Unlocking ASEAN’s emerging markets potential with cybersecurity


By Britta Glade, Director of Content, RSA Conferences
RSA-Conference-2016-APJ-horizontal-largeASEAN’s increasing connectivity coupled with the rapid adoption of advanced technology is driving the rise of a digital economy ripe with potential. People and businesses have better access to information across borders and governments are beginning to build foundations to support the ecosystem of innovative startups.

Encompassing economies at vastly different stages of development but sharing immense growth potential, it is easy to see why businesses foresee myriad business opportunities there. Thailand sets an example of rapid economic growth; it has managed to boost itself to an “upper-middle income economy” from a low-income country back in the 80s. Myanmar, despite being one of the poorest countries in the region, has an economy that is steadily growing with an expected GDP growth of 8.4 per cent in 2016, higher than Singapore’s, a more developed country, at 2.0 per cent.

Connecting and expanding businesses
Today, internet access in Asia Pacific is growing at a steady rate of 7 per cent, and is expected to continue through to 2019, with internet user growth in the region largely attributed to the widespread adoption of smartphones in emerging markets. Smartphone adoption is accelerating at a staggering pace, expected to nearly double from 1 billion unique users in 2014 to 2 billion users in 2019. In Myanmar, the number of mobile subscriptions doubled from 15 million in 2014 to more than 30 million today. This combination is changing how businesses’ strategies and goals in engaging with customers are shifting.

Doing business online reduces transaction costs and easily overcomes distance constraints, reducing barriers to new market entry while allowing organisations to reach a broader market. This brings endless network opportunities and access to a wider customer base as organisations are able to respond faster with better connectivity, in a cost efficient manner.

On top of that, businesses can reach a more targeted customer base and forego the need of having to spend on travel – which all leads to cost-efficiency. A simple analogy is the online retail sector – although e-commerce is still at its infancy stage in most emerging countries – businesses are able to extend their presence much more easily than before. Zalora, a South East Asia fashion shopping website, recently expanded to Thailand and Vietnam, capitalising on its online business approach to streamline its operating costs. Exponential growth opportunities are available to retailers as internet becomes more accessible and more end users go online, if they start off the right foot.

Know the risk before diving in
Unprecedented opportunities and attractive business returns are available to Australian organisations looking to expand into emerging countries such as Indonesia, Thailand and Myanmar. As these countries’ economies open up, domestic and international businesses are expanding into these markets and reach a much larger audience. Yet, organisations should also be aware that emerging markets carry higher risks than the average investment, including foreign exchange rate risks, poor corporate governance system, and political instability. Putting the right cybersecurity measures in place, therefore, has to be at the core of any expansion business strategy.

With ASEAN populations becoming more digitally-savvy and businesses more connected, more data is being stored and exchanged in the virtual realm. Therein lies the risk of cyber-threats as an important gating factor to success. The SWIFT cyber-heist, for example, saw a US$81 million loss of funds across countries including Vietnam and Bangladesh, illustrating the need for strong and effective cybersecurity in both personal and business sectors. Cybersecurity risks entail much more than just data breaches and privacy issues; they also include intellectual property theft, cyber extortion, and the chain effects of business interruptions and reputational damage.

Designing your business’ cyber-defense blueprint

  1. Research. In a new environment, organisations need to research and abide by existing governance and regulations. This is just as important as researching the business drivers unique to each market. Cybersecurity readiness starts with having a comprehensive understanding of both internal and external vulnerabilities that can affect any business, such as how hackers can gain unwarranted entry – including their different methods and motives. An effective cybersecurity strategy cannot work in isolation. Improve public-private-partnership and know the governance and regulatory bodies that you can seek help or guidance from, such as Indonesia’s Cyber Security Agency (BCN).
  2. Identify. Next, identify the different types of cyber fraud schemes and common threats – from phishing and spoofing scams, social engineering, malware, systems hacking to pharming – which your business is vulnerable to. This will provide an indication of the security maturity in the country.
  3. Inform and Educate. Businesses should then develop a security policy that is ingrained into their corporate culture. Keeping employees regularly informed of cybersecurity risks is one way to fortify the overall IT security strategy, as some security breaches can be due to ‘human error’, such as employees’ oversight. The policy must seep through every process and decision of the business. Organisations should also educate employees about the warning signs, safe practices, and responses to a suspected takeover.
  4. Verify. Businesses should verify financial requests and confirm details preferably face-to-face or via the phone. Don’t rely on emails to converse about any financial transaction. Businesses should also use a two-step verification process to ensure tighter security in approving outgoing funds. This helps protect from any information leaks, hacks or losses.
  5. Protect. Cybersecurity has always been a technological battle between organisations and threat actors. Businesses should always ensure they have the necessary and most updated technology, processes and procedures to secure and control access to critical information before taking the plunge. In addition, organisations should bridge the gap between digital and physical cybersecurity controls (access, biometric, etc.) that streamline security operations while strengthening the overall defense.
  6. Detect & Automate. Leverage analytics and the corresponding wealth of threat intelligence from internal and external sources to drive programmed responses, both reactive and proactive, in the face of actual or threatened attacks.
  7. Respond & Counter. Last but not least, business should have an automated incident response plan to restore affected systems and services to enable business operations to return to normal. As cybercrime escalates and protection and preparedness becomes vital for every organisation, working together will help deal with any arising threats.
  8. Finally, Replicate. As mobile adoption sees a significant growth in emerging countries with better internet connectivity, organisations can apply the above considerations for the next phase of business expansion.

Businesses have to ensure that their data is secure and impenetrable. With the right measures and practices to tackle cybersecurity challenges and cover the important bases, organisations can confidently take the first step into tapping these markets. As the adage goes, a good start is half the battle won.