Tag: COVID-19

Fashion retailer FJ Benjamin has decided to shut 300 physical stores and rely on online sales. This strategy also helps to utilise precious time to scale diversification. Other retailers too have been going down the FJ Benjamin path and ramping up eCommerce as this trend is expected to stick beyond COVID-19.

Zouk, the renowned nightclub with 30,000 square feet of space in Singapore uses this venue as a live streaming venue during the day to host bazaars for eCommerce vendors. From June 2020, it launched an online shop selling merchandise, bottled cocktails and food from its RedTail kitchen.

Transformation of businesses will require capabilities that were not created within their models. The instinct to survive in the short term will require businesses to create symbiotic partnerships. This will require some fresh thinking by business leaders.

• Change the “Build” obsession and not try to own every leg of the customer journey. That will not only take time but also distract capital and management.
• Rethink the customer needs – and this time think of the entire journey rather than an inward view of product-market fits. Customer needs are changing at breakneck speeds, so chasing and “building” these “fits” will always remain a common string amongst laggards.
• Connect with like-minded ecosystem players and complement strengths with a single-minded focus on solving customer problems.
• View technology stacks through the lens of your partners. There may be opportunities available from near open source technology solutions.

For example, FJ Benjamin will need the last-mile-delivery capability that will be provided by partners who have optimised in that field, Zouk has tied up with Lazada to host the bazaars and GrabFood is using underutilised taxi capacity to meet the increased demand for food delivery. There are many other examples in the O2O (Offline to Online) space.

This ecosystem approach is also relevant to other sectors like Financial Services. These firms also need to understand the changing consumer needs faster, with a mantra to deliver. Aspire, originally an alternate lending platform has gone through a metamorphosis and transformed into a Neobank. From a uni-product loan provider, it is now solving for a business account, card solution, integration with expense management solutions and continue to provide loans. Capabilities not necessarily built in-house.

The changing world will give rise to business models that will integrate and complement each other. Businesses with an ecosystem mindset will be winners while others might just be relegated to oblivion.

Ecosystm Principal Advisor, Tim Sheedy hosted a virtual roundtable with business leaders from some of the world’s largest technology service providers to discuss how they managed the challenges during the pandemic; and the measures they implemented to support not only their business operations and working environment, but also to help their customers negotiate these difficult times.

The Role of Technology During the COVID-19 Crisis

When the COVID-19 crisis hit, IT teams found themselves largely unprepared. Ecosystm research finds that only 9% of organisations considered their IT fully prepared for the changes that had to be implemented (Figure 1). More than a third did not have the right technology solutions and 41% were unprepared for the scale of the changes required and the capacity to extend the existing technology to meet client and employee needs.  

While 27% of organisations felt that they needed more support from their IT provider, further questioning reveals that only 4% switched technology providers for better support during these difficult times. Organisations are looking to their technology partners for guidance, as they negotiate the new normal.

Here are some of the discussion points that emerged in the conversation with the technology providers.

Business Continuity Planning is Still Evolving

One of the early impacts on businesses was due to their dependence on outsourced services and offshore models. Several concerns emerged – how could their provider continue to operate offsite; would they be able to access the network remotely; how should fully remote teams be managed and so on. In addition to this, there were other challenges such as supply chain disruptions and a sudden change in business. Even technology providers felt that they were navigating uncharted territory.

“Remote project delivery is not new, it’s been going on for a few years; but I think that there’s been a lot of non-believers out there. This experience has moved a lot of those non-believers to the believer category. A lot of our delivery can be done from home – think of the savings of time and money that can be realised through this.” – Andrew Campbell, Partner Asia Pacific for Talent and Transformation, IBM

Moreover, the rising workload and client expectation has led businesses to move towards exploring automation and AI.

“The thing that is changing now is, when we approach a new opportunity or an existing customer with a new requirement, we look at using automation. Typically, when you go in to design a solution you always think of the human aspect. We’re working very hard to move our thinking to automation first and then supplementing it with the human side as a backup.” – Michael Horton, Executive VP, ANZ, HCL Technologies

Data has become paramount in this time of crisis. The right use of data is helping organisations fulfil customer requirements, enhance their experience, and optimise services and products.

“Those organisations that have a good understanding of the data within their business, and how that data can be used to understand the impact on their business, are starting to have much better clarity on future requirements.” – Peter Lawther, Oceania Regional Technology Officer, Fujitsu

Organisations should take the learnings from managing this situation to keep evolving their business continuity plans – keeping in mind individual business needs and growth and business strategies.

Having the Right Infrastructure Means Employees are Productive

The lockdown and social distancing measures forced organisations to focus on the infrastructure that can support their remote and hybrid work environment.

“Before the pandemic around 20-30% of our staff logged on to a VPN, but with remote working, all of a sudden, we were at 90%.” – Lawther

The adoption of digital tools and online infrastructure led businesses to re-think how they were delivering their services. While some organisations had the tools, governance and the protocols in place, there is still a long way to go for organisations to solve their infrastructure and networking challenges.

“It gets down to the quality of the equipment that the staff use – which ranges from decent laptops, phones, and network connections. If you don’t have that now, people cannot work effectively.” – Horton

Several of these organisations, focused on ergonomics as well, when evaluating their employees’ infrastructural needs when working from home. This extra focus on infrastructural needs – with the employees firmly on their mind –  ensured that there was minimal impact on delivery.

Caring for Your People is More Important than Ever

The pandemic has changed the way people work, socialise, and interact. While this appears to have become the new norm, adjusting to it can create emotional stress. Simultaneously, as organisations focus on survival and recovery, workloads have increased. Employees are working extended hours, without taking adequate hours. There is an immediate need to involve organisations’ HR practices in evaluating the emotional well-being of employees and finding better ways to engage with remote staff, to reduce stress.

“A key aspect of handling the crisis has been empathy, transparency and engagement with employees. In a business environment, we have all sorts of teams, cultures, clients, and so on. The common thread in this model is that everyone’s just become a lot friendlier, more empathic, more transparent.” – Sumit Nurpuri, COO, SE Asia Hong Kong and Taiwan, Capgemini

Organisations will have to be innovative in the way they manage these people challenges. For example, a common problem that has emerged is employees attending meetings, with interruptions from family, especially children.

“One of the things that we did as a part of our team meetings is that we assigned tasks to children at the beginning of the call and in the last few minutes, the children presented back to the teams on what they’ve been up to. It was a mechanism for us to make sure that we were involving our staff and understanding their current situation – and trying to make it as easy for them to work, as possible.” – Lawther

Taking the Opportunity to Drive Positive Outcomes

The other aspect businesses are trying to overcome is meeting the rising expectations of clients. This has led them to focus on skills training, mostly delivered through e-learning platforms. Organisations find that this has translated into increased employee performance and a future-ready workforce.

The crisis disrupted economies and societies across the globe, with business and industry coming to a standstill in most countries. Unexpected business benefits emerged from the necessity to comply with country regulations. By and large, employees have been more productive. Also, many organisations re-evaluated their commercial property requirements and many were able to reduce expenses on office rentals (for many this will not be immediate, but there is a future potentiality). Similarly, there were other areas where businesses saw reduced expenses – operational costs such as equipment maintenance and travel expenses.

“When you start global projects and global implementations, you typically do some kind of global design work and maybe fly in people from all over the world, typically to a centralised location. This has changed to virtual meetings and collaborative interactions on online global design. The amount of time and money that was saved – that would typically be spent on people traveling to manage these global design workshops – was great” – Campbell

Most organisations, across industries, will have to make considerable changes to their IT environment. The Ecosystm Digital Priorities in the New Normal study finds that 70% expect considerable to significant changes to their IT environment, going forward. Technology providers will remain a significant partner in organisations’ journey to transformation, recovery and success.

With the job losses across the world, bad debts and weakened customer spend is inevitable and it is imperative that the operators provide for reflective pricing strategies, listen to new customer requirements to ensure customer retention and strengthening of their market position. In May, Verizon’s CEO Hans Vestberg said nearly 800,000 of their subscribers were unable to pay their monthly bills. Discussions with operators in Southeast Asia also highlighted this as a current concern.

Enterprise Segment Target for New Growth

Ecosystm research shows that enterprises in Southeast Asia are increasingly considering telecom operators as go-to-market partners (Figure 1). Enterprises are demanding more than just devices and connectivity and with the fervent digital transformation (DX) efforts underway, services such as managed services, business application services, cybersecurity and network services are in demand. Technology vendors have an opportunity to partner with the right telecom operator in each market to enhance their IT market offerings, ahead of the 5G rollouts.

The broad 5G ecosystem inculcates cross-sector innovation and greater collaboration leading to new business models and exciting new opportunities. Singtel is the leading operator in the region and has the enterprise segment contributing approximately 65% to its revenue in its domestic market. In the World Communications Award 2019, Singtel won both “Best Enterprise Service” and “The Broadband Pioneer” awards.  This places Singtel in a fine position to capitalise on the 5G enterprise services.

5G Needed Now More Than Ever

The pandemic has seen a rise in network traffic, onboarding of the digital customer and rapid DX of businesses which has whetted the appetite for faster broadband speeds and new services. Southeast Asia countries stand to profit from the trade war between the US and China and 5G features of low latency and higher security can boost adoption of IoT, Smart Manufacturing and broader Industry 4.0 goals to drive the economy.

Fixed Wireless in Southeast Asia is expected to be very popular considering the low penetration of fibre to the home (with the exception of Singapore) and will provide enterprises with a viable secondary connection to the internet. Popular applications – including video streaming and gaming – which are speed, latency and volume hungry will also be a target market for operators. Mobile operators that do not have a fixed broadband offering can enter this space and provide a serious “wireless fibre” alternative to homes and businesses.

Governments and telecom regulators ought to make spectrum available to the major telecom operators as soon as possible in order to ensure that the cutting edge 5G communications services are made available to consumers and businesses. Many experts believe 5G can raise the competitiveness of a nation.

Recent research from World Economic Forum (WEF) has found that significant economic and social value can be gained from the widespread deployment of 5G networks, with 5G facilitating industrial advances, productivity and improving the bottom line while enabling sustainable cities and communities. GSMA notes that mobile technologies and services in the wider Asia Pacific region generated USD 1.6 trillion of economic value while the mobile ecosystem supported 18 million jobs as well as contributing USD 180 billion of funding to the public sector through taxation.

US-China Trade War Threatens to Change Equipment Supplier Landscape

Despite severe pressures caused by the US-China trade war, Huawei posted an impressive 13.1% YoY growth in 1H 2020 registering revenue of USD 64.88 billion. Both Huawei and ZTE generate approximately 60% of their business from their domestic markets which is critical with the current unfavourable global sentiments. Huawei has diversified its business and built its consumer devices business which should withstand the disruptions caused by the political challenges.

Ericsson and Nokia stand to benefit from Huawei’s current global position and this was evident with the wins for the 5G contracts by Singtel and JVCo (Singtel and M1). The JVCo announced it selected Nokia to build the Radio Access Network (RAN) for the 5G standalone (SA) mmWave network infrastructure in the 3.5GHz radio frequency band. Singtel selected Ericsson to provide for the RAN on the same mmWave network.

However, while there is an opportunity for NEC and Samsung to join the party, Huawei is expected to do well in most other countries in Southeast Asia.

The Rise of the Digital Economy in Southeast Asia

A recent Google report valued the internet economy in Southeast Asia at USD 100 billion in 2019, more than tripling since 2015, and the sector is expected to hit USD 300 billion in 2025. With a population of approximately 570 million people, the region has some of the fastest-growing internet economies in the world.

The Indonesia market is the largest in the region and is expected to hit USD 133 billion from USD 40 billion in 2025. Indonesia’s lack of a world-class telecom infrastructure coupled with their slowness in 5G adoption has not impeded the country’s attractiveness for global technology investors who see the 270 million population as an immense opportunity. US tech giants, Facebook, Google, and PayPal have invested in Indonesia to reap the benefits from the growing digital economy powered by unicorns such as Gojek, Bukalapak, Tokopedia. In June 2020, Google Cloud launched in Jakarta, only the second in the region after Singapore with the four big unicorns being anchor customers.

In 2025, Google predicts Thailand to be the second-largest internet economy worth USD 50 billion. The internet economy for Singapore, Malaysia and the Philippines are estimated to be over USD 27 billion each. Shopee and Lazada are the top eCommerce apps in the region and have seen an increase in sales due to the disruption in the Retail industry. In-store shopping contributes to more than 50% of Retail in Singapore and Malaysia – this provides a tremendous opportunity for eCommerce players.

While movement restrictions are gradually being lifted, some things may never return where they were before COVID-19. Public debts have risen with numerous aids and handouts impacting economic growth forecast and rising unemployment is impacting customer spending power. On the plus side, DX of businesses and sharp onboarding of customers have redefined interactions, and sectors such as Education, are going online which will boost the digital economy. While the challenges are evident, exciting times are ahead for the technology and telecom sector in Southeast Asia.

Government agencies have been immensely impacted by the COVID-19 crisis and will need to shift fast into the recovery mode. Salesforce launched a multi-tenant dedicated Cloud infrastructure for their US Federal, state and local government customers, government contractors, and federally funded research and development centres. Hosted on AWS GovCloud and FedRAMP compliant, it provides customers with a compliant and secure environment to deploy Salesforce’s CRM platform and industry solutions. The launch is expected to empower government agencies with the ability to deliver better services, scale to unprecedented demands and connect to citizens on their channel of choice.

Initiatives such as the UK Crown Commercial Service (CCS) and Google Cloud agreement will also help in the recovery phase. This allows qualified public sector agencies to avail of a discounted price for their Google Cloud deployments. Earlier in the year CCS entered into a price arrangement with Microsoft as well. If Cloud has to be the vehicle for economic recovery, such arrangements will benefit cash-strapped public sector organisations.

The recovery will also require the entire technology ecosystem to engage not only with large enterprises but also small and medium enterprises (SMEs). Alibaba Cloud announced an investment of US$ 283 million to revamp its global partner program. They plan to introduce new partner-customer communication processes to enhance response time and bring more opportunities to independent software vendors (ISVs) managed service providers (MSPs) and system integrators (SIs) as partners.

Europe Emerging as a Cloud Hub

As a fallout of the current political scenario, Europe is pushing for more cloud independence and to become an innovation hub as a vendor-neutral network for cloud computing providers and their customers.

GAIA-X Foundation is a federated data infrastructure project initiated to build a unified system of cloud and data services to be protected by EU Laws – including GDPR, the free flow of  non-personal data regulation and the Cybersecurity Act. France and Germany kicked off the GAIA-X cloud project last year and the system is open for participation to national and European initiatives for exchange of data across industries and services such as AI, IoT and data analytics. GAIA-X took another step towards becoming a real option for European organisations with the establishment as a legal entity in June. Various organisations – including Dassault, Orange, Siemens, SAP, Atos, Scaleway and Deutsche Telekom are a part of this non-profit platform, working together on Cloud applications, high-performance computing as well as edge systems. The project is expecting to release a working model by early 2021 and will be further enhanced in phases.

Global Cloud leaders are also focusing on expanding their presence in Europe. In February, Microsoft announced a new data centre in Spain leveraging Telefónica infrastructure. In a similar move, Google Cloud announced its plans to expand in the region in partnership with Telefónica. Telefonica and Google are expected to jointly work on Spain’s digitalisation through edge infrastructure and 5G for consumers and telecom infrastructure.

Cloud Providers Bolstering their Cybersecurity Capabilities

2020 has witnessed a host of cybersecurity threats and data breaches. While Cloud providers have always evolved their cybersecurity capabilities, it has become important for them to become vocal about these measures to build trust in the industry.

To complement the Microsoft Azure IoT security, Microsoft acquired IoT security specialist CyberX, last month. The acquisition will enable greater security for the IoT devices connected to the Microsoft network and will help their customers to gain visibility through a map of devices thus allowing them to gather information on security risks associated with thousands of sensors and connected devices. This will enhance smart grid, smart manufacturing and digital assets and profiles and reduce vulnerabilities across production and supply chain.

In another move which will benefit the ISV and SI ecosystem, NetFoundry’s zero trust networking API is now available on RapidAPI. RapidAPI’s marketplace enables developers to easily find, connect to, and manage the APIs they need to build a range of applications. Now the ISV and developer community can access NetFoundry’s software-only, zero trust models on RapidAPI.

More Partnerships between Software/Industry Solutions Providers and Cloud Providers

The COVID-19 crisis has had a far-reaching impact on several industries. The technologies that are expected to see the most uptake are IoT and Future of Work technologies.

Ecosystm Principal Advisor, Kaushik Ghatak says, “COVID-19 has brought to the fore the need for managing risks better. And the key to managing risks is to have better visibility and drive data-driven decisions; the sweet spot for IoT technologies.”

Last week, Microsoft and Hitachi announced a strategic alliance to accelerate the digital transformation of the Manufacturing and Logistics industries across Southeast Asia, Japan and North America. The first solutions are expected to be made available in Thailand as early as this month. Hitachi brings to the table their industry solutions, such as Lumada, and their IoT-ready industrial controllers HX Series. These solutions will be fully integrated with the Microsoft cloud platform, leveraging Azure, Dynamics 365 and Microsoft 365.

Another sector that has seen significant disruption is Real Estate. Ecosystm Principal Advisor, Andrew Milroy in his blog Proptech: Driving Digital Transformation in the Wake of COVID-19 sees a real opportunity for the sector to transform. “Many activities within the property ecosystem have remained unchanged for decades. There are several opportunities for digital engagement and automation in this sector, ranging from the use of robots in construction to the ‘uberisation’ of the residential property customer journey.”

June saw Honeywell and SAP partner to create a joint cloud-based solution based on Honeywell Forge and SAP cloud. The cloud solution is aimed at real estate operators and customers providing aggregated financial and operational insights in real-time. The solution leverages the Honeywell Forge autonomous buildings solution and the SAP Cloud for Real Estate solution, enabling facility managers and building owners to reposition their real estate portfolios through parameters such as cost savings and energy efficiency and help improve the tenant experience.

As organisations struggle to maintain operations during the ongoing crisis, there has been an exponential increase in employees working from home and relying on the Future of Work technologies. Ecosystm principal Advisor, Audrey William says, “During the COVID-19 pandemic, people have become reliant on voice, video and collaboration tools and even when things go back to normal in the coming months, the blended way of work will be the norm. There has been a surge of video and collaboration technologies. The need to have good communication and collaboration tools whether at home or in the office has become a basic expectation especially when working from home. It has become non-negotiable.”

AWS and Slack announced a multi-year partnership to collaborate on solutions to enable the Workplace of the Future. This will give Slack users the ability to manage their AWS resources within Slack, as well as replace Slack’s voice and video call features with AWS’s Amazon Chime. And AWS will be using Slack for their internal communication and collaboration.

Delivering excellent customer experience in the midst of the crisis has proved to be difficult for organisations. Customer care centres have been especially impacted by high volumes of customer interactions – through voice and non-voice channels. This will see a major rise in adoption of cloud contact centre solutions. Contact centre providers are ramping up their capabilities in anticipation. Genesys selected AWS as their preferred cloud partner to deliver new features to customers and build a global and secure infrastructure.

The industry can expect more news from Cloud providers in the next few months as they ramp up their capabilities and channel their go-to-market messaging.

Gain access to more insights from the Ecosystm Cloud Study

• Noise reduction. AIOps ingests systems data, surfaces priority anomalies and correlates them together. This brings the number of incidents to investigate back down to a human level. Rackspace recently announced that AIOps helped it reduce alert noise by 99% during the initial stage of its rollout. Successful vendor references typically cite similar figures between 95-99%.
• Root cause analysis. Once priority events have been correlated, AIOps identifies a root cause to enable the operations team to focus its efforts on a resolution. This is a task that proves challenging to perform at speed for a human operator considering the complexity of today’s systems.
• Proactive response. A range of responses is available with AIOps, from directing issues to the appropriate people, to recommending actions that can be taken by operators directly in a collaboration tool, to rules-based workflows performed automatically, such as spinning up additional AWS EC2 instances.
• Learning. By evaluating past failures and successes, AIOps can learn over time which events are likely to become critical and how to respond to them. This brings us closer to the dream of NoOps, where operations are completely automated.

The Impact of COVID-19 on IT Operations

The Ecosystm Digital Priorities in the New Normal study launched this month, asks technology users about how their digital priorities have shifted during the pandemic. Despite pressure to shift to digital delivery, almost 40% of participants reported that their organisations cut headcount in the IT department (Figure 1). Furthermore, over one third had been forced to cut their employees’ salaries. As we have seen in previous crises, IT operations teams are being asked to do more with less and will need automation to bridge the gaps.

As we begin to move into the next phase of the COVID-19 reality and businesses continue to open, we will see many launch digital services that were conceived of during the crisis. One of the greatest challenges that IT departments face will be scalability as digital businesses grow. AIOps will be a go-to tool for IT operations to ensure uptime and improve user experience. It is likely that the next 12-18 months will be a watershed moment for AIOps.

NLP and the Democratisation of Data

Natural Language Processing (NLP) will be the next string in the bow of AIOps. While the ultimate goal of IT operations is to identify and remediate situations before they have an impact on the user, oftentimes it is the service desk that generates the initial barrage of alerts. AIOps equipped with NLP can extract relevant data from user tickets, correlate them with other system events and potentially even suggest a resolution to the user. Here, ChatOps can help to reduce the workload on the service desk and bring relevant events to the attention of the operations team faster. NLP will also help democratise IT operations data within the organisation. As they digitalise, lines of business (LoBs) besides IT will need access to system health and user experience data but business managers may not have the necessary technical skills to extract them. Chatbots that can return these metrics to non-technical users will begin to proliferate.

AIOps Recommendations

Most IT departments would have discovered the limitations of their current systems during the upheaval caused by recent lockdowns. Only about 7% of organisations in our study reported that they were well-prepared across all areas of IT, to handle the COVID-19 crisis. For those organisations that have yet to invest in AIOps, we recommend starting now but starting small. Develop a topology map to understand where you have reliable data sources that could be analysed by AIOps. Then select a domain by assessing the present level of observability and automation, IT skills gap, frequency of outages, and business criticality. As you add additional domains and the system learns, the value you realise from AIOps will grow.

The power of collaborative AIOps tools would have been undeniable as the COVID-19 crisis began and IT departments were forced to work in a distributed manner. When evaluating a system, carefully consider how it will integrate into your organisation’s preferred collaboration suite, whether it be the AIOps vendor’s proprietary situation tool or a third-party provider like Slack or Microsoft Teams. The ability for operations teams to collaborate effectively reduces time to resolution.

5/5 (3) Last week, the Australia Government announced that they have been monitoring persistent and increasing volumes of cyber-attacks by a foreign state-based actor on both government and private sector businesses. The Australian Cyber Security Centre (ACSC) reported that most of the attacks make use of existing open-source tools and packages, which ACSC has dubbed as “copy-paste compromises”. The attackers are also using other methods to exploit such as spear phishing, sending malicious files and using various websites to harvest passwords and more, to exploit systems.
Cybercrime has been escalating in other parts of the world as well. The World Health Organisation (WHO) witnessed a dramatic increase in cyber-attacks directed with scammers impersonating WHO personnel’s official emails targeting the public. The National Cyber Security Centre (NCSC) in the UK alerted the country’s educational institutions and scientific facilities on increased cyber-attacks attempting to steal research associated with the coronavirus. Earlier this month, the Singapore Computer Emergency Response Team (SingCERT) issued an advisory on potential phishing campaigns targeting six countries, including Singapore that exploit government support initiatives for businesses and individuals in the wake of the COVID-19 crisis.
Such announcements are a timely reminder to government agencies and private organisations to implement the right cybersecurity measures against the backdrop of an increased attack surface. These cyber attacks can have business impacts such as theft of business data and destruction or impairment to financial data, creating extended business interruptions. The ramifications can be far-reaching including financial and reputational loss, compliance breaches and potentially even legal action.

A Rise in Spear-Phishing

In Australia, we’re seeing attackers targeting internet-facing infrastructure relating to vulnerabilities in Citrix, Windows IIS web server, Microsoft Sharepoint, and Telerik UI.
Where these attacks fail, they are moving to spear-phishing attacks. Spear phishing is most commonly an email or SMS scam targeted towards a specific individual or organisation but can be delivered to a target via any number of electronic communication mediums. In the spear-phishing emails, the attacker attaches files or includes links to a variety of destinations that include:

• Credential harvesting sites. These genuine-looking but fake web sites prompt targets to enter username and password. Once the gullible target provides the credentials, these are then stored in the attackers’ database and are used to launch credential-based attacks against the organisation’s IT infrastructure and applications.
• Malicious files. These file attachments to emails look legitimate but once downloaded, they execute a malicious malware on the target device. Common file types are .doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .jpeg, .gif, .mpg, .mp4, .wav
• OAuth Token Theft. OAuth is commonly used on the internet to authenticate a user to a wide variety of other platforms. This attack technique uses OAuth tokens generated by a platform and shares with other platforms. An example of this is a website that asks users to authenticate using their Facebook or Google accounts in order to use its own services. Faulty implementation of OAuth renders such integration to cyber-attacks.
• Link Shimming. The technique includes using email tracking services to launch an attack. The attackers send fake emails with valid looking links and images inside, using email tracking services. Once the user receives the email, it tracks the actions related to opening the email and clicking on the links. Such tracking services can reveal when the email was opened, location data, device used, links clicked, and IP addresses used. The links once clicked-on, can in- turn, lead to malicious software being stealthily downloaded on the target system and/or luring the user for credential harvesting.

How do you safeguard against Cyber-Attacks?

The most common vectors for such cyber-attacks are lack of user awareness AND/OR exploitable internet-facing systems and applications. Unpatched or out-of-support internet-facing systems, application or system misconfiguration, inadequate or poorly maintained device security controls and weak threat detection and response programs, compound the threat to your organisation.
Governments across the world are coming up with advisories and guidelines to spread cybersecurity awareness and prevent threats and attacks. ACSC’s Australian Signals Directorates ‘Essential 8’ are effective mitigations for a large majority of present-day attacks. There were also guidelines published earlier this year, specifically with the COVID-19 crisis in mind. The Cyber Security Agency in Singapore (CSA) promotes the ‘Go Safe Online’ campaign that provides regular guidance and best practices on cybersecurity measures.
Ecosystm’s ongoing “Digital Priorities in the New Normal” study evaluates the impact of the COVID-19 pandemic on organisations, and how digital priorities are being initiated or aligned to adapt to the New Normal that has emerged. 41% of organisations in Asia Pacific re-evaluated cybersecurity risks and measures, in the wake of the pandemic. Identity & Access Management (IDAM), Data Security and Threat Analytics & Intelligence saw increased investments in many organisations in the region (Figure 1).
However, technology implementation has to be backed by a rigorous process that constantly evaluates the organisation’s risk positions. The following preventive measures will help you address the risks to your organisation:

• Conduct regular user awareness training on common cyber threats
• Conduct regular phishing tests to check user awareness level
• Patch the internet-facing products as recommended by their vendors
• Establish baseline security standards for applications and systems
• Apply multi-factor authentication to access critical applications and systems – especially internet-facing and SaaS products widely used in the organisation like O365
• Follow regular vulnerability scanning and remediation regimes
• Conduct regular penetration testing on internet-facing applications and systems
• Apply security settings on endpoints and internet gateways that disallow download and execution of files from unfamiliar sources
• Maintain an active threat detection and response program that provides for intrusion detection, integrity checks, user and system behaviour monitoring and tools to maintain visibility of potential attacks and incidents – e.g Security Information & Event Monitoring (SIEM) tools
• Consider managed services such as Managed Threat Detection and Response delivered via security operations (SOC)
• Maintain a robust incident management program that is reviewed and tested at least annually
• Maintain a comprehensive backup regime – especially for critical data – including offsite/offline backups, and regular testing of backups for data integrity
• Restrict and monitor the usage of administrative credentials

Get more insights on the adoption of key Cybersecurity solutions and investments through our “Market Insights and Vendor Selection” research module which is live and ongoing on the Ecosystm platform.

5/5 (2) We are increasingly seeing digital becoming a priority as governments look at socio-economic recovery. It is not just imperative that countries push the adoption of digital technologies – the crisis has also presented an opportunity for them to do so. In March this year, when governments across the world had started announcing stimulus packages designed to keep the economy afloat, Ecosystm Principal Advisor Tim Sheedy had said in his blog, Government Should Focus Coronavirus Stimulus on Digital Initiatives, “Good stimulus packages will have a broad impact but also drive improved business and employment outcomes. Stimulus packages have an opportunity to drive change – and the COVID-19 virus has shown that some businesses are not well equipped for the digital era.”

The pandemic has fast demonstrated the power of being aligned to the digital economy. Ecosystm CEO Amit Gupta says, “Organisations that were digital-ready were able to manage their business continuity almost immediately in enabling a remote workforce. The transfer was almost seamless for such businesses as the teams had already imbibed the principles of remote collaboration and were already familiar with tools that enable collaboration and communication. For many of these organisations, it was almost a matter of employees packing up their work-issued laptop and heading home.”

“In addition, those that were fully digitalised were better prepared to continue not only interacting with their clients remotely but also in many cases were able to deliver their offerings to their customers through their website or mobile apps.”

Gupta also notes that Ecosystm research shows that before the COVID-19 outbreak only about 35% of SMEs considered themselves ready for the digital economy, compared to half of the large enterprises. “This needs to change – and change fast!”

Singapore’s Digital Government Blueprint

In Singapore’s Digital Government Blueprint that supports its Smart Nation vision, digitalisation is positioned as a key pillar for public service transformation. The focus for business stakeholders in this journey includes co-creating and facilitating the adoption of technologies (Figure 1).

Small and medium enterprises (SMEs) often struggle with going digital because of lack of resources – both financial and skills – and vision. In a country such as Singapore, where SMEs are estimated to account for 99% of all enterprises and 77% of employment, it is imperative that the Digital Economy vision includes a special focus on them.

Gupta says, “Despite significant incentives, there has been resistance from SMEs to go digital as it still involves time and monetary investment from them. The need to retrain and upskill their teams is also a perceived roadblock to the uptake.”

Singapore Empowering SMEs to go Digital

As the Government looks to open the economy up in a phased manner, it sees this as the right opportunity to make SMEs digital-ready. It is “seizing the moment” and has established the SG Digital Office (SDO) in an effort to enable every individual, worker and business to go digital. Initiatives include the recruitment and deployment of 1,000 Digital Ambassadors by end June to provide personalised as well as small group support to seniors and owners of local eateries, who require additional assistance to adopt digital solutions and technology.

In 2018, the Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) had launched SGQR to unify the fragmented e-payment landscape in the country, making it compatible with 27 payment schemes. The SDO aims to drive SMEs (especially in the F&B sector) to adopt SGQR codes for e-payments. The goal is to engage 18,000 stallholders of local eateries (hawker centres, wet markets, coffee shops and industrial canteens) to have the unified e-payment solution by June 2021. Further, multiple government agencies – IMDA, National Environment Agency (NEA), Jurong Town Corporation, Housing Development Board (HDB) and Enterprise Singapore – come together to offer a bonus of SGD 300 per month over five months to encourage more F&B SMEs to adopt e-payments.

“Financial Inclusion is one of the mainstays of a progressive economy. Given the significant investment that has gone into the e-payments infrastructure by government agencies led by MAS, we are placed well compared to other nations,” says Gupta. “However, there is work to be done in certain demographics and sectors. The drive to support F&B outlets and local eateries to get on the bandwagon will be an exceptional step and will be well received by consumers.”

“There are only a handful of governments that can compare with what the Singapore Government has put in place when it comes to initiatives to drive the uptake of technology by SMEs. This current crisis may well become the catalyst for SMEs to recognise the urgency of getting digital-ready and they should use this as an opportunity to leverage the government support around technology adoption and emerge as digital-savvy organisations.”

5/5 (2) In his blog, The Cybercrime Pandemic, Ecosystm Principal Advisor, Andrew Milroy says, “Remote working has reached unprecedented levels as organisations try hard to keep going. This is massively expanding the attack surface for cybercriminals, weakening security and leading to a cybercrime pandemic. Hacking activity and phishing, inspired by the COVID-19 crisis, are growing rapidly.” Remote working has seen an increase in adoption of cloud applications and collaborative tools, and organisations and governments are having to re-think their risk management programs.

We are seeing the market respond to this need and May saw initiatives from governments and enterprises on strengthening risk management practices and standards. Tech vendors have also stepped up their game, strengthening their Cybersecurity offerings.

Market Consolidation through M&As Continues

The Cybersecurity market is extremely fragmented and is ripe for consolidation. The last couple of years has seen some consolidation of the market, especially through acquisitions by larger platform players (wishing to provide an end-to-end solution) and private equity firms (who have a better view of the Cybersecurity start-up ecosystem). Cybersecurity providers continue to acquire niche providers to strengthen their end-to-end offering and respond to market requirements.

As organisations cope with remote working, network security, threat identification and identity and access management are becoming important. CyberArk acquired Identity as a Service provider Idaptive to work on an AI-based identity solution. The acquisition expands its identity management offerings across hybrid and multi-cloud environments. Quick Heal invested in Singapore-based Ray, a start-up specialising in next-gen wireless and network technology. This would benefit Quick Heal in building a safe, secure, and seamless digital experience for users. This investment also shows Quick Heal’s strategy of investing in disruptive technologies to maintain its market presence and to develop a full-fledged integrated solution beneficial for its users.

Another interesting deal was Venafi acquiring Jetstack.  Jetstack’s open-source Kubernetes certificate manager controller – cert-manager – with a thriving developer community of over 200 contributors, has been used by many global organisations as the go-to tool for using certificates in the Kubernetes space. The community has provided feedback through design discussion, user experience reports, code and documentation contributions as well as serving as a source for free community support. The partnership will see Venafi’s Machine Identity Protection having cloud-native capabilities.   The deal came a day after VMware announced its intent to acquire Octarine to extend VMware’s Intrinsic Security Capabilities for Containers and Kubernetes and integrate Octarine’s technology to VMware’s Carbon Black, a security company which VMware bought last year.

Cybersecurity vendors are not the only ones that are acquiring niche Cybersecurity providers. In the wake of a rapid increase in user base and a surge in traffic, that exposed it to cyber-attacks (including the ‘zoombombing’ incidents), Zoom acquired secure messaging service Keybase, a secure messaging and file-sharing service to enhance their security and to build end-to-end encryption capability to strengthen their overall security posture.

Governments actively working on their Cyber Standards

Governments are forging ahead with digital transformation, providing better citizen services and better protection of citizen data.  This has been especially important in the way they have had to manage the COVID-19 crisis – introducing restrictions fast, keeping citizens in the loop and often accessing citizens’ health and location data to contain the disaster. Various security guidelines and initiatives were announced by governments across the globe, to ensure that citizen data was being managed and used securely and to instil trust in citizens so that they would be willing to share their data.

Singapore, following its Smart Nation initiative, introduced a set of enhanced data security measures for public sector. There have been a few high-profile data breaches (especially in the public healthcare sector) in the last couple of years and the Government rolled out a common security framework for public agencies and their officials making them all accountable to a common code of practice. Measures include clarifying the roles and responsibilities of public officers involved in managing data security, and mandating that top public sector leadership be accountable for creating a strong organisational data security regime. The Government has also empowered citizens to raise a flag against unauthorised data disclosures through a simple incident report form available on Singapore’s Smart Nation Website.

Australia is also ramping up measures to protect the public sector and the country’s data against threats and breaches by issuing guidelines to Australia’s critical infrastructure providers from cyber-attacks. The Australian Cyber Security Centre (ACSC) especially aims key employees working in services such as power and water distribution networks, and transport and communications grids. In the US agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) have issued guidelines on safeguarding the country’s critical infrastructure. Similarly, UK’s National Cyber Security Centre (NCSC) issued cybersecurity best practices for Industrial Control Systems (ICS).

Cyber Awareness emerges as the need of the hour

While governments will continue to strengthen their Cybersecurity standards, the truth is Cybersecurity breaches often happen because of employee actions – sometimes deliberate, but often out of unawareness of the risks. As remote working becomes a norm for more organisations, there is a need for greater awareness amongst employees and Cybersecurity caution should become part of the organisational culture.

Comtech received a US$8.4 million in additional orders from the US Federal Government for a Joint Cyber Analysis Course. The company has been providing cyber-training to government agencies in the communications sector. Another public-private partnership to raise awareness on Cybersecurity announced in May was the MoU between Europol’s European Cybercrime Centre (EC3) and Capgemini Netherlands. With this MoU, Capgemini and Europol are collaborating on activities such as the development of cyber simulation exercises, capacity building, and prevention and awareness campaigns. They are also partnered on a No More Ransomware project by National High Tech Crime Unit of the Netherlands’ Police, Kaspersky and McAfee to help victims fight against ransomware threats.

The Industry continues to gear up for the Future

Technology providers, including Cybersecurity vendors, continue to evolve their offerings and several innovations were reported in May. Futuristic initiatives such as these show that technology vendors are aware of the acute need to build AI-based cyber solutions to stay ahead of cybercriminals.

Samsung introduced a new secure element (SE) Cybersecurity chip to protect mobile devices against security threats. The chip received an Evaluation Assurance Level (EAL) 6+ certification from CC EAL – a technology security evaluation agency which certifies IT products security on a scale of EAL0 to EAL7. Further applications of the chip could include securing e-passports, crypto hardware wallets and mobile devices based on standalone hardware-level security. Samsung also introduced a new smartphone in which Samsung is using a chipset from SK Telecom with quantum-crypto technology. This involves Quantum Random Number Generator (QRNG) to enhance the security of applications and services instead of using normal random number generators. The technology uses LED and CMOS sensor to capture quantum randomness and produce unpredictable strings and patterns which are difficult to hack. This is in line with what we are seeing in the findings of an Ecosystm business pulse study to gauge how organisations are prioritising their IT investments to adapt to the New Normal. 36% of organisations in the Asia Pacific region invested significantly in Mobile Security is a response to the COVID-19 crisis.

The same study reveals that nearly 40% of organisations in the region have also increased investments in Threat Analysis & Intelligence. At the Southern Methodist University in Texas, engineers at Darwin Deason Institute for Cybersecurity have created a software to detect and prevent ransomware threats before they can occur. Their detection method known as sensor-based ransomware detection can even spot new ransomware attacks and terminates the encryption process without relying on the signature of past infections. The university has filed a patent for this technique with the US Patent and Trademark Office.

Microsoft and Intel are working on a project called STAMINA (static malware-as-image network analysis). The project involves a new deep learning approach that converts malware into grayscale images to scan the text and structural patterns specific to malware. This works by converting a file’s binary form into a stream of raw pixel data (1D) which is later converted into a photo (2D) to feed into image analysis algorithms based on a pre-trained deep neural network to scan and classify images as clean or infected.

Click below for more data on organisations’ Cybersecurity priorities and investments