Cambodia’s cybersecurity challenges

Gerald Flynn

As the world reels from decade after decade of nonstop transformative technological developments, it has been – and for many it still is – difficult to keep up with the latest available advances as the wheel of progress goes increasingly digital.

As the world reels from decade after decade of nonstop transformative technological developments, it has been – and for many it still is – difficult to keep up with the latest available advances as the wheel of progress goes increasingly digital.

For the latest Cambodian Business news, visit Khmer Times Business

Cambodia, owing perhaps to its tragic recent history, has been afforded a grace period to catch up and, through skipping multiple iterations and generations of what is now woefully outdated technology, the Kingdom has fully embraced with open arms the fruits of the brave new cyber world.

Grand aspirations

It is this eager adoption of the internet and its assorted technologies, coupled with a relatively young population of digital natives, that has given Cambodia grand aspirations for Industry 4.0 and the digital economy.

But the opportunities that await following this metamorphosis are not without threats.

Recognising the value of looking before one leaps, Cambodia will play host to the Cyber Security Asia 2019 conference which will take place on Nov. 4 and 5 in Phnom Penh.

With this in mind, Capital Cambodia will explore the issues pertaining to cybersecurity across the region through a series of discussions with experts, handpicked from around the world, to speak at the forthcoming Cyber Security Asia 2019 event.

Kicking off this series will be Amirudin Abdul Wahab, the chief executive officer of CyberSecurity Malaysia – a former Malaysia computer emergency response team that has been fleshed out into a fully fledged agency of the Malaysian Ministry of Communication and Multimedia.

Amirudin will be bringing more than 20 years of information communication technology (ICT) experience with him to the Phnom Penh conference, as well as a unique perspective that spans across public, private and non-governmental sectors.

Under his leadership, Malaysia was ranked third in the world in the 2014 International Telecom Union Global Cyber Security Index.

Cambodia’s rapid growth of late is reflected in the digital statistics collated by We Are Social and Hootsuite, which highlights extraordinary growth across the Kingdom and reports that 12.5 million Cambodians are now internet users as of January 2019, up 56 percent from the start of 2018.

Active social media

The report also notes a 20 percent growth in active social media users, with 8.4 million Cambodians utilising multiple online platforms for a range of purposes.

The Kingdom is reportedly performing above regional and global internet penetration rates, which stand at 63 percent and 57 percent, respectively, compared with Cambodia’s 76 percent.

“This increasing reliance on ITC [information and communications technology] is important as a vital tool for the nation to progress economically, socially and politically,” says Amirudin.

“The global cybersecurity landscape has evolved with the emergence of Industry 4.0, big data, cloud computing, Fintech [financial technology], blockchain, artificial intelligence [AI], machine learning, deep learning, virtual reality, augmented reality, the Internet of Things [IoT], bring your own device.”

While Cambodia may have been a slow adopter of these emerging technologies – as was much of Southeast Asia – a multi-ministerial effort is being made to address the need for transformation.

New technologies

“These innovations will accelerate the creation of new technologies and transform our ways of living and doing business, forcing changes in the speed and modalities of regulation and policy formulation,” Phan Phalla of the Ministry of Economy and Finance was reported as saying at a conference last year. “In this sense, even developing countries such as Cambodia will also face both a positive and a negative impact on economic and social development.”

Greater collaboration

More recently, Heng Sokkung, speaking at a seminar on enhancing the development of small and medium handicraft and industrial sectors, called for greater collaboration between government ministries, NGOs and the private sector to help Cambodia capitalise on technological developments such as AI, cloud technology and IoTs.

As Amirudin notes, the plans to engage with such emerging technologies must include the solutions to potential issues that will arise with adoption.

“The expanding use of emerging technologies and growing internet connectivity have given an opportunity to cyber [crime] perpetrators to broaden their potential victims, by taking advantage to execute and meet their objective.”

Raising awareness

He goes on to say that future-proofing Cambodia’s industries will require all nationwide digital initiatives to include a cybersecurity approach and urges not just the Cambodian government but governments around the world to raise awareness among digital users, so they are aware of the threats.

He suggests that Cambodia will need to produce competent and dynamic cybersecurity professionals in order to adapt to the ever-mutating threats within the field – especially with regards to safeguarding national critical infrastructure.

Despite Cyber Security Asia’s estimation that the cybersecurity market in APAC countries will be worth $32.9 billion by 2019, Amirudin fears that not enough is being done to meet the demand.

The skills gap rears its all-too-familiar head in every sector or industry in Cambodia and the cybersecurity industry – he says – is one that is lacking across the world.

“There are insufficient capabilities and capacities in providing cybersecurity solutions in the region to address the growing risks and threats as technology evolves,” he warns.

“A global shortage of cybersecurity professionals is estimated to reach more than two million by 2019.”

This will reach 3.5 million worldwide by 2021, according to Cybersecurity Ventures, but Amirudin fears that the adaptability of those trained will not meet the evolving threats of cybercriminals – which, if happening globally, most likely spells far graver danger for Cambodia.

“AT Kearney said in 2017, ASEAN countries collectively spent only 0.06 percent of their GDP – around $1.9 billion – on cybersecurity, which was in contrast to the global average of 0.13 percent,” notes Amirudin. Cyber Security Asia reports that 90 percent of APAC businesses have been hit by a cybersecurity attack and that 72 percent of Chief executive officers are not prepared for cybercrime.

This is certainly a sentiment shared by Nataly Rodionova, managing director of IT Academy STEP Cambodia – one of the only training institutes in the Kingdom offering Cisco certificates that meet international cybersecurity standards.

“If you want my opinion, I can observe an underestimation of the importance of cybersecurity in Cambodia in general. This is related both to protecting company data and customers’ personal data.

Demand growing

“We hope to see more companies and more specialists paying attention to this area because we believe every IT manager at any company, regardless [of] the industry, should have at least an essential understanding of cybersecurity,” she adds. “As long as a company is connected to the internet, has a website and works with data, cybersecurity policy should be in place.”

Amirudin Abdul Wahab
CEO, CyberSecurity Malaysia

With the demand for cybersecurity growing and the value of the industry swelling in line with the threats of ignoring it, Amirudin recommends that “Cambodia should be able to identify their national assets that should be protected from known cyber-risks and threats.”

He notes that the protection of critical national information infrastructure is vital.

In February, Singaporean medical giant, SingHealth was hit with a $1 million fine for the 2018 data breach that saw the theft of some 1.5 million patients’ data, including those of Prime Minister Lee Hsien Loong.

It is these areas of society that will require the most protection, but Amirudin suggests that it must be holistic.

“The cybersecurity approach should be designed in a comprehensive manner, with a holistic and adaptive ecosystem, consisting of people, process and technology,” he says.

Cybersecurity or information technology security is defined as the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

It is becoming a more important area because of increased reliance on computer systems, the internet and wireless network standards such as bluetooth and wi-fi and because of the growth of “smart” devices, including smartphones, televisions and the various devices that make up the IoTs.

Because of its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world, say experts. They add computer systems of financial regulators and financial institutions such as the US Securities and Exchange Commission, SWIFT for financial transfers, investment banks and commercial banks are prominent hacking targets for cyber criminals interested in manipulating markets and making illicit gains.

Hacking targets

Investigators say websites and apps that accept or store credit card numbers, brokerage accounts and bank account information are also prominent hacking targets, from transferring money, making purchases or selling information.

In-store payment systems and automated teller machines have also been altered in order to gather customer account data and personal identification numbers, according to numerous reports.

The media has reported many cases attacks aimed at financial gain through identity theft and involving data breaches. Examples include loss of millions of clients’ credit card details by the US home improvement company Home Depot Inc, US office retail company Staples Inc, US retailer Target Corp and the recent breach of Equifax Inc, the US credit reporting agency.

Some cyberattacks are ordered by foreign governments that engage in cyberwarfare with the intent to spread their propaganda, sabotage or spy on their targets. Many people believe the Russian government played a major role in the US presidential election of 2016 by using Twitter and Facebook to affect the results of the election.

Medical records have been targeted in general identity theft, health insurance fraud, and impersonating patients to obtain prescription drugs for recreational purposes or resale.Although cyber threats continue to increase, 62 percent of all organisations did not increase security training for their business in 2015.

Not all attacks are financially motivated. For example, security firm HBGary Federal reportedly suffered a series of attacks in 2011 from hacktivist group Anonymous in retaliation for the firm’s chief executive officer claiming to have infiltrated their group. In 2014, reports showed that Sony Pictures was attacked by a hacker group to embarrass the company through data leaks and cripple the company by wiping workstations and servers.

Related articles