Cyber crime is big business with nearly half of all cyberattacks committed against small businesses. Three years ago, global researcher Cybersecurity Ventures announced that cybercrime will cost the world $6 trillion annually by 2021 from $3 trillion in 2015. This includes damage and destruction of data, stolen money, lost productivity, theft of personal and financial data, and embezzlement.
For the latest Cambodian Business news, visit Khmer Times Business
Global spending on cybersecurity products and services will exceed $1 trillion cumulatively between 2017 to 2021, which is a year-on-year growth of 12 to 15 percent in the cybersecurity market.
To date, there has been no official data on cybersecurity violation in Cambodia but Ou Phannarith, Director of ICT Security Department of the Posts and Telecommunication Ministry (MPTC) is aware of attacks on small and medium enterprises (SMEs).
Unfortunately, the private sector refuses to report to the authority as they feel that it would affect the company’s image, and eventually lose their customers’ confidence.
“Which is why the ministry does not have any data on cybercrime in Cambodia although we know it happens because affected companies share information when their systems are compromised due to hacking or cyber attacks. They have spoken about this during cybersecurity awareness seminars organised for the private sector,” says Phannarith.
Local SMEs do not know that their security system is not strong enough to detect cyberattacks. “We do not have one system to protect all businesses. Each company and institution has to protect itself. Whether it is effective or not, it is up to each institution to pay attention to their security,” he adds.
“For example, if banks are afraid of losing money, they will invest more in security, meaning that their security system is better. “However, SMEs or smaller businesses are not aware of the risk, so the exposure is higher,” he cites.
In World Economic Forum’s 2018 Global Risk Report, cybersecurity risks have been rising, both in prevalence and disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that were once considered extraordinary are becoming common.
The financial impact of cybersecurity breaches is also rising, with some of the largest costs in 2017 related to ransomware attacks, which accounted for 64 percent of all malicious emails. They include “WannaCry” attack, which affected 300,000 computers across 150 countries, and “NotPetya” that caused quarterly losses of $300 million for several businesses.
The report adds that another growing trend is how cyberattacks target critical infrastructure and strategic industrial sectors, where a worst-case scenario could see attackers triggering a breakdown in systems that keep societies functioning.
Nun Dima, general manager of Coffee MK Mondulkiri Co Ltd, tells Capital Cambodia that the company’s computer system receives numerous threats or scams via the Internet and emails but they are quickly detected or filtered. Coffee MK Mondulkiri exports coffee to Russia, China and Thailand. Most of its transactions are done via the electronic platform.
“We take this issue seriously because we are afraid of losing data and our client’s confidence. We hire our Internet service providers to detect all malware or scams. We pay them $300 annually to have our system, and customers’ data secure,” he adds.
He contends that it is a small price compared to an investment of thousands of dollars per year if it hired a specialist company to set up a security system.
By 2023, Cambodia aims to have transitioned into a predominantly digital economy to improve competitiveness and enrich the lives of its citizens. The government plans to transform the country into a digital economy as Cambodians move on to daily usage of digital tools.
While this is in the works, Cambodia has yet to draft a cybersecurity law to ensure data protection, and prosecution on violations in the cybersphere. It should be noted however, there is some form of legal representation for cybercrime in Cambodia’s Penal Code, though not enough.
“Because technology is evolving, so does cybercrime. A proper law is needed as we move towards a digital economy,” says Phannarith.
Forte Insurance (Cambodia) PLC managing director Youk Chamroeunrith finds that small businesses are not concerned about cyberthreats, allegedly because of their simple information technology security.
“We are aware that commercial banks, microfinance institutions, and the construction sector experience risks but no one talks about it. When their system is hacked, they ask how much is required to restore the website.
“To protect our customers, we offer cybercrime insurance. So far, some 30 companies including financial institutions have taken up policies to protect their business,” he adds.