This article first appeared on Tech Collective.
Vietnam’s Ministry of Information and Communication [MIC] has published details of its incoming cyber attack statistics on its news site. The statistics were obtained from its cybersecurity partner Kaspersky, prior to the release of the 2019 Q2 Kaspersky Security Bulletin.
The report details a staggering 19 million online–27.7% of Vietnamese users–and 99 million offline–59.9% of users– attacks in the first six months of 2019. [Offline attacks are when malicious code spreads via USB, CD, DVD and other offline methods.] Yeo Siang Tiong, Kaspersky Southeast Asia’s general director, advised that this is a reduction from the previous quarter, which may indicate an increase in the implementation of governmental and societal security measures, according to the MIC.
RiskIQ, a USA-based cybersecurity multinational has just released their ‘Evil Internet Minute’ in which they detail how, globally, USD 2.9 million USD is lost each minute to cybercrime. This is obviously, and necessarily, an issue high on everyone’s financial and security agendas.
With a population approaching the 100 million mark, of which 66% are engaged in Internet usage and 60% are mobile social media users, Vietnam is a country with rapid economic and digital growth. And where there is big growth, there are big opportunities for cybercrime. Unfortunately, Vietnam has been ranked as the third worst in the world for its cybersecurity, behind Algeria and Indonesia, ranked at positions one and two respectively for their poor scores.
Vietnam is in the midst of a digital war, just as it is in the midst of mobile social media lift-off. It has seen an increase of 16% in its social media usage since 2018. Smartphone usage is 72%, laptop/desktop usage is currently 43% of the adult population, and Vietnam is experiencing average usage of 6 hours 42 minutes of internet access per day on any device. This is similar to the global average but without the sort of cybersecurity which other countries with similar ‘screen times’ have spent years developing.
Rapid economic and digital expansion can often create a time lag in the adoption or dissemination of preventative measures to protect individuals and the wider national or global community as the region’s digital growth exceeds expectations. However, events, such as the Vietnam Security Summit 2019, held on April 17th this year, boasted 1,700 delegates and visitors, and more than 55 sponsors and speakers, including Vietnam government officials and cybersecurity industry CEOs, and business leaders, indicate an understanding of the need to implement a range of protective measures, fast.
The impact of cybersecurity measures cannot be viewed in parallel with on-the-ground physical security. The connected, fluid nature of cyberspace means that it manifests as a transnational threat which provokes, and of necessity, requires a transnational response. All nations are open to attack. Their capacity and preparedness to protect their assets also impact those around them. Hackers will exploit the weakest link in any chain and therefore a strong, globally united front is one of the best defenses.
With the raft of new threats to financial institutions, and potentially national security, comes a decision on how to manage the issue. The types of legislation vary widely across Southeast Asia and the Asia-Pacific regions. Decisions on how to legislate will have a direct impact on the ability of financial institutions, media groups and individuals to interact with third parties, through their devices and, unfortunately, has the potential to limit the growth of the very structures the legislation is aiming to protect and support.
The positioning of ‘cyberspace’ as a threat vector creates a starting point of fear and anxiety which can only be assuaged by the distribution of tighter means of control. The trifecta of ‘opportunity’, ‘information management’ and ‘data protection’ are in a constantly dynamic state, which needs to be held in fluid tension by global administrations in order to keep their finance, industry, and societies safe.
Inevitably, norms of behaviour are created through dialogue between different groups and the Council for Security Cooperation in the Asia Pacific is a case in point. The Council defines an arena which crosses a full spectrum of cultural concepts of dialogue and norms with its membership of 21-full members including Australia, Vietnam, Cambodia, China, and Russia. Concepts and ideologies translate equally to the cyber arena, even when their practical application has to be more technologically specific.
Vietnam’s Cyber Legislation
On 12 June 2018, the National Assembly of Vietnam passed its newest Cybersecurity Law. It came into force on the 1st January 2019, amidst global concerns regarding its potential to be utilised for repressive strategies in curbing ‘dissident’ voices in Vietnamese society.
While these concerns are valid, it is important to remember that Vietnam is also involved with multi-nation think tanks, within which dialogues creating guidance for stakeholders can occur. Positions beyond polarising ends of a spectrum can be explored, from which groups can seek understanding of multiple cultural standards and behaviours. After all, while governance and law come out of the cultural bedrock of a society, it has opportunities to evolve with the changing times.
It can be seen as increasingly repressive when it is held in comparison to another, a fact which matters very much at this digitally-fast juncture in history. The populations of different countries are able to create comparisons from active positions of knowledge, of their respective polarities, thanks to the very mechanism that is potentially being restricted.
Generation Shut Down
With restrictions often comes a backlash. The development of a new and highly tech-savvy, mid-level affluent youth population could be seen to be a problem when this population is faced with internal restrictions and censorship when they are aware that this is not globally the norm. The levels of Vietnamese spoken in hacker forums and on the dark web appears to have risen significantly in recent times.
Recent tension between global social media and the governance of Vietnam have heightened and the number of requests by national administration to media giants like Facebook has increased significantly. Alongside requests for removal of material from social media, there are discussions about the responsibility these giants have to keep lines of communication open between potentially opposing views, adding to the possibility of beneficial dialogue.
Conversely, it could be argued that any hacker development trend is also creating a population from which it can find the best cyber minds and recruit them to provide countermeasures for the future.
The Global Risk Report produced by the World Economic Forum positions cyber-attacks and data breaches fourth and fifth on their list of serious risks to global stability and security.
Large scale aversive interventions can disrupt countries and regions as well as blocks and cities. Dependency on tech, on the Internet, and on devices is increasingly making people and nations susceptible to instability as a result of their level of connectedness. Possibilities of increased geopolitical tensions and reduced trust can arise as a result of divisive cyber attacks and include possible manipulation from malicious actors on the ideologies or ideas of a nation.
It could be argued that due to the faceless, cloaked nature of malicious cyber actors, there is always a possibility of provoking and manipulating aggressive responses from governments and institutions through the interconnected conduit of emotion and behaviour—trigger one and get the other. This can be seen through the spread of fake news, which occurs as a result of a provoked response.
Lines of attack
Online attack is the most lucrative attack position for organised gangs because of the large amount of profit which can be made from a single point of entry by a metaphorical backdoor or bulldozer. Local, offline attacks have evidently become much more common, with malicious actors targeting the wider population through the use of infected USBs, DVDs, CDs and external devices.
Corporate ransomware accounts for a large percentage of the profits these hackers reap while utilising local devices can ensure the distribution of viruses, worms, and other types of malware. Advanced phishing, cryptojacking, app fraud and utilising Artificial Intelligence, the Internet of Things (IoT) and home automation are all up and coming trends of cyber breach and cyber crime.
How we protect ourselves, our information, and our neighbours is an ongoing question, one which the numerous conferences and symposia pose to their thousands of delegates. It is one that has multiple answers and those answers change with the wind and the tide of external code as it sweeps through our carefully constructed but ultimately flawed and fragile systems. The only real answer is to progress forward with a united, flexible, and adaptable front, side, and rear guard. Only by creating equally strong links will the vast numbers of adversaries be held sufficiently at bay. The apparent cross-cultural, inter-organisational, and global cooperation seems to be a positive step in this direction.