I was contacted by a reader of mine about an upcoming conference in 2013 in Asia – the 3rd Annual Cyber Security for Government Asia 2013, to be held in Kuala Lumpur.
I’m always interested by conferences over in Asia because I have so much less visibility into that part of the world. It feels like the American Wild West to me. By that, I mean that we have a pretty good handle on English-language spam originating in the United States and the UK. Europe is okay but there’s still a lot of banks that don’t sign their mail with either DKIM or SPF. By contrast, I have no idea what’s going on in Asia. Many of the worst spamming countries are over there – Indonesia, Vietnam and South Korea (who bounces around from good to bad).
My belief is that IT professionals in Asia want to do the right thing but the security expertise just doesn’t exist in the region. Most of the conferences are located in Europe or North America. 100% of my contacts in the security industry are in North America or Europe, and a couple in Australia.
Anyhow, given how Asia is an up-and-coming region economically, it makes sense to start focusing on them. If the lack of education is the main driver for spam and malware, then we need to engage with them to close down on these security vulnerabilities.
I took a scan through the schedule for the first day and found Panel Discussion: Spotlight on Malaysia. I enjoy round panel discussions and here’s the summary:
The Malaysian Government has recently been stepping up its efforts in promoting and enhancing cyber security for its government agencies and ministries. Understand what these policies actually entail from various ministries in Malaysia how they have been faring thus far:
- Analysing cyber-attacks at various government agencies and departments: What are the current and latest threats and what are some of the solutions to overcome them?
- Human Expertise vs Technology: Is there a right blend? How do you achieve the right blend?
- Analysing the ISMS guidelines for the Malaysian government: How effective has it been so far?
- Highlighting the importance of interagency collaboration between various ministries and agencies in Malaysia
I think what would be useful is for representatives from Malaysia to talk to representatives from countries that have good cyber hygiene. According to my statistics, Malaysia:
- Ranks 59th (out of 127) for rates of malware infection in 2011 (higher numbers are worse)
- Ranks 49th (out of 127) for rate of software piracy in 2011
- Ranks 69th (out of 129) for rate of how much spam is sent since July 1, 2012 (but this number isn’t that bad in terms of absolute numbers)
- Ranks 45th (out of 142) on the Prosperity Index
A good country is Finland. According to my stats, Finland:
- Ranks 3rd for rates of malware infection in 2011 (behind only Japan and China, but I think the China as #1 is skewed because of collection methodology so Finland is really #2)
- Ranks 3rd for rates of software piracy
- Ranks 4th for rates of how much spam is sent
- Ranks 7th on the Prosperity Index
What does Finland do that makes it so special? It’s not the overall economy because Finland rates 16th while Malaysia rates 15th. Maybe it’s values like Entrepreneurship, Governance, Education and Health that are the decisive factor between the two of them.
If we’re serious about ensuring that countries need to get better at security, then technical solutions may only be part of the issue. It’s not enough to only have a strong economy, we need a multitude of factors.