INTRODUCTION
APEC SME DIGITAL RESILIENCE TRAINING WORKSHOP, co-hosted by VICGO on August 29th, 2018 welcomed people from whole Vietnam and Asia. Four guests attended the workshop and participated to the panel discussion, which was lead by Mr. Cong-Thang Huynh. Dr. Jason Kao, the director of APEC SME Crisis Management Center; Mr. Rick Yvanovich, Founder and CEO of TRG international; Mr. Kato Akinori, PMO Manager of Vitalify Asia and Mr. Vu Minh Tri, Vice president of Cloud Service of VNG Corporation.
There is any room for doubt that Digital economy is a double-edged sword. Indeed, it can be depicted both as opportunities and threat for SMEs which are an easy target for cyber-attacks.
According to Dr. Jason Kao, the director of APEC SME Crisis Management Center, SMEs are the backbone of economic prosperity for APEC countries. The digital revolution has changed the way SMEs and business used to work. Digitalization not only gives them many opportunities but also challenges, one of the toughest is Cyber Security. However, digital security still lacks of attention and cyber-attacks turn out to be cancerous and really harmful for SMEs. Cyber security has a cost for private sector not only for big corporation but also for SME. This is the very reason why SMEs need to give a proper response to cyber-attacks. The APEC training workshop aims at joining efforts and settling an active participation.
PANEL DISCUSSION
The Panel Discussion hold by our guests enabled the audience to learn many interesting points about cyber security and digital resilience. The goal of it was to raise awareness of the threats SMEs are facing in the digital era.
Many interesting points were raised by Mr. Rick Yvanovich . First, he insisted that ASEAN countries are a prime area for cyber-attacks. Indeed, 68% of ASEAN’s SMEs are unprepared for cyber security threats and the lack of institutional oversight does not help. The problem is that companies think hacks are a matter with computer. But they forget that hacks involving people and business. As a result, there is an urgent need to upgrade digital security, especially in Vietnam. Mr.Rick Yvanovich claimed that digital security ”does not have to be such complicated but SME’s have to take the problem very seriously and do the basic procedures to prevent consequences from happening”. Saving and protecting data properly is not that much of an intimidating challenge as SMEs just have to be aware of not downloading cracks, not opening attachments until confirming the person is trustworthy, having constant backups of data, making sure all Windows updating are installed etc….
Mr. Kato Akinori, PMO Manager of Vitalify Asia, focused on the question “What are security issues?”. The first one concerns racking the servers. Indeed, hackers attack into servers and then have access to many information such as emails address, credit card number, passwords, phone number … He gave the example of Dixons Carphone suffered from a cyber-attack on customer data: 5,9million of credit cards data have been compromised and 10millions customers record may have been hacked. This example given by Mr. Kato Akinori points out the danger of cyber-attack: firms lose profits, reliance and credibility. The measures for this first issue are simple: protecting database, encrypting the important data in a database, protecting message and using SSL on all connections. The second security issue raised is Virus. Indeed, many hackers use virus to infect developers’ computer. This is the reason why cracking software such as Office is dangerous as software and apps are an opening door for virus. The third issue given by the speaker is “Bad codes”. In order to prevent digital attacks, engineers must learn Secure and High-Performance setting on AWS together with latest security issue as crackers are always using new methods. Companies should also make sure to attend specialized seminar to learn technology and security with their team.
Mr. Vu Minh Tri, Vice president of Cloud Service of VNG Corporation, asserted that digitalization is changing how business gets done. Airbnb, Facebook, Uber stand as striking example of how the digital area transforms the way business used to work: technology is forcing business to go digital. As a result, SMEs have to implement a security posture to give a proper response in case of crisis. Indeed, one incident and you can go to 0, regardless of the size or the advancement of your business. SMEs need to use targets signals and behavioural monitoring and machine learning, so as to detect the threats. Closing the gap between discovery and action is also of paramount importance to respond to an eventual attack. SMEs must be aware of the threats and not lower the aftermaths.
QUESTION & ANSWER
“Given that SMEs have limited resources and that cyber-security involves a huge cost, is it better to invest in business or security? What choices should we make as start-ups?”
Mr. Vu Minh Tri answered the question by highlighting that Cloud services are safe enough and take care of the security very well. SMEs can rely on those services to protect the data. Their services are very flexible and can suit different types of needs. So SMEs should obviously pay for their security, but they can reduce their costs by using properly the existing solutions.
“SMEs and start-ups use different types of online services, what should we do to reduce the risks of cyber-attacks?”
Mr. Vu Minh Tri answered first to this question by acknowledging that this is an usual cases for start-ups. Indeed, online services are the easiest way for SMEs to transform an idea into a concrete project. According to him, the problem is that SMEs have no general view of all of the services they use. He gave the example of Cloud optimization that provides a connection to all of the service used: it is a good way to improve the efficiency of your Cloud usage.
Mr. Jason Kao then insisted on the importance of ID security. Digital security is crucial, and you have to be aware that you are threatened by attacks. From the beginning of your business creation, you have to prepare yourself. There is any room for doubts that, compared with big corporation, SMEs have limited resources and can’t afford the same kind of things. For instance, many start-ups crack software such as Adobe because they have no option. But, if you start building that kind of habits and mentality, you should keep in mind that digital resilience should remain a priority. To a certain stage of your company development, you should start thinking about the cost and benefits of digital resilience. If you don’t blocked the access of your data, sometimes, somedays, you are going to lose everything, and not only you but also your customers are going to be affected. The bigger your business is, the more likely you will be hit by an attack. Machines can do error, but you can correct it. But most of security attacks take advantage of a human error (on a code, non-updated software…). Many SMEs lower the risks, but they are wrong.
“Which industries are usually targeted? I work in medical sector and there are debates about having medical information online; What is your opinion?”
Mr. Rick Yvanovich first answered. According to him, it is normal to have medical information online. Indeed, in Estonia for instance, since people are born, they have a digital identity and all the information is in the cloud. Medical is just a matter of time to be accessible online. But what you have on your phone is already on the Could, you have many information there. So, the question is more, how can you do to protect those data. SMEs and industries have to understand the potential business threats of online data: what is the risk for your business if those data are hacked? What are the damaged if your business can’t protect patient data and information?
Mr. Vu Minh Tri added then that by doing so, customer record will be exposed to public, and for a hospital, business may turn more difficult. So, there is a huge need to protect properly the information.
A guest shared then one of her experience in the USA: her company made cybersecurity tests for the employees and such tests turn out to be really useful and valuable.
GROUP TRAINING OF APEC GUIDE BOOK ON SME DIGITAL RESILIENCE
To introduce the third session of the workshop, Mr. Jason Kao gave us a broader glance of the APEC willingness to support SME with digital resilience. 10 years ago, after the tsunami in Japan, the APEC recognized the businesses got hit and particularly the SMEs.Big corporation have resources to come back, but SMEs would never come back after the natural disaster. Most companies were hold by families and SMEs do not have resources. Teaching SME how to establish security in the company has become of prime importance of the APEC. But now, it is digital disaster. With its training workshop, the APEC wants to learn the SME how they can have backup and make their company more resilient. Digital Resilience has a high cost, but the APEC trainings are free and the guidebook is available in different languages.
The third session turns out to be very instructive and educational. Interactive activities where participants work on digital resilience within a realistic simulated environment were hold. Participants learnt cyber security fundamentals through their participation in these activities.
We want to thank our mazing guests who shared with us and our guests so many important things about cyber security. A particular thought comes to all the people who attended this event. We hope that you all left with a clearer idea of cyber security and what implies digitalisation for your business.
Here is the link for you to discover the pictures of the event : https://drive.google.com/drive/folders/1mrf0g4eoaQyMtGrjF0sEi2uGj7B4YndV