MySay: Defending the disruptive digital economy against cyberthreats

This article first appeared in Forum, The Edge Malaysia Weekly, on December 3, 2018 - December 09, 2018.
-A +A

The digital economy is here. Sometimes without us actually realising it, digital solutions now permeate all aspects of our daily life, from the ability to make mobile payments, to relying on real-time traffic apps to increase the efficiency of travel.

The digital economy is exponentially expanding into all aspects of industry and daily life and data is the new oil — the fuel and the currency of this expansion. No wonder many countries are competing to claim a share in a booming digital economy for the creation of higher-paying jobs, improvement of productivity and general well-being of their people.

In fact, the digital economy can be the new driver of the Malaysian economy if the government could take further steps to unlock its full potential with public policies that address the current challenges. In this regard, the recently launched Policy on Industry 4.0, named “Industry4WRD” — a tailor-made policy for Malaysia focusing on small and medium enterprises (SMEs) in the manufacturing sector, as a response to the fourth industrial revolution occurring worldwide, is clearly on the right track.

However beyond all the buzzwords, like Industry 4.0 and big data, the digital economy will only achieve its full potential if the people trust these systems to protect their safety, security and privacy.

This brings us to cybersecurity, another buzz­word in this era of digital economy. Cybersecurity is unquestionably the cornerstone of the digital economy. Without it, some of the most basic foundations of our economic system would be brought into question — like the ability to trust the data and information that our banks and companies give us, and the reliability of our news sources.

Moreover, as technologies such as sensors, mobile, cloud and big data become more embedded within industries, a reliable approach to cybersecurity will be required at all levels of a corporation. Business leaders need to understand not just the potential of digital technologies, but also how to effectively protect both their own and their customers’ data.

Herein lies the problem — cybersecurity is the Achilles heel of the digital economy. With high-profile cyberattacks continuing to dominate the news worldwide, there are prevailing concerns that the exponential growth of the digital economy is being undermined by an erosion of trust in, and growing fear of, digital technology.

And how can we fault the general public for having such apprehensive attitude towards digital technology, when a massive data breach saw the customer data of more than 46 million mobile subscribers in Malaysia leaked on to the dark web just about a year ago? The leaked information included mobile numbers, unique phone serial numbers as well as home addresses. This was followed by another reported data breach early this year, that saw the personal details of about 220,000 Malaysian organ donors and their next of kin leaking online since September 2016.

Digital technology has transformed modern life, but it has also been embraced by fraudsters, hackers and social media trolls. Therefore, we have every reason to be concerned about the misuse or abuse of leaked personal data by cybercriminals.

It is time for policymakers to get to grips with cybercrime. From hacking to trolling, identity theft to online harassment, cybercrime is making headlines every day. Modern technology has created new classes of crime and allowed existing offences to be committed in different ways. The law has largely failed to keep pace with this rapid change.

The cyberworld is a borderless brave new world. There is no way one single nation can combat cybercrime alone, without the assistance of other nations or international organisations. Thus, it is high time for Malaysia to seriously consider exploring the possibility of becoming a member of the Budapest Convention on Cybercrime.

The Budapest Convention on Cybercrime was drawn up by the Council of Europe and came into force in July 2004. The convention is the first international treaty on crimes committed via the internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security.

It also contains a series of powers and procedures, such as the search of computer networks and interception. Its main objective is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation.

The government should form a specialist committee comprising related government departments, including law enforcement agencies, as well as experts in related fields from the private sector to study the provisions of the convention and determine the policy, legal, technical and administrative requirements that need to be fulfilled. To be fair, there is no lack of a legislation framework in Malaysia. For example, we have the Computer Crimes Act 1997 and Mutual Assistance in Criminal Matters Act 2002. But they need to be updated to keep pace with the rapid change of technologies and in compliance with the legal requirements under the Budapest Convention.

In fact, this should be made one of the top priorities in our ongoing law reform under the new Pakatan Harapan government. As amply demonstrated in a recent survey, the cybersecurity threat can have a far-reaching impact on the country’s economy.

On July 12, Microsoft, in collaboration with Frost & Sullivan, released the results of its study titled “Understanding the Cybersecurity Threat Landscape in Asia-Pacific: Securing the Modern Enterprise in a Digital World”. The study reveals that the potential economic loss in Malaysia due to cybersecurity incidents can hit a staggering US$12.2 billion. This is more than 4% of its total GDP of US$296 billion.

This model factors in three types of losses that could be incurred due to a cybersecurity breach: (i) Direct: Financial losses associated with a cybersecurity incident. This includes loss of productivity, fines, remediation cost and so on; (ii) Indirect: The opportunity cost to the organisation such as customer churn due to reputation loss; and (iii) Induced: The impact of a cyber-breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.

There are many other hidden costs that are extremely difficult to quantify, besides the economic loss from cyberattacks, the chief of which is the people’s trust in the digital economy in ensuring their safety, security and privacy.

We are, therefore, at a critical juncture in our use of technology in the digital economy era. It can be used to create further digital disruption and new economic models for the benefit of the general public or it can become the most dreaded dark net, which, in essence, is a paradise for cybercriminal activity.

Khaw Veon Szu, a former executive director of a local think tank, is a practising lawyer. Opinions expressed in this article are his own.

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's AppStore and Androids' Google Play.