An AWS study in February on the changing digital skill requirements in the region has identified that there will be an acute shortage of digitally skilled workers by 2025 across the 6 countries - Singapore, Australia, India, Indonesia, Japan, and South Korea. To keep pace, the average worker will need to gain seven new digital skills by 2025.
iTNews Asia speaks to Ryan Murray, Director (APAC) at cyber security solution provider HUMAN about the new digital security skills required, what companies can do to increase their competencies, the gap in digital literacy between countries and how we can address the gaps.
iTNews Asia: What does digital security skills entail, and why is it important? What cyber security competencies will all workers need to have to supplement these skills?
At the heart of possessing digital security skills is vigilance. Many humans dismiss spam emails and are infrequently exposed to phishing attempts because they are obvious. In 2019, Verizon found that 94% of malware is sent through email, and while email servers can help to identify these emails, the onus still lies on the user to avoid becoming a victim.
The usage of secure, non-default passwords, as well as knowing how to store and access sensitive data – at the individual and corporate levels – is the least that is required. The former is a misstep that many humans fail to address, which allowed the 2016 Mirai DDos attack to occur when hackers targeted end devices that were using default passwords, resulting in internet outages across the US.
Workers in more technical functions will need additional digital security competencies, specifically mathematical excellence and a hacker mindset with an astute ability to identify and detect a variety of attacks. But as a whole, regardless of function, all humans need to remain alert and aware about the potential cyber security threats in their job scope which they can play a direct role in combating.
iTNews Asia: How can companies go about striving to improve digital security skills among workers?
Many workers may have undergone cyber security training at some point, but today’s challenges are so different than they were 5 or 10 years ago, so reskilling is important. There needs to be increased training at the most fundamental level – as mentioned previously regarding changing of passwords regularly and saving data securely.
These examples may sound basic but are a foundation for ensuring the most prevalent vulnerabilities are addressed, allowing companies to work towards preventing more sophisticated cyber attacks.
Many workers may not find cyber security training important, so maintaining periodic reviews of training manuals is crucial. For example, gamify training in which participants earn points by “catching the phish”. We do similar training exercises at HUMAN with our own staff through educational tools which are relatively cost effective.
Of course, cyber security training is just a start – companies also need to invest in hardware and software solutions to ensure that they’re equipped to prevent more sophisticated attacks. Businesses need to work towards developing all-rounded strategies with the appropriate investments and expert partners to ensure their long-term success.
iTNews Asia: For industries where cyber security is already crucial, what are the potential gaps that need to be taken note of? As more industries invest in their cyber security, what are the key areas they should focus on?
Most antivirus software can easily detect characteristics of a bot, but in response, many hackers are deploying deceptive bots which appear to conduct movement as a real human. While bots in the past were typically flagged due to their erratic activity, today’s bots not only behave less irregularly but also operate out of residential IP addresses to evade detection.
Businesses in Asia are underprepared and generally unaware of the impact that sophisticated bots are having on their marketing outcomes. Because of how insidious these methods are, and the technical expertise required to spot them, it’s difficult to train individual workers to prevent sophisticated bot attacks. Adopting the appropriate software solutions is thus paramount. Companies need to be more thorough in investigating every interaction in order to more effectively detect bots.
iTNews Asia: What are the driving forces in Asia that have necessitated a greater awareness of digital security and the need to incorporate it into standard business operating processes? Why is it especially relevant now?
Online access, usage, and adoption is rising in Asia amongst individuals and businesses moving digitally. As many countries experience rapid economic growth, exemplified by the explosion of ecommerce and fintech solutions like mobile payments, it’s not surprising that digitalisation extends into the corporate space too. According to Thales, 45% of all corporate data in APAC is now stored in the cloud.
The pandemic has also accelerated the adoption of digital solutions, which leads to greater need for security and protection investment to defend against attacks. VMWare Carbon Black found that 93% of Singaporean businesses experienced more attacks in 2020 due to employees working remotely, while 25% in Japan view hacks on Google Drive (adopted by many companies during the pandemic) as the top cause of breaches. This demonstrates the need to train workers in using their given software securely.
On a global scale, the SolarWinds attack is a recent example of how even large enterprises are vulnerable to data breaches. More concerning for Southeast Asia, Kaspersky Lab found that the number of phishing attacks targeted at Server Message Blocks (SMBs) in the region rose by 39% in the first half of 2020 compared to 2019.
In the context of ever-increasing rich and accessible data found on the net, coupled with potential vulnerabilities due to ever-shrinking budgets brought about by the pandemic, cyber security breaches are more likely than ever. Attackers like low risk, high reward vectors to exploit.
iTNews Asia: The AWS report identifies unevenness in digital literacy between countries - what implications will this have in the future for Asia, and what is causing this unevenness? What consequences do you foresee if this gap is not filled?
Much of what is causing the unevenness is simply that certain economies – Singapore, Taiwan, Hong Kong, Japan, and South Korea – have been leading technological developments for decades. Technology is a much more prevalent part of people’s lives both inside and outside the workplace, so workers naturally possess stronger digital literacy here compared to other countries in Asia.
If the gap in skills is unaddressed, growth achievement and total factor productivity of the country or region is likely to lag behind expectations. Companies could end up spending more time playing catch-up and addressing cyber security breaches, rather than forward investing and mitigating attacks – reducing risk before bad things happen.