By Salleh Kodri, SE Regional Manager, Cyble
ASEAN is going full throttle on digital growth. From cross-border e-commerce and AI deployments to digital identity and smart cities, the region is scaling fast. By 2030, its digital economy could be worth over $1 trillion. But here’s the catch: we’re laying digital tracks with gaping holes in security.
Too often, cybersecurity is treated like a patch—not part of the blueprint.
If ASEAN doesn’t shift to a security-by-design model now, we’ll end up with infrastructure that’s modern on the surface but vulnerable at the core. Here’s what a more mature, integrated, and forward-looking stance looks like—and why it’s urgent.
1. Security That’s Built In—Not Slapped On
Let’s start with the basics: if your app, platform, or government portal ships before it’s threat-modeled or pen-tested, you’re already behind.
Case in point: the SingHealth breach in Singapore. Attackers exfiltrated 1.5 million patient records—including those of the Prime Minister—by exploiting an unpatched endpoint and poor admin controls. Meanwhile, in Indonesia, hackers accessed eHAC and KPU voter databases, leaking data of millions.
This isn’t just sloppy—it’s systemic. We need security woven into the design, architecture, and procurement of digital systems. Think zero trust, secure SDLC, and routine threat modeling before code hits production.
Organizations in the US and Europe are already guided by frameworks like NIST 800-207 and ENISA’s Secure Software Development approach. ASEAN governments and vendors need to stop treating those as “optional reading.”
2. AI + CTI for Real-Time Defense
Today’s attacks aren’t just faster—they’re smarter. You can’t rely on quarterly threat reports or passive monitoring anymore. In July 2022, Malaysia’s government networks were compromised by ransomware, remaining undetected for weeks. These kinds of breaches aren’t anomalies—they’re now the norm.
What we need:
- AI-driven threat detection that adapts in real time
- Shared cyber threat intelligence (CTI) networks across ASEAN borders
- Automation that can isolate and respond to anomalies in seconds
The EU’s CTI Framework and the MITRE ATT&CK model are excellent references. ASEAN should be investing in regional CTI platforms with real-time data sharing agreements—especially for critical sectors like finance, telecom, and energy.
3. Laws and Takedowns That Cross Borders
Cybercriminals don’t care where your firewall ends. But enforcement often stops at the border. When FTX collapsed, investors across ASEAN lost millions. But the legal patchwork across countries made asset recovery and regulatory response chaotic. That’s a red flag.
Here’s what needs to happen:
- ASEAN must align with the Budapest Convention on Cybercrime
- Establish a joint takedown task force for regional threat actors
- Create a legal framework for real-time data and evidence sharing
- Build a standing cyber law coordination body across ASEAN members
GDPR gave Europe teeth. We need something similar in Southeast Asia that covers data privacy, incident response, and enforcement across jurisdictions, without getting stuck in years of negotiation.
4. People Power Is the Core of Resilience
No amount of AI or encryption will save a system if the humans running it aren’t trained. Right now, ASEAN is staring down a 2 million-person cybersecurity skills gap by 2026, according to (ISC)². That means huge attack surfaces—and not enough defenders.
We’ve seen the consequences. In 2020, the Philippine police leaked troves of sensitive data thanks to poor database hygiene and untrained personnel.
Fixing this means:
- Building national cyber talent pipelines (like Singapore’s SG Cyber Talent)
- Funding hands-on training and certifications for public sector teams
- Embedding cybersecurity into school curricula and university programs
- Creating incentive programs for SMEs to train staff—not just CISOs
Skills, not tools, are the real firewall. And right now, we need both scale and speed in growing ASEAN’s cybersecurity talent.
The Clock’s Ticking—And The Next Big Hit Could Be Worse
ASEAN is sprinting toward a high-tech future. But without strong, integrated cybersecurity strategies, we’re laying the groundwork for massive disruption.
Here’s what needs to happen now:
- Bake in security from the first line of code
- Let AI and threat intelligence lead, not lag
- Tear down legal silos across borders
- Build cyber literacy and skills as a national priority
Cybersecurity shouldn’t be a Band-Aid. It should be in the blueprint. The next billion users in ASEAN deserve systems that are secure by design, not protected by luck.
Let’s stop playing catch-up. Let’s start building smart—and secure.
