With the acceleration of digital transformation, emerging markets in the Southeast Asia region are experiencing a swift shift in the way businesses operate, moving from traditional data storage and management to online and web-based solutions. Nevertheless, this paradigm shift also exposes businesses to heightened cybersecurity risks, as cyber threats grow increasingly sophisticated and malicious, thereby presenting unique challenges for cybersecurity organisations and professionals.

According to the "State of Web Application and API Protection 2022" report by CDNetworks, various types of attacks, including DDoS, vulnerability exploitation, data scraping, business fraud, and API-related threats, have been on the rise year after year. This upward trend poses a significant challenge for traditional Web Application Firewalls (WAFs) in effectively mitigating such a wide array of threats. The report further highlights that approximately 87% of web-based businesses have grappled with two or more types of threats concurrently, with 65% facing three or more simultaneous threats.
 
Tackling Unique Cyber Threats in Emerging Markets

The question at hand is how to assist emerging markets in confronting these escalating threats, and CDNetworks stands as one company with a dedicated mission to aid organisations in the region. Over the past few years, the company has been proactively expanding its business and capabilities within the ASEAN region.

In this context, CSA had the privilege of conducting an interview with Yien Wu, Head of Sales at CDNetworks, to gain firsthand insights into the company's strategies for assisting businesses in effectively addressing cybersecurity risks within a localised environment.

Yien shared, “There are three key aspects when addressing these challenges. First is localised expertise and partnerships. You will need to make sure to have localised teams to support local languages and understand local cultures of doing business.”

He believes that establishing and nurturing relationships with local resellers is crucial because a well-established partnership can effectively facilitate the seamless integration of technology into the existing workflow and address the specific challenges posed by local cybersecurity risks.

According to Yien, the second key aspect involves customising security solutions, as different countries have distinct government requirements and market practices. Therefore, it's essential to adapt cybersecurity to meet local business needs. Understanding local regulations and practices not only ensures that cybersecurity solutions stay aligned with regional trends and address cybersecurity risks but also upholds trust with both partners and customers.

“The third aspect is infrastructure and user education. Right now, many industries in the Southeast Asia emerging markets are not so aware of cyber security risks. For example, in the manufacturing industries, often time they don’t think it is important to protect their website because they don’t sell anything on the website. Which becomes a loophole for hackers to infiltrate their systems huge losses for their business,” he explained.

To effectively mitigate cybersecurity risks, businesses should not rely solely on their contracted cybersecurity professionals or teams but engage in collaboration with them. This underscores the importance of educating themselves about cyber threats and understanding the current state of their infrastructure's readiness to combat these risks.

Yien added that both infrastructure awareness and enhanced user education are fundamental pillars of a robust cybersecurity strategy. They help businesses minimise vulnerabilities, prepare for potential cybersecurity incidents, and respond promptly and effectively to mitigate losses and minimise damage to their operations.
 
Counting on Security: The Importance of Cyber Investments

Yien Wu pointed out that some industries lack awareness regarding the significance of cybersecurity investments, including how much to allocate and where to focus their investments. Recognising the importance of these investments entails understanding not only their scale and allocation but also acknowledging them as essential for business survival.

He emphasised that effectively communicating information about cyber threats and vulnerabilities to business leaders is a key step in raising awareness within industries about the necessity of cybersecurity investments.

“Sometimes, when you articulate cyber threats and vulnerabilities in technical terms to business leaders, it’s for them to fully understand how that would impact their business and what it means. So, it would be better to communicate using business terms and make them understand how the risks translate into actual business loss. Also, you can include and use actual case studies on how you have helped clients mitigate such risks as a reference. This would then help to better understand,” he said.

Yien often shares a compelling analogy with business leaders:

"Just as a good car brake enables you to accelerate, a sound cybersecurity investment empowers your business to grow faster."

This analogy effectively conveys to business leaders that a prudent cybersecurity investment can accelerate business growth by mitigating cyber threats and vulnerabilities, reducing downtime, and facilitating swift disaster recovery. In essence, the key to raising cybersecurity awareness among business leaders is to communicate in terms that resonate with their business objectives and challenges.
 
Bridging the Communication Gap Between Business and Technical Leaders

Within a specific organisation, it becomes important to bridge the divide between business leaders and technical leaders. For instance, when engaging with business leaders, it's vital to grasp their primary concerns, such as revenue and reputation, and how these factors affect them. Understanding these key concerns enables the effective translation of cybersecurity risks into their context.

Moreover, contextualising cybersecurity risk is crucial, as different industries face unique traffic patterns and risks. As Yien Wu explains, you can't simply apply one industry's risk analysis to another, as each has its distinct characteristics.

Presenting cybersecurity within a specific framework helps business leaders recognise its relevance. For instance, discussing data privacy in the context of online services demonstrates how cybersecurity safeguards against breaches and reputation damage, aiding business leaders in grasping its significance.

Yien also emphasises the importance of shared objectives, which bridge the understanding gap between business and technical leaders. These shared objectives establish a common framework and motivation, aligning priorities and creating a universal language that fosters more effective communication.

Nonetheless, a significant obstacle faced by businesses in emerging markets across Southeast Asia is communication transparency. Often, distinct boundaries and formalities in communication exist between departments, as well as between managers and employees.

According to Yien, this sort of culture promotes cybersecurity risks. For example, different departments have their own opinion and standards of cybersecurity. So, there’s bound to be a weak link between them, which can become a loophole for hackers to infiltrate their systems.

Yien believes that tearing down the said boundaries will allow better and more transparent communication between departments and individual employees. When every employee and department is on the same page, it will help increase risk awareness, efficient incident reporting, better crisis management and damage control.
 
Key Measures to Take On Cyber Attacks

Certainly, as time progresses, the cybersecurity threat landscape will inevitably grow in complexity and sophistication, making it an enduring challenge for businesses to stay ahead of these evolving threats. In light of this, Yien Wu provided five essential recommendations to bolster cyber defences:

• Implement Multi-Layered Security:

  • Utilise strategies such as intrusion detection, bot behavioural management, and analytics.

  • Ensure comprehensive protection for web assets and infrastructure.

• Adopt Network Segmentation:

  • Employ network segmentation to isolate critical systems, preventing widespread damage from cyber attacks.

• Transition to Zero-Trust Security:

  • Migrate from traditional perimeter-based security to a zero-trust security model.

  • Verify every user and device before granting access and enable detailed visitor tracking.

  • Benefit from mobile-friendly features and Mobile Threat Defence (MTD) for secure remote work.

• Enhance Vulnerability Management:

  • Conduct frequent and regular vulnerability scans to prevent and detect cybersecurity risks.

  • Address human bias through optimised frameworks and objectives for vulnerability scans.

  • Utilise diverse scanning tools to comprehensively cover all cybersecurity aspects.

• Prioritise Employee Training and Policy Updates:

  • Invest in cybersecurity training to raise employee awareness of cybersecurity risks.

  • Consider hiring a cybersecurity consultant for effective training and management.

  • Regularly optimise and update cybersecurity policies to streamline user experiences and ensure compliance.

As the interview concluded, Yien emphasised that the crux of an effective cybersecurity strategy lies in comprehending contextual factors like your region, country, and industry. This understanding forms the foundation for crafting a tailored and highly effective cybersecurity strategy.