Genie Sugene Gan, Head of Public Affairs for Asia Pacific at Kaspersky
As countries undergo rapid digital transformation amid the new normal, cybersecurity is at the forefront of everyone’s minds. The question of capacity follows closely – because a nation’s cyber-resilience is only as strong as its resources, expertise, knowledge and citizens’ maturity in this area. Given the unprecedented rate of digitalization, many today are playing catch-up.
This isn’t solely a national problem – the interconnectedness of the online space means there’s potential for a cyber incident in one location to have regional or even global implications. Therefore, it’s imperative to collectively boost our cyber capacities for a safer cyberspace.
With the problem statement defined, we now turn to the “how”. What are the real needs and goals of countries in cyber capacity building, education, and awareness? On September 14, 2021, with more than 1600 registered participants, we discussed ‘Greater Cyber-resilience through Cyber Capacity Building’ at Kaspersky’s third APAC Online Policy Forum (OPF), led by a quality panel of experts:
- Professor Li Yuxiao, Vice President of the Chinese Academy of Cyberspace Studies, and Secretary General of the Cyber Security Association of China;
- Professor Gabriel Kim Seungjoo, Head of the Department of Cyber Defense of Korea University, and a Member of the Presidential Committee on the 4th Industrial Revolution;
- Director Craig Jones, INTERPOL’s Cybercrime Director;
- Mr. Chris Connell, Managing Director, APAC, Kaspersky; and
- Miss Genie Sugene Gan, Head of Public Affairs, APAC, Kaspersky, as moderator.
The panel agreed that in light of the evolving sophistication and complexities of cyberattacks, more can be done across the region to safeguard our collective cybersecurity. As to how to do so, there’s no one-size-fits-all approach, and this sparked a lively discussion on a range of cross-cutting strategies from cross-border coordination, public-private partnership, trust, bridging the cybersecurity skills gap, prioritization, capacity-building, education, and more.
Three key takeaways from the discussion were:
A. Bridging the cybersecurity skills gap
Professor Kim highlighted the need for security experts across domains to possess in-depth knowledge of the systems and threats specific to their domain, along with hands-on experience to be ready for activation. To fill the gap, higher education, as a starting point, plays a key role in providing the resources (e.g., data driven exercises) for students to hone practical skills. Professor Li stressed the urgency to act fast, and accelerate the development of cyber capacity building, given that cyberattacks are significantly impacting the region.
In addition to higher education, Professor Li also emphasized the role of markets in driving higher levels of cybersecurity. As demand for the quality and quantity of cybersecurity products is ultimately driven by users, including government, industry and society, more interest across sectors is needed to accelerate the growth of the cybersecurity industry. This in turn spurs more technical creativity and innovation to develop quality systems and products to mitigate against cyber threats.
B. Building trusted partnerships
With a consensus that everyone has a role to play, the discussion then centered on how to synergize our collective efforts. Director Jones shared how INTERPOL leveraged its expertise and networks to set up its ASEAN Cyber Capacity Development Project. Besides convening countries to jointly identify capability and capacity gaps, needs and solutions, INTERPOL also set up a joint operations desk in Singapore to work with CERTs and private partners across ASEAN in the identification of malicious actors, vulnerabilities and more, in real time.
Mr. Connell also expressed how companies with relevant expertise like Kaspersky can contribute to efforts by educating governments, businesses and schools on ways to protect themselves against ICT supply chain attacks through Kaspersky’s Cyber Capacity Building Program.
Foundational to effective partnerships is trust, particularly around data sharing, which both Professor Li and Professor Kim highlighted. Professor Li emphasized the importance of thinking beyond sector silos to exchange information (e.g., on performance and capacity) in order to mount a holistic cyber defense. Nevertheless, given the value of data as an asset, Professor Kim explained why organizations may thus be hesitant to share data with schools for training purposes, or with potential competitors for coordination during a supply chain cyberattack. In this landscape, it is therefore important to study how to engineer trust in information sharing systems and processes, for long-lasting and effective partnerships.
C. Prioritization
Nevertheless, we cannot assume that everyone is convinced of the need to prioritize cybersecurity. In fact, to focus resources to combat COVID-19, some nations have been set back in their efforts to formulate and implement national cybersecurity strategies, and some businesses still struggle to digitalize safely.
To put cybersecurity at the forefront of the agenda, Director Jones described how INTERPOL aggregated national and regional data to give key stakeholders a more complete and compelling picture of the significant impact of cyber incidents, and thus the pressing need to act. The data also proved critical in enabling more informed decision-making, and showing the interconnectedness of the problem and therefore solutions.
Within countries, it is then a question of which efforts to prioritize. The panel focused on the need to inculcate cybersecurity awareness. Professor Li remarked that while China has launched various laws and polices (e.g., Cybersecurity Law, Personal Information Protection Law, Critical Information Protection Legislation, etc.) to ensure cybersecurity, it was equally important to convince the public of the value of cybersecurity and its stake in it. Likewise, Mr. Connell shared Kaspersky’s commitment to supporting education by making awareness building a priority in our outreach efforts.
Conclusion
Acknowledging that we have made notable improvements in building public private partnerships, the panel also reiterated that the battle is not over, and there is more work to be done to combat cyberattacks and malicious actors given the evolving nature and increased frequency of threats.
A full recording of the Forum can be viewed here: https://youtu.be/G0r_GKEX8B0. And remember, as Director Jones put it, if something is too good to be true, it normally is!
We look forward to welcoming you at our future events.