This is the fourth in a series of blog posts about cybersecurity to mark Cybersecurity Awareness Month in October.
Cyber threats in Southeast Asia are on the rise. Data from Singapore’s Ministry of Defense shows that cybercrime in the region increased by 82 percent between 2021 and 2022. To help counter these growing threats, the U.S. Agency for International Development (USAID)’s Digital Asia Accelerator (DAA) initiative, implemented by DAI’s Digital Frontiers under the Digital Connectivity and Cybersecurity Partnership (DCCP), promotes cybersecurity awareness and capacity building in Cambodia, Indonesia, Laos, Mongolia, Myanmar, and Thailand. Since 2019, DAA has implemented several cybersecurity awareness initiatives in the region. Drawing on these experiences, here are four of our key takeaways on how to create an enabling environment for better cybersecurity awareness, defense, and opportunity.
1. Build a Cybersecurity Culture
Technical measures alone are not enough to mitigate cybersecurity risks. Cybersecurity programs also need to create cultural change, nurturing awareness and engagement from organizations or society members on cybersecurity readiness and responsibility. Increased awareness of cybersecurity issues and threat landscapes can also promote safe and secure online behaviors. Yet, while building a cybersecurity culture, in theory, seeks to create a safer online environment for citizens and businesses alike, integrating new values and perspectives into existing cultural contexts could be tricky in practice.
In Mongolia, DAA recognized that digital literacy had not entered the mainstream conversation. In response, DAA designed a campaign to raise awareness among Mongolians around how to increase their online privacy and, at the same time, encourage further awareness spreading. This led to the launch of Online Information is Mine (Only Mine) campaign, which used pop culture to promote cybersecurity awareness and behavioral change. Through a collaboration with Mongolian pop artists Hishigdalai and Gangbay, the campaign released a rap song about love and trust in relation to online privacy—generating more than 1.7 million views on YouTube. The video was designed to resonate with cultural perceptions of love and relationships. Building a cybersecurity culture is less about going against the existing current, and more about integrating into mainstream narratives. Following the release of the song, the campaign produced and disseminated cybersecurity tips to better educate Mongolian citizens. When people see how cybersecurity relates to their daily lives and well-being, they tend to form a sense of ownership of their online behaviors as well as their digital identity. With ownership comes responsibility.
Mongolian pop artists Hishigdalai and Gangbay discuss cybersecurity during a public event for Digital Asia Accelerator’s Only Mine cybersecurity awareness campaign. Photo: BTS Photos.
2. Promote Responsibility Among Different Actors
Cybersecurity is an ever-evolving field, and it takes all involved stakeholders working together to create a safer digital space. By working across a country’s digital ecosystem can help policymakers, civil society organizations, and academia recognize threat landscapes and their role can be in addressing emerging cyber issues. This also involves working content creators and journalists—underscoring the importance of working with those whose role it is to enhance public knowledge of digital challenges.
In practice, DAA’s Wai Kid Digital University Challenge program invited youth from across Thailand to produce advocacy videos promoting improved digital literacy and responsible digital citizenship. Offering both content creation and digital literacy knowledge, the challenge encouraged young people to learn how to stay safer online on a personal level, while at a societal level, as content creators, these participants helped others to stay safer online.
To take it one step further, content creation goes hand-in-hand with journalism to ensure access to credible, accurate, and timely information—especially in a time where misinformation is so prevalent. However, it’s not only about how accurate and relevant reporting can be for improving public cybersecurity awareness, it also about how inclusive cybersecurity reporting can become. With this objective in mind, DAA, in partnership with the International Telecommunication Union (ITU) and the Asia-Pacific Institute for Broadcasting Development, created a training program for women journalists to report on cybersecurity—ensuring that voices in the media are inclusive and representative of their audiences. These examples demonstrate how empowering the next generation of leaders can help foster a sense of responsibility necessary to engage with and protect future digital environments.
3. Create an Inclusive Future Workforce
While the cybersecurity workforce grew exponentially last year, this growth can only supply half of the urgently needed cybersecurity professionals in Southeast Asia. This shortage of cybersecurity professionals places more companies, government agencies, educational institutions, and other organizations at risk.
One way to support the next generation of cybersecurity leaders is to strengthen the capacity of academic and technical cybersecurity training institutions. For example, a collaborative initiative between the Korea International Cooperation Agency and the National Cyber and Crypto Polytechnic of Indonesia held the Indonesia Academic Forum for Cybersecurity—bringing experts, professionals, and enthusiasts under one roof to share insights, exchange ideas, and pave the way to a safer digital future. This forum particularly focused on connecting these stakeholders with Indonesian universities offering cybersecurity programs, including those cybersecurity law and economics.
To understand and address cybersecurity skills shortage, DAA also recognizes that only about 25 percent of the cybersecurity workforce around the world is female. This gap led to the launch of DAA’s Cyber for Her competition in partnership with ITU and Amazon Web Services. This initiative was a response to a clear call for a regional program that sought out female cybersecurity talent, included both an upskilling and competition element, and increased female participation in the cybersecurity field. The competition incentivized people to not only showcase their technical skills, but also demonstrate other abilities that complement cybersecurity needs. The competition’s regional model also attracted diverse perspectives, cultures, and backgrounds—fostering inclusion in a field riddled with gender disparities.
In August, 11 finalists from Cambodia, Indonesia, Mongolia, and Thailand competed in a final jam competition at the AWS office in Bangkok with the Indonesian team winning. USAID, ITU, DAI, and AWS held an award session and a fireside discussion for the 11 finalists. Photo: USAID/Digital Asia Accelerator.
4. Create an Enabling Environment Through Policy Advocacy
To systematically address cybersecurity needs at a regional level requires regulatory support. Cybersecurity policies that promote coordinated action among multiple regional partners are crucial for securing a borderless digital landscape, which in turn demands a multi-stakeholder approach.
Companies, consumers, and civil society may want to actively engage in discussions about what directions digital policies take and how they are implemented. By sharing information and collectively assessing threats, regulators can ensure that cybersecurity policies are created with considerations of the diverse needs of the different stakeholders in the digital ecosystem. However, to nurture these conversations, regulators need to systematically bring together different actors in the digital ecosystem, creating a space where they can forge a consensus on the cybersecurity agenda.
To address this challenge, DAA has hosted two Digital Economy Forums that have brought together chambers of commerce and other digital economy stakeholders from across Asia-Pacific to learn about the policymaking process and share best practices and lessons learned within their home countries. By joining together digital policy experts with international and regional businesses to discuss the issues shaping the future of the digital economy and their impact on the private sector in Asia-Pacific, DAA promoted a tried-and-true multi-stakeholder approaches to digital economy policymaking within and across the region.
Participants arrive for DAA’s Digital Economy Forum. Photo: Mango Tango.
Cybersecurity is not only about protecting data; it is about protecting people. It requires an interdisciplinary approach which creates a shared goal of stronger cybersecurity practices among diverse stakeholders and ensuring that all who are involved are part of the solution to safeguarding our digital world.
Apisada Suwansukroj is the Communications and Digital Technology Program Manager for the Digital Asia Accelerator, part of DAI’s Digital Frontiers project.