- Cyberattacks on critical infrastructures have risen dramatically
- Construction sector targeted due to high-value payments
BSA | The Software Alliance (BSA) has revealed that cyber threats on the construction, engineering, and infrastructure sectors in Southeast Asia continue to rise, as businesses keep growing and embracing new technologies as well as digital ways of working.
In a statement, the alliance citing data from Gartner said cyberattacks on organisations in critical infrastructure sectors have risen dramatically, from less than 10 in 2013 to almost 400 in 2020.
It said these industries face various cyber security risks from data breaches and phishing attempts, to ransomware attacks that can cost them billions of dollars.
Additionally, the widespread use of unlicensed design software in these industries is risky as it makes them extremely vulnerable.
To help business leaders build a strong defence against cyber threats, BSA has launched a survival guide which outlines these rising cyber risks and offers advice on how business leaders in Southeast Asia can enhance cyber security for their businesses.
The free e-book, entitled “A cyber security survival guide for construction, engineering and infrastructure businesses in Southeast Asia” aims to help Southeast Asian leaders in the infrastructure industry identify the threats and minimise the risks that the organisation, their clients, and, ultimately, the public, face.
Tarun Sawney (pic), senior director at BSA said no country or organisation in the Asean region is spared the threat of fast-evolving cybercrime.
“Given their position among the fastest-growing digital economies in the world, Asean member countries have become a prime target for cyberattacks.
“Because we know business leaders face multiple challenges and may not have the time to commit to studying the issue, we endeavored to create this survival guide.”
“Our hope is that the industries building our infrastructure find it useful – and that it helps to keep us all safer,” said Sawney.
According to BSA, the survival guide describes four different types of cyber criminals.
This includes unethical competitors seeking an edge by gaining access to confidential data; online criminals who seek financial gain through phishing attacks or demanding ransoms; hacktivists who use cyber intrusion to expose or discredit business activities; and hostile insiders or disgruntled employees who use their access to business data or networks to conduct malicious activity.
It said the construction, engineering, and infrastructure industries are often targeted as they typically have high-value transactions and use large amounts of data, elements attractive to cyber criminals.
Additionally, construction businesses use the services of sub-contractors and suppliers extensively; these transactions involve large numbers of high-value payments making them an attractive target for spear phishing, an attempt to trick the business into paying money into the criminal’s account, the firm added.
BSA said valuable information in the infrastructure industry such as designs, bid data, material pricing, payroll, profit and loss statements, as well as bank information also appeal to cyber criminals who use them for identity theft or phishing attacks.
It claimed that according to authorities, cyberattacks on the Southeast Asian private infrastructure industry are occurring on a weekly basis.
Azman Adam, enforcement director, ministry of domestic trade and consumer affairs, “The recent cases of ghost piracy serve as a warning on the risks of using illegal software for building Malaysia’s future.
“The construction and engineering industries must take proactive steps to ensure the design software they use is safe, secure and compliant with professional standards and Malaysian laws.
“We urge business leaders in the construction and engineering industries to review their software assets today and put sound measures in place to end the use of illegal, unlicensed software,” said Azman.
With the rise in threats, the survival guide recommends practices for leaders to help protect their businesses from cybercrime.
These include engaging and training staff on how to keep safe from cyberattacks, ensuring all software is licensed and secure as it is the first approach to cyber defence and security.
Other practices include, BSA said include keeping all IT equipment up-to-date, being cautious when connecting to public Wi-Fi hotspots, avoiding the use of predictable passwords as well as using two-factor authorisation (2FA) for important accounts, and employing cyber security when collaborating with external parties.
Earlier in June 2022, BSA said it launched a helpline to assist business leaders with challenges related to software copyright compliance in the wake of reports about ghost piracy cases in Southeast Asia.
The helpline, along with this survival guide, is part of its continued efforts to ensure organisations are using the appropriate approach to software compliance to keep their businesses safe, it added.
The guide is available in English, Bahasa, and Thai.
It includes messages from relevant authority figures in Indonesia, Malaysia, the Philippines, and Thailand, stating the danger of cybercrime, the importance of cyber security, and the recommended practices businesses should take, BSA said.
Click here to download the e-book for free.