”
Mr Clarke said it was important to address the issue of cyber crime on a global scale. However, not everyone sees the ITU’s global role in coordinating telecommunications as a positive thing.
Last year, the European Parliament spoke out against the role the ITU could have played in a possible expansion of the scope of internet telecommunications regulations, ahead of the ITU’s 2012 World Conference on International Telecommunications in Dubai.
A document from resolution passed by the European Parliament in November 2012 read, “ [The European Parliament] believes the ITU, or any other single, centralised international institution, is not the appropriate body to assert regulatory authority over either internet governance or internet traffic flows.”
The UN treaty, which would have introduced regulations to the internet, was blocked during the conference, but criticism of the ITU remains.
The organisation itself remains sensitive to assertions that it encourages censorship. After the Bangkok Post published an editorial addressing the ITU’s attempts to take a “dominant role in running the internet” on Nov 18, an ITU representative expressed dissatisfaction about the editorial to a Bangkok Post reporter, calling the commentary “nasty.”
“As soon as you say anything about protecting something, everyone thinks you’re going to censor,” said Max Thomas, CEO of The Cyber Guardian, a child online protection service and ITU partner.
While censorship remains a touchy subject for some, Mr Thomas is more concerned with working toward his company’s goal of fostering a healthy Internet environment for children. The Cyber Guardian works as a partner with the ITU’s Child Online Protection initiative and offers protection tools and services to member countries.
Mr Thomas said online protection services were all the more important in an age when children may have access to Internet 24 hours per day, seven days per week. But he admits tackling global cyber crime is not easy.
“There is no magical solution, there is no silver bullet that is going to fix the world’s problems when it comes to protecting children online,” he said.
Despite the challenges of addressing cyber crime threats and attacks, the ITU and Impact continue to create new initiatives to cultivate a global cyber security culture.
At the Bangkok conference, the ITU introduced the Global Cybersecurity Index (GCI) rankings. It ranks cyber security capabilities of nation states and aims to promote government strategies at a national level and encourage cyber security efforts across industries and sectors. It is a joint effort between the ITU and ABI Research, a market intelligence company.
“We can learn from the best practice of those countries at the top of the index and create a global culture of cooperation and support,” said Mr Touré.
Last year Oman topped the Arab States regional index ranking, with Morocco placing second. The full index is expected to be in place in 2014, with Asia Pacific included in the regional ranking index.
“We are only as strong as our weakest link,” said Mr Touré.