{"id":106641,"date":"2020-03-02T06:00:53","date_gmt":"2020-03-02T14:00:53","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=106641"},"modified":"2020-02-25T13:05:59","modified_gmt":"2020-02-25T21:05:59","slug":"policy-asia-pacific","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/03\/policy-asia-pacific\/","title":{"rendered":"5 Cybersecurity Issues to Address in the Asia-Pacific Region"},"content":{"rendered":"

As technology develops, the cybersecurity industry faces shifting challenges and opportunities. As a global cybersecurity company, we\u2019re always working to identify key areas of focus for different regions. Here are some of the major cybersecurity issues we see on the horizon for the Asia-Pacific region.\u00a0<\/span><\/p>\n

 <\/p>\n

Today\u2019s 4G problems are setting the scene for 5G.<\/b><\/h4>\n

While we\u2019re still a fair way off widespread adoption, we\u2019ve already started to see early 5G trial services launched in Australia, Singapore and South Korea. For instance, <\/span>Singapore<\/span><\/a> has begun its experiments in cloud gaming, autonomous vehicles, smart estates and the food and beverage industry. <\/span>Once deployed successfully, 5G networks will hold the potential to unlocking autonomy, impacting the entire economy from sectors such as transportation and supply chain to manufacturing, to a high degree.\u00a0<\/span><\/p>\n

Before we even start to consider the rollout of 5G, however, 4G networks today are still vulnerable to a myriad of attack modes, from spam to eavesdropping, malware, IP-spoofing, data and service theft, DDoS attacks and numerous other variants.\u00a0<\/span><\/p>\n

 <\/p>\n

Prediction: 4G will remain the priority for the majority of Asia Pacific.\u00a0<\/b><\/h4>\n

While 5G\u00a0 will continue to evolve alongside 4G networks, the era of 5G isn\u2019t quite upon us yet. In some APAC countries, 4G has only just been rolled out, so it will be some time still before 5G networks hit critical mass. According to forecasts by <\/span>GSMA<\/span><\/a>, 4G will still account for 68% of global mobile users by 2025 in this region.\u00a0 Many rural areas could still operate under LTE models, simply due to the longer range of 4G, compared to 5G\u2019s mmWave.\u00a0<\/span><\/p>\n

If existing security risks are not dealt with and roll over, mobile ISPs could be the first point of failure during a cyberattack, and vulnerabilities, such as unsecured IoT systems, could be amplified exponentially under 5G if not addressed at 4G. New cybersecurity approaches are needed today, including adopting a preventive approach to security,\u00a0 increasing levels of security automation, establishing contextual security outcomes and integrating security functions with APIs. We foresee that 4G will continue to be targeted by hackers as a potential gateway to 5G networks over the next few years.\u00a0<\/span><\/p>\n

 <\/p>\n

The talent shortage isn\u2019t what you think it is.\u00a0<\/b><\/h4>\n

Much has been said about the lack of cybersecurity talent globally and the critical skills gap that persists. The latest research puts the current shortage at 2.14 million in the APAC region, according to the <\/span>(ISC)\u00b2 2018 Cybersecurity Workforce Study<\/span><\/a>, making this region likely to be the worst affected.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n

 <\/p>\n

Prediction: Curious minds and problem solvers wanted.<\/b><\/h4>\n

The demand for cybersecurity will continue outstripping the supply until there is a fundamental shift in mindset. Two complementary approaches will be required to address this challenge: the adoption of automation and exploring alternative sources of talent.\u00a0<\/span><\/p>\n

Automation is going to be a key element in the future of cybersecurity because human operators should not be required \u2013 and expected \u2013 to do everything. Instead, they need to harness skill sets that cannot be automated and focus on higher-order tasks, such as problem-solving, communication and collaboration. This will necessitate a reexamination of today\u2019s security operating centre (SOC) structure, and a corresponding change in the types of professionals needed for these new roles, in order to accurately identify and fill some of these gaps. Companies and recruiters need to stop searching for unicorns (they don\u2019t exist!) and start looking in the right wells for talent.\u00a0<\/span><\/p>\n

In 2020, we expect to see greater evaluation of EQ rather than IQ to find curious minds with problem-solving skills, be they engineers, analysts or even communications specialists.\u00a0 Investments need to be made to upskill and cross-skill these overlooked sources and groom these capable individuals into the talent we need.\u00a0<\/span><\/p>\n

 <\/p>\n

Navigating IoT will become a minefield for everyone.<\/b><\/h4>\n

Asia Pacific is projected to be the global IoT-spending leader in 2019, accounting for approximately 36.9% of worldwide spending, according to<\/span> IDC<\/span><\/a>. Yet <\/span>even today, security can come as an afterthought in product development. Some connected devices continue to be shipped out with no viable means of receiving software updates and security patches, leading to common vulnerabilities that can be exploited easily.\u00a0 This issue will be further exacerbated by the growing number of potential threats to IoT security, such as DDoS attacks, in 2020.\u00a0<\/span><\/p>\n

 <\/p>\n

Prediction: Your wireless doorbell might welcome more than your visitors.<\/b><\/h4>\n

In 2020, we will see the evolution of IoT security play out in two key spheres: personal and industrial IoT. From connected doorbell cameras to wireless speaker systems, we will see a growth in attack modes coming in via unsecured apps or weak login credentials. This threat is further complicated by the emergence of accessible deepfake technology, which can pose a threat for voice- or biometric-controlled connected devices. The mimicry of what were once the strongest biological identifiers to access and control connected systems will have an impact beyond the homes of individuals and into the enterprise environment.\u00a0<\/span><\/p>\n

For enterprises, one sector in which we expect to see significant changes take effect is manufacturing, a key pillar of many Asian economies. Manufacturers are looking to deploy sensors, wearables and automated systems as a way to streamline production, logistics and employee management via data collection and analytics. Organisations will need to ensure that these connected devices can leverage automated features, such as built-in diagnostics, continuous vulnerability scanning and advanced analytics in order to remain on top of threats.\u00a0<\/span><\/p>\n

Connected devices will need to be continuously retrofitted and updated in order to remain secure.\u00a0 There also is a growing trend among governments globally - including those in Asia Pacific- to issue guidance or regulations related to IoT device security.\u00a0 Further, efforts also are ongoing in industry standards groups to develop relevant security standards for IoT devices, such as the draft <\/span>ISO\/IEC 27037 standard<\/span><\/a>.\u00a0 We also expect prioritisation of public education to accompany the rapid growth and adoption of connected devices.\u00a0<\/span><\/p>\n

 <\/p>\n

The data privacy lines get blurrier.\u00a0<\/b><\/h4>\n

The Internet Society\u2019s 2018 survey<\/span><\/a> on Policy Issues in APAC found over<\/span> 70% of respondents would like to be given more control over the collection and use of their personal information. However, <\/span>most people don\u2019t think twice about trading personal information for short-term benefits, such as trending apps, mobile gaming or online contests. Such behaviour is echoed by both a <\/span>low awareness<\/span><\/a> of cybersecurity hygiene in some emerging markets and a perceived complacency in others, such as <\/span>Singapore<\/span><\/a>.\u00a0\u00a0<\/span><\/p>\n

To help address this growing problem and protect citizen data, regulatory momentum is building around the implementation of more stringent local data privacy laws. Some countries, including\u00a0 <\/span>Thailand<\/span><\/a>, have passed new laws to govern the protection of data, pressuring businesses to pay closer attention to the data they collect, along with how it\u2019s shared and used. While some efforts \u2013 such as Japan\u2019s recent updates of its data privacy law \u2013 have been spearheaded by compliance with the European Union\u2019s GDPR, it is important for enterprises to note the varying states of maturity and local nuances.<\/span><\/p>\n

 <\/p>\n

Prediction: More data privacy legislation, and the data sovereignty-security paradox.\u00a0<\/b><\/h4>\n

We expect additional data privacy legislation to emerge in the region. Both<\/span> Indonesia<\/span><\/a> and<\/span> \u00a0India<\/span><\/a> have been working on personal data protection bills for the last few years, although the timing for if and when these become final is unclear.\u00a0 A growing number of proposals in the region also would require housing data in its country of origin; these tend to be driven by privacy and security concerns. The latest draft of Indonesia\u2019s Government Regulation No. 71 of 2019 would mandate that public agencies must manage, process and store data within Indonesia (according to unofficial translations). We expect more regulatory proposals that regulate or restrict the movement of data across borders, particularly public sector information. In response, it is likely that companies may look to build more data centres locally to support in-market customers better.<\/span><\/p>\n

However, it is important to note that establishing localised data centres does not necessarily result in data being more secure.\u00a0 Individual end users or corporations are increasingly connected and vulnerable to global incidents, as cyberthreats do not respect national borders. To manage this effectively, companies will need to regularly evaluate the value of the information they collect and control its access.<\/span><\/p>\n

We foresee that enterprises will need to pay even closer attention to their data flows in a highly interconnected region like ASEAN. Despite efforts to create a regionally harmonized approach to personal data protection\u2014such as via the voluntary<\/span> APEC Cross-Border Privacy Rules<\/span><\/a>\u2014there is no true harmonization.\u00a0 To create a framework that best serves the region, close collaboration between the private and public sectors will be needed to evaluate how breaches are identified and defined in the face of continuously emerging threats.<\/span><\/p>\n

 <\/p>\n

The cloud future has arrived: Don\u2019t get lost in turbulence.<\/b><\/h4>\n

There is a complicated mix of attitudes and degrees of cloud adoption across the region. To add to the complexity, misunderstandings still persist around the benefits of virtual versus physical.\u00a0<\/span><\/p>\n

All things said, the forecast for cloud adoption shows clear skies ahead. For CIOs in Asia, the cloud journey will boil down to enterprise maturity and having a clear understanding of what a move to the cloud should mean for their digital transformation strategy. We\u2019ve also started to see governments in ASEAN take small steps towards this transformation; agencies in Singapore, Thailand and Malaysia have all announced ventures in the public cloud space, while Indonesia is expected to be Asia's next big data centre hub.\u00a0<\/span><\/p>\n

 <\/p>\n

Prediction: More confusion on configuration.<\/b><\/h4>\n

Commissioned by Palo Alto Networks, Ovum\u2019s Asia-Pacific Cloud Security Study has found that 80% of large organisations view security and privacy as key challenges to cloud adoption.\u00a0<\/span><\/p>\n

Key findings include:<\/span><\/p>\n