|Paul Hadjy, Chief Executive Officer and Co-Founder, Horangi Cyber Security|
|*picture credited to PORTFOLIO Magazine|
The following is the transcript of the recent email interview that CSA conducted with the CEO and Co-Founder of Horangi Cyber Security, Paul Hadjy, to find out a bit more about the company and the state of cyber security in ASEAN. Horangi Cyber Security is a Singapore-based cyber-security startup that offers mid-sized businesses best-in-class, proprietary cyber security products as well as expert advice regarding cyber security threats.
CyberSecurityAsean: What are some of the most common cyber threats facing ASEAN businesses today? Are they in line with threats faced by the rest of the world?
Paul Hadjy: ASEAN faces threats that differ in methods and complexity from those that the rest of the world is dealing with. While ASEAN is fast developing and catching up with the rest of the world in terms of technology, there is still a predominant legacy issue. Both hardware and software legacy issues make ASEAN companies more susceptible to the similar threats faced by the rest of the world.
Another threat that we see is where incidents go unreported. And when they finally are, it appears that a threat was way worse. The maturity of cyber security in the region and the difficulty in prosecuting cyber criminals make systems in ASEAN a more desirable target for attack.
The rapid growth of technology in ASEAN has resulted in applications of technology that differ from those of other regions. Localized methods and techniques have been modified with technological capabilities to give rise to types of attacks that are not seen in other parts of the world. Software and applications that have been supplanted by competitors in other parts of the world have found second life in the hands of users in the ASEAN region. Since many parts of ASEAN still see heavy use of cash, we have seen less prevalence of large-scale PCI breaches. Users in ASEAN tend to be consumers of IP instead of producers. Although we have found many of these attacks and methods to be less complex than their western counterparts, they are nevertheless unique and could lead to a branching off of techniques and procedures that will need to be closely observed in the future.
There is no unifying framework for cyber security in ASEAN currently and this has led to a dramatic variation in the maturity of cyber security capabilities in the region. As these member nations explore opportunities to cooperate with each other in cyber space, we are seeing an increase in digital ties between organizations with varying levels of cyber resilience and security, which is attractive to attackers as easy ways into systems with cyber security countermeasures that are otherwise complex or difficult to overcome.
Another common trend that we have observed is that ASEAN countries are emerging as launchpads for cyber attacks. In 2017, Indonesia, Malaysia, and Vietnam have been cited as top nations sourcing web traffic that has been blocked for suspicious web activity. The insecure infrastructure and large numbers of vulnerable machines in these areas make it a good target to start a large-scale bot campaign.
CyberSecurityAsean: What aspects of cyber security do ASEAN companies tend to overlook or not take seriously?
Paul Hadjy: Many ASEAN companies view cyber security as an IT task and not an overarching business risk. This causes decision-makers to set ineffective budget targets for cyber security spending, which in turn leads to myopic, ineffective spending.
This is not unlike the way businesses viewed cyber security in other regions in the past. Globally, organizations are beginning to shift to a more holistic view of cyber security, where it is a concern that is resonated across all core business processes within the enterprise.
Viewing cyber security as something that affects all aspects of a business tends to lead to a more holistic, effective approach to cyber. It also enables a more comprehensive and faster deployment of cyber security initiatives.
At Horangi we push this holistic approach to cyber security strategies when giving guidance to our customers in the implementation of their strategy.
CyberSecurityAsean: How do SMEs approach cyber security differently as compared to large enterprises, and why did you feel the need to cater specifically to the SME market?
Paul Hadjy: As with many other ecosystems, knowledge, methods, and norms trickle down from the top of enterprises. Small and Medium-sized Enterprises (SMEs) take cues from what works at larger enterprises and tailor those solutions for their operations.
We are seeing a shift in the way companies view cyber security that mirrors the shift we have seen in other regions over the past years. SMEs are slowly beginning to make this same shift, which puts cyber security at the forefront of their business concerns and adopting a holistic approach to the problem. It’s just happening a half-step behind the larger enterprises in the region.
Our decision to offer solutions that cater to SMEs is because they too, need to take a more modern approach to cyber security This is the same stance we take in enabling our mid-market and enterprise customers, too. As digitization progresses exponentially, cyber threats continue to grow alongside it and will only be more threatening. Horangi works with and helps organizations of all sizes to equip them to deal with those threats.
CyberSecurityAsean: Do you still see many companies in the region with little to no cyber security protection or strategy in place? Why is that the case?
Paul Hadjy: Yes, this is something we still see across sectors and in all sizes of business. I would say the main reason for this is that many leaders in these organizations just do not understand or know the importance of cyber security and in turn do not see it as a direct risk to the business.
We have to remember that many businesses have operated for a long time without having to deal in a highly-digitized world. Many of these businesses are still led by the last analog generation and have not adapted well to the digital world.
As competition increases and with the progress of technology, these businesses are starting to see the light and they are venturing out into this new frontier. We work with organizations to help them limit risk as they progress towards the digital age.
CyberSecurityAsean: Do you feel that cryptocurrencies are driving the recent surge in cybercrime?
Paul Hadjy: Cybercrime has always been prevalent, and cryptocurrencies only serves as a new, exciting target. The recent trend in cryptocurrency has only served to highlight a pressing issue that has been affecting companies worldwide. The big losses have brought out the media reports.
It has been reported that 90% of cybercrime are not reported. The media buzz around cryptocurrencies, the fact that crypto is the currency-of-choice for cyber criminals, and the inability of the affected companies to handle the incidents propels these attacks into the headlines.
That being said, there has been little help offered to the cryptocurrency industry in terms of cyber security. This is why we established a team and product/service offering focused around Crypto-Security. The members of our Cyber Operations team and developers were interested in the solving problems in this space and with a growing client base in the community, we now offer these services. We work with organizations from implementing secure Initial Coin Offerings (ICOs), to security testing of the applications they build, and network environments.