Improving ICT supply chain resilience in APAC 

• Improving ICT supply chain resilience and cybersecurity capabilities are ways for government and non-government stakeholders to minimize these risks.
• A supply chain attack is difficult to handle due to its malware design which stays hidden among the infected system and user’s device
• The current state of cybercriminal activity necessitates an urgent response by all stakeholders in the ICT supply chain

As a critical component for the digital transformation of business and society, information and communication technology (ICT) has become an integral part of every sector across APAC.

Many countries are beginning to strengthen their ICT supply chains to increase resilience against potential disruptions.

According to the latest release of Worldwide ICT Spending Guide Industry and Company Size, IDC forecasts Asia/Pacific* ICT Spending to grow by over 4.9%, to reach US$1 trillion by 2024.

With that, supply chain cybersecurity is a topic that has gained significant traction in recent years. Rapid technological advancements have affected the economy and global security.

However, this easy access and connectivity have opened new avenues for cybercriminals to exploit personal information.

With this heightened attention, all supply chain stakeholders need to take notice and assess their cybersecurity posture.

Cybersecurity is of grave importance 

The threat of cyberattacks is growing in complexity and frequency, while the resources available to protect us remain primarily unchanged. This is because we have been assuming a better solution would come along at some point. Not any longer. 

Cybercrime is a growing problem that may have devastating effects on individuals and businesses. 

The world has seen some high-profile incidents where cybercriminals took advantage of the weaknesses in ICT vendors’ software for their nefarious reasons.

Threat to continue as cybercriminals try to monetize 

In the recent Asia-Pacific Online Policy Forum IV organized by Kaspersky, the global cybersecurity company sees this trend continue as cybercriminals try to monetize this threat further.

“In the last two years there has been a new wave of attacks that exploited critical vulnerabilities in the ICT supply chain. As threat actors evolve their techniques and tactics, we should expect supply chain attacks to be a growing trend in 2022 and beyond,” said Eugene Kaspersky, CEO of Kaspersky.

Dato’ Ts. Dr Haji Amirudin Abdul Wahab, Chief Executive Officer of CyberSecurity Malaysia, echoed the sentiment by saying that the number of attacks on those working in the supply chain has increased, heavily targeted, more vulnerable, and at-risk than ever before. 

“Supply chain attack is difficult to handle due to its malware design which stays hidden among the infected system and user’s device. Especially in today’s environment, nations are slowly recovering from the pandemic and starting to move towards digital transformations,” he added.

Improving ICT supply chain resilience

The ICT supply chain can be challenging to maintain because there are always changes in technology, processes, and market demand. 

“Resilience is all about resistance and recovery. One way for both government and non-government stakeholders to minimize these risks is to improve cybersecurity capabilities, which will subsequently improve ICT supply chain resilience,” said Dr Pratama Persadha, Chairman of Communication & Information System Security Research Center (CISSReC), Indonesia.

Cross border collaboration

It is important to note that isolated efforts without a coordinated and collaborative approach are unlikely to yield desirable results. The current state of cybercriminal activity necessitates an urgent response by all stakeholders in the ICT supply chain.

“The responsibility of securing the ICT supply chain and ensuring safe and trusted internet space is something that the Indian government accords high priority to, “said Shri Rajeev Chandrasekhar, Minister of State in the Ministry of Electronics and Information Technology, and Ministry of Skill Development and Entrepreneurship, India.

“The core part of the strategy is cross border collaboration with all stakeholders to ensure protection and resilience of the tech space and ICT supply chain,” the minister noted.

Kaspersky added that both government and private sectors should investigate the short-term and long-term strategies.

“The long-term solution is to make systems immune. This means the system is being designed so that even if an ICT supply chain component is vulnerable, it cannot affect the rest of the system. Even if there is a zero-day or any other vulnerability somewhere in the supply chain, it doesn’t carry over into other components in the chain,” said Kaspersky.

---

---

---

---