THE pandemic has caused global economic havoc and social disruption. The worst of the effects are only being felt almost a year after the world went into lockdown.
Though people were forced to stay indoors, by law or by fear, there was a lot of movement digitally. In Southeast Asia, increased use of online video platforms, companies reformatting enterprise solutions towards out-of-office work and even work-at-home women, especially mothers became either cybersecurity threats or pandemic induced gender issues.
A report on CNBC observed that some 40 million Internet users in the SEA came online for the first time in 2020, many of whom were from non-urban areas in Singapore, Malaysia, Indonesia and the Philippines. While Google, Temasek Holdings and Bain & Company reported how a surge in the use of digital services like e-commerce, food delivery and online payment due to the coronavirus pandemic occurred in the region.
The increased digital presence and creation of new netizens opened opportunities for cybercriminals to do their bidding. The online newbies count among the most vulnerable to cyber threats, but regular Internet users have yet to cope up with cyberhygiene, or in the case of work-from-home (WFH) moms, putting up with efficiency, autonomy and equality in the home-workplace.
Security expert Kaspersky released two reports, the first one from its Global Research and Analysis Team (GReAT) which explores how cybercriminals took advantage COVID-19’s disruption and what the cybersecurity threat landscape appears to look like in 2021 in the region. The second report, called “Women in Tech, Where are we now? Understanding the evolution of women in technology,” talked about gender related issues in the sphere of technology and WFH.
“2020 however has seen an unparalleled adoption of technology, and an increase in attack surface that is ripe for potentially more successful breaches. Those who have been quick to come on board this transformation must also be just as vigilant to protect themselves. As always, social engineering remains to be one of the most effective attack vectors and just as much as technology, a strong focus on education and awareness is needed more than ever,” says Muhammad Umair, Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.
CAPITALIZING ON FEAR
Cybercriminals capitalized on people’s fear of COVID-19 and used healthcare as a bait for different attacks targeting medical equipment in countries where digital transformation has just begun.
This fear made the health sector has become one of the most vulnerable. Cybercriminals posing as government regulators or even the World Health Organization have fooled many. In 2020, interest in medical research surged among cybercriminals specializing in targeted attacks, spurred by the development of the much anticipated COVID-19 vaccine and its potential significance for the global community.
A government database with personal data of 230,000 COVD-19 test-takers in Indonesia was breached in May. Meanwhile, in Thailand, a hospital confirmed four years’ worth of patient records were affected by an attack in September.
Attacks on the healthcare field as a cyber threat target is a worldwide trend. Kaspersky experts have projected an increase in attacks on medical equipment in countries where digital transformation in healthcare is burgeoning
All across the SEA region, there has been an increased push towards remote health monitoring solutions and online health consultations, motivated by the goal of reducing contact. This means an ever-increasing number of patient data is coming online as well as the increase in attack surface throughout the health sector. According to Kaspersky researchers, this trend will continue through 2021.
DIGITALIZATION AS A WEAPON
Kaspersky reported a data breach in March that involved over 310,000 credit card details issued by top banks in Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam. In May, personal information of 91 million users of Indonesia’s largest ecommerce platform Tokopedia were leaked. Then in Thailand, 8.3 billion subscribers of the country’s largest mobile network were exposed in the same month. A Singapore-based online grocery platform RedMart suffered also a data breach affecting 1.1 million accounts in October.
Under the new norm, the majority of sectors in the region have been increasingly going through a digital transformation in a race for survival. Schools are switching to remote learning, SMBs that never had online presence have started to build online store fronts, restaurants that never offered home delivery are left with no choice but to change their whole business model.
The drastic increase in the use of online payment services and transactions meant an increased number of phishing attacks recorded in the first half of 2020 and this trend is expected to continue through 2021.
The increased focus on remote working and reliance on VPNs opens up another potential attack vector: the harvesting of user credentials through real-world social engineering approaches such as voice phishing or “vishing” to obtain access to corporate VPNs. Another possibility is for attackers to accomplish their espionage goals without deploying malware in the victim’s environment.
And as more and more companies are going into Cloud platforms due to the convenience and scalability it offers, Kaspersky estimates there might be a heightened number of breaches on such infrastructure if companies make rookie mistakes and do not deploy proper security measures and solutions.
THE THREAT TO 5G
As the world moves quickly to a widespread adoption of 5G technology because of the pandemic, mobile devices with hardware vendors like Apple and Samsung are updating their complete lineup to be 5G compatible. Amazingly, many Chinese tech brands like Huawei, Xiaomi and Oppo are already 5G capable since the technology was introduced.
The way 5G has been designed is such that more of its operational functionality has been switched to software rather than hardware. This opens up various avenues for potential attack surfaces, as generally software is considered more accessible and arguably easier to discover vulnerabilities in. It may only be a matter of time when researchers start to find potential software-based flaws, and threat actors will definitely not be much behind, if not ahead.
RANSOMWARE DOWN, BUT MORE DANGEROUS
In the GReAT report, Kaspersky observed a reduction in ransomware attacks across the region recently. Despite the decrease, ransomware threats are becoming more dangerous, sophisticated, and targeted. The amount of money being demanded by ransomware groups has also increased significantly.
A ransomware-related death, the first-ever recorded, was witnessed in Germany this year where a patient had to be redirected to another hospital because of an ongoing cyberattack but ended up passing away before reaching the medical center.
While the ransom amounts being demanded are likely to continue to increase, we expect to see an increase in ransomware attacks, due to the sheer number of increased potential targets across the region and thus a reversal of the current trend in 2021.
GENDER ISSUES AT WORK-FROM-HOME
Common gender issues such as gender disparity or sexual harassment and corporate or social progression are mostly experienced in an actual office workplace. Kaspersky’s new Women in Tech report, however found that almost a third of women (25 percent) from SEA working in the tech industry prefer working at home to working in the office. A similar number report they work most efficiently when working from home, and as many as 28 percent revealed they have more autonomy when not working in an office.
“The effect of the pandemic broadly differed for women. Some appreciated the greater flexibility and lack of commute from working at home, whilst others shared that they were on the verge of burnout. It’s paramount that companies ensure their managers are aligned with their strategy to support employees with caregiving responsibilities,” Dr. Patricia Gestoso, Head of Scientific Customer Support at BIOVIA said. Gestoso is also a 2020 Women in Software Changemakers winner, and prominent member of professional women’s network, Ada’s List.
However, more concerning statistics from this report highlight how the potential of remote working for women in tech isn’t quite being matched by social progression in this WFH dynamic. Almost half of Southeast Asian women working in technology have struggled to juggle work and family life since the lockdown started in March last year.
Delving deeper, and the reasons for this imbalance become clearer.
When female respondents were asked about the day-to-day functions that are detracting from productivity or work progression, 66 percent said they had done the majority of cleaning in the home, 68 percent had been in charge of home schooling and 56 percent of women have had to adapt their working hours in order to look after the family. As a result, nearly half of women in WFH mode believe that the effects of COVID-19 have actually delayed, rather than enhanced, their overall career progression.
“The other significant trend that the pandemic has accelerated is the co-existence of remote and hybrid employees within the same organization. This can be a challenge for women working remotely as they may experience less access to top management working from offices. This may decrease their chances to be considered for the kind of stretch assignments that lead to promotions. Employers need to be conscious of those disadvantages and plan accordingly to minimize them,” Gestoso concluded.
