Shifting the Mindset from Cybersecurity to Cyber Resilience

Amid a surge in cyber attacks in Southeast Asia, it is crucial to shift from cybersecurity to a resilient mindset. Explore why in the article below.

As Southeast Asia propels forward in its digital transformation, it inevitably faces accompanying threats to its growth. The region has long acknowledged the imperative to safeguard its digital economy from cyber-attacks, exemplified by the United Nations Office on Drugs and Crime’s report indicating a staggering 600% increase in cyber-attacks in 2021.

Fortunately, this recognition has spurred the region into action. Southeast Asia has proactively devised collaborative plans to fortify its digital landscape, striving to create a peaceful, secure, and resilient cyberspace.

The first ASEAN Cybersecurity Cooperation Strategy from 2017-2020 laid the groundwork towards one shared goal— a safe cyberspace. Similarly, the ASEAN Information and Communications Technology (ICT) Masterplans aimed to fortify the protection of networks and services.

However, despite having a roadmap and updated strategies, many hurdles still decelerate the region’s cybersecurity development. These obstacles include uneven capacity development, lack of standardisation, and limited information-sharing mechanisms.

In an age where cyber threats are on the rise, is being “secure” enough? Are existing policies sufficient to protect the future digital landscape?

Current Regional Challenges

Southeast Asian countries are in varying stages of cyber capability and digital development. The disparities present problems for coordination and communication regarding cross-border threats and crimes.

Although there are existing ASEAN cooperation strategies and master plans, these mainly focus on capacity-building rather than policy development and coordination. These measures may be helpful to countries in their early stages but not those that have already established their domestic policies. For example, Singapore, Malaysia, Thailand, and the Philippines have established policies to safeguard their governments, citizens, and businesses against evolving cyber threats. In contrast, Vietnam and Indonesia are in the early stages of implementing measures to enhance the protection of their digital economy, with room for improvement. These differences are expected, reflecting the diverse stages of digital development and cyber capability across the region.

Moreover, the lack of a unifying framework created difficulties for the region’s interconnected infrastructures and economies. The countries become more vulnerable to the same threat actors since they have no system for incident reporting and data collection.

Hence, with a great chance of facing and experiencing the same cyber-attacks, Southeast Asia needs to develop common strategies, enact unified standards, and enhance regional cybersecurity and cyber resilience.

Cybersecurity to Cyber Resilience

Contrary to common belief, cybersecurity and cyber resilience are closely related yet entirely different. According to the International Telecommunications Union (2023), cybersecurity is the tools, policies, and guidelines used to protect an organisation’s assets.

Meanwhile, cyber resilience is the ability to anticipate, attack, withstand, recover from, and adapt if the assets are compromised. Cyber resilience encompasses the capacity to anticipate, withstand, recover from, and adapt to compromises in digital assets. In contrast, cybersecurity primarily deals with preventing and detecting breaches, while cyber resilience focuses on enhancing systems post-breach. Rooted in the acknowledgment that attacks are inevitable and threat uncertainties persist, cyber resilience requires continual development.

Shifting the discourse to cyber resilience enables Southeast Asian nations to formulate forward-looking policies. Governments, policymakers, business leaders, and individuals can prioritise ongoing development and evolution to match the rapid pace of evolving cyber threats.

A United Nations University study assessing 14 cybersecurity strategies in the Asia Pacific region revealed that while the term “cyber resilience” is commonly used, few countries have operationalized its meaning. Singapore, for instance, has clearly defined resilience in its national strategy, while Malaysia, although not explicitly using the term, underscores the importance of business continuity. Encouraging a shift in perspective towards “cyber resilience” emphasises not just protective measures but also the significance of adaptive efforts.

In the Tech For Good Institute’s research, our proposed Cyber Resilience Framework does not seek to reinvent the wheel; instead, it builds upon established frameworks. Embracing the Organisation for Economic Cooperation and Development‘s definition of resilience as “the ability of individuals, communities, and states and their institutions to absorb and recover from shocks, whilst positively adapting and transforming their structures and means for living in the face of long-term changes and uncertainty”, our framework represents a reconceptualisation rather than a complete overhaul of principles.

What distinguishes our proposed framework is its emphasis on states not only rebounding after an attack but also advancing and consistently seeking improvements in their systems. It strives for a balanced approach that acknowledges the importance of not just recovery but continuous enhancement.

Building Resilience, Securing Future

Today, the conversations remain focused on preventing and detecting a breath rather than improving the systems once breached. However, understanding the difference and elevating the conversations from cyber security to cyber resilience is a must to combat cyber-attacks.

Southeast Asian nations can chart a course towards a more secure digital future by formulating forward-looking policies that engage governments, policymakers, business leaders, and individuals collaboratively. Given the dynamic nature of emerging threats in the digital economy, fostering cooperation across these sectors is paramount. Notably, the considerable variability in cyber resilience among ASEAN member states underscores the necessity for a shared framework establishing cybersecurity standards. Such a framework would not only fortify individual states against potential vulnerabilities but also contribute to the collective strength of regional efforts in cyber resilience. Regular reviews of this regional baseline are essential to ensure its ongoing relevance and efficacy.

Addressing the widening gap in the cybersecurity workforce demands concerted efforts through public-private partnerships and increased investment. The proposed Cyber Resilience Framework provides a strategic guide for countries to identify priority areas for investment, allowing them to tailor their focus based on specific domains that offer the greatest potential for growth. For instance, Indonesia and Vietnam can concentrate on domains enhancing their defences against cyber threats, while Thailand and the Philippines may prioritise improving adaptability.

In bolstering cyber resilience, countries contribute not only to their individual prosperity but also to the overall security of the regional digital landscape. The 2018 ASEAN Leader’s Statement on Cybersecurity Cooperation aptly underscores the significance of a “peaceful, secure, and resilient cyberspace” as a foundational element for economic progress. As Southeast Asian nations navigate the complexities of the digital age, building and sustaining cyber resilience remains a shared imperative for a secure and prosperous future.

To find out more about fostering cyber resilience in the region, read the full report here.

Download Report

Download Report

Latest Updates

Latest Updates​

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Founding Executive Director

Dr Ming Tan is founding Executive Director for the Tech for Good Institute, a non-profit founded to catalyse research and collaboration on social, economic and policy trends accelerated by the digital economy in Southeast Asia. She is concurrently a Senior Fellow at the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide.  Her research interests lie at the intersection of technology, business and society, including sustainability and innovation.

 

Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore, which supports Singapore’s future growth as a global innovation hub for intellectual property creation, commercialisation and management. Prior to joining the public sector, she was Head of Stewardship of the COMO Group and the founding Executive Director of COMO Foundation, a grantmaker focused on gender equity that has served over 47 million women and girls since 2003.

 

As a company director, she lends brand and strategic guidance to several companies within the COMO Group. Ming also serves as a Council Member of the Council for Board Diversity, on the boards of COMO Foundation and Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

In the non-profit, educational and government spheres, Ming is a director of COMO Foundation and Singapore Network Information Centre (SGNIC) and chairs the Asia Advisory board for Swiss hospitality business and management school EHL. She also serves on  the Council for Board Diversity and the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

Ming was educated in Singapore, the United States, and England. She obtained her bachelor’s and master’s degrees from Stanford University and her doctorate from Oxford.