Asia Accelerates Digitalization Amid Pandemic

The country is capitalizing on its regional connectivity, diversity of population and talent to attract digital investments and be the springboard for technology exports in the ASEAN region.

For over 500 years, Malaysia has been recognized as a trading powerhouse. Thanks to its strategic location along the Straits of Malacca and at the heart of the Association of Southeast Asian Nations (ASEAN) region, its trading credentials today continue to flourish, with foreign investments continuing to make its way into the country.

Approved foreign investments in manufacturing, services, and other sectors surged 95.6% to US$19 billion in the first quarter, according to the Malaysian Investment and Development Authority (MIDA).

“Malaysia has always been a trading nation,” says Raymond Siva, Senior Vice President of Investment and Brand, and Chief Marketing Officer at the Malaysia Digital Economy Corporation (MDEC). “We are not only the center of the ASEAN region, we are multicultural, multilingual, have a digitally-skilled talent pool, ready infrastructure and mature ecosystem investors can rely on.”

Even as Malaysia continues to record strong investments, the country isn’t resting on its laurels. Instead, MDEC is ensuring that it does not only attract traditional investments into Malaysia but more importantly, digital investments too.

“We have always been a prime mover as the heart of ASEAN for trade, so the logical next step is to become the heart of digital ASEAN.”

– Raymond Siva, Senior Vice President of Investment and Brand, and Chief Marketing Officer at the Malaysia Digital Economy Corporation (MDEC)

Siva says this is why MDEC has teamed up with MIDA to form the Digital Investment Office (DIO) as a single window to ensure that investors can quickly gain investment approvals through a more streamlined process.

Complementing the establishment of the DIO, the two agencies have jointly launched a portal called “Malaysia Heart of Digital ASEAN,” a single repository of information investors can rely on to discover how they can invest in Malaysia.

Since its inception in April this year, MDEC and MIDA have committed to promote quality investments, in line with the government’s aspiration to attract US$16.5 billion worth of digital investments that could boost the contribution of digital products and services to Malaysia’s GDP to 22.6% by 2025 from 19.1% currently.

Siva says the DIO and “Heart of Digital ASEAN” portal are a natural evolution of Malaysia’s traditional trading strengths, as it has always been at the forefront of leveraging digital technologies as a catalyst for growth.

“MDEC is celebrating its 25th anniversary this year and after a quarter of a century, we are aiming at a refresh,” Siva says. “We have always been a prime mover as the heart of ASEAN for trade, so the logical next step is to become the heart of digital ASEAN.”

Strategy To Spur Growth

Underpinning MDEC’s emphasis on digital investment is its “Digital Investments Future5” (DIF5) strategy. The five-year plan that runs from 2021 to 2025 focuses on five key thrusts aimed at attracting high-quality investments to boost Malaysia’s digital economy. These thrusts are:

• 1. Attracting investments of RM50 billion (US$11.8 billion) in the digital economy;
  2. Zooming in on five key industries, five focus and emerging technologies and the growth of digital global business services;
  3. Attracting 50 globally renowned tech companies to land and expand in Malaysia;
  4. Establishing five unicorn startups in Malaysia; and
  5. Creating 50,000 high-value jobs in the Multimedia Super Corridor.

The five key industries that have been identified are: agriculture tech, health tech, Islamic digital economy and fintech, clean energy tech and education tech.

The five focus technologies MDEC has identified are cloud computing, data center, artificial intelligence, cybersecurity and digital content tools. Complementing these are five emerging technologies: blockchain, drone technology, edge computing, extended reality and advanced robotics.

“All of the above technologies will increase the economic complexity of the nation and help develop new and existing economic clusters,” says Siva. “This will create high value job opportunities and extend domestic economic linkages.”

To further bolster Malaysia’s digital investments, Siva says MDEC will also increase efforts to grow its digital global business services sector by encouraging the use of robotic process automation, data analytics and knowledge engineering.

“We are inviting investors to look at Malaysia because we are very focused on these five key sectors and technologies,” says Siva. “By doing so, they will be able to collaborate with local ecosystem players and take advantage of Malaysia being the heart of digital ASEAN. From here, we believe they can export their technologies, products and services to other countries in the ASEAN region.”

MDEC will establish more centers of expertise, which will enable the Malaysian workforce to move up the value chain and form the next generation of tech talents in the country’s digital economy, he adds.

Increasing Investments

Malaysia continues to attract new investments this year, according to Siva. For example, data analytics company Clarivate recently established its global business center in Penang, creating between 150 and 200 new jobs for Malaysians.

Global real estate technology group Juwai IQI recently made Kuala Lumpur its headquarters for global research and development. This would eventually lead to the creation of a data and technology team comprising 1,000 employees.

In August, German industrial manufacturer Schott established its new IT competence center to coordinate IT activities across 45 production plants and seven business units worldwide.

Other global technology firms with operations in Malaysia include NTT, Hitachi Sunway Information Systems, transcosmos and DKSH CSSC, all of whom continue to show confidence in the country by increasing investments in Malaysia.

“We are witnessing an unprecedented growth in the digital economy and investment into this sector, but we want to do better,” says Siva. “With the establishment of the DIO, Heart of Digital ASEAN portal and the successful execution of the DIF5 strategy, we will definitely increase our digital economy needle forward.”

Businesses urgently need to take prompt and preventive action to safeguard their critical infrastructure against cyberattacks.

Amid the challenges posed by the global pandemic, businesses over the past 18 months had to deal with a rise in ransomware attacks on their digital infrastructure. The threat has been heightened by hackers exploiting loopholes in hastily adopted work-from-home arrangements in response to Covid-19 restrictions.

The high-profile cyberattack on Colonial Pipeline in the U.S. earlier this year has proven to be a wake-up call for the global supply chain. Reflecting the extent of the problem, the Ransomware Task Force declared in April that ransomware “has become a serious security threat.”

“Cybersecurity has become more prominent in political discourse and countries are looking at how to combat the problem at a national and international level,” says Eric Hoh, President for Asia Pacific at FireEye Mandiant, a U.S.-based cybersecurity specialist. “Companies are being extorted for tens of millions of dollars as a result of cyber intrusions. The daily headlines alone showcase the significance and the growth of this problem in recent years.”

Multifaceted Extortion

In the past year, there has been a notable shift by financially motivated cyber actors towards ransomware. The M-Trends 2021 report by FireEye Mandiant showed that 25% of Mandiant’s incident response engagements in 2020 involved ransomware, up from 14% in the previous year. However, ransomware is only one part of a bigger problem.

“Ransomware is a single aspect of the multifaceted extortion that cyber criminals are levying against their victims,” says Hoh. “It’s no longer about just being denied access to your files and data. Now attackers are stealing the data before they encrypt it. That data could be intellectual property, customer data, HR files, or any other sensitive data.”

Threat actors employ a variety of other extortion tactics to coerce victims into complying with demands. For instance, they can threaten to publish sensitive material that they have stolen from an organization, resulting in regulatory and legal consequences and potentially reputational damage.

“Attackers will coerce and shame victims, by contacting their customers, partners or even competitors,” says Hoh. “Many organizations hear ‘ransomware’ and think of a malware that encrypts files. The reality though today is that these attacks can have far greater consequences than just being locked out from accessing your data.”

Pandemic Boosts Cyber Risk

The global pandemic is also making it easier for threat actors to penetrate secure systems. With more people working from home, workers who were previously protected by enterprise grade security in their office networks are now only shielded by consumer grade security at home.

“Work from home arrangements have resulted in the attack surface growing significantly, and it has become harder for security operations teams to investigate potential security incidents if they take place on remote home networks,” Hoh explains.

However, he noted that most organizations in Asia Pacific are well aware of the heightened risks and have used solutions such as “Remote Security Assessments” to assess and mitigate the threats.

The pandemic has also created new targets for cyberattacks in the form of organizations that are trying to fight the spread of coronavirus. In the past year there have been attacks on agencies that regulate vaccines as well as attempts to gain access to Covid-19 research.

Room For Improvement

The good news is that organizations are getting better at defending themselves, capable of finding and containing adversaries faster than in previous years. A metric known as “dwell time”—which measures the time between the moment of cyber intrusion to its discovery—has been reduced from over one year in 2011 to under one month in 2020, according to FireEye.

“It’s a dramatic improvement but one month is still far too long to have an undetected intruder in your network, so there’s still plenty of room for further improvement,” says Hoh. “APAC organisations sometimes feel that their country might not be a target, or that their industry might be one that is excluded from cyberattacks, or that if a cyberattack happens it will only impact their IT systems and not their business. All of these are bad assumptions.”

Identifying Security Gaps

Indeed, while the average organization has between 30 to 50 layers of security controls and may pass audits and regulatory compliance, many victims still fall prey to attackers based on incorrect assumptions. As such, businesses today are looking for a way to quantify and measure security effectiveness, rather than rely on assumptions.

“Security validation” which goes beyond traditional auditing and provides risk assurance, is a new tool cybersecurity experts are employing. “When a new type of attack makes headlines and management is asking: ‘Are we vulnerable?’ It’s often hard to get a definitive answer to that question,” says Hoh. “Security validation provides a way to get those answers and assurances.”

Companies should also hire an “external red team” to assess if their tools, people and processes can defend the network and prevent the worst-case scenario following a ransomware attack.

“If you think your security program is in order and operating well, do this reality check as a first step,” says Hoh. “It’s easier said than done, there will be resistance internally. No one wants to be put in a position where they might fail. This isn’t about winning or losing, it’s about sparring to build muscle.”

Advanced Automated Solutions

Automation is emerging as a cutting-edge solution against cyberattacks. While cybersecurity automation has existed for some time in the form of Security Orchestration Automation and Response (SOAR), organizations are now going beyond automating security processes and starting to automate security analysis.

While this is a harder outcome to achieve, there are new offerings which complement SOAR and provide automated analysis such as the Mandiant Automated Defense.

“Having automated analysis that works at machine speed, never gets tired, never suffers from alert fatigue and can work 24 x 7 x 365 is a different type of automation that helps to counterbalance the challenges organizations face from the shortage of available human talent,” says Hoh.

Beyond Technology

However, technology alone will not effectively mitigate cyber risks. Cybersecurity services should also be part of the overall approach.

“Planning for an event that you’ve not previously experienced can be quite challenging, but not if you get help from those who have the experience,” says Hoh. “A ransomware defense assessment won’t add to your technology stack, but it goes a long way in making you cyber resilient.”

Looking ahead, Hoh expects ransomware and cyberattacks to increase in the coming years, as businesses aggressively drive digital transformation.

“Dependence on digital services will grow as these services become foundational instead of just convenient and the cost we pay when something goes wrong increases proportionally,” says Hoh. “In the future, the arms race will continue between attackers and defenders as the stakes get higher.”