E-banking is picking up traction with financial institutions and consumers in Cambodia, but along with the speed and efficiency associated with internet banking come the inevitable downside risks of online security and identity vulnerability.

The Asia Pacific region is especially vulnerable to malicious software (malware) threats, with emerging markets most at risk.According to Microsoft Asia’s Malware Infection Index 2016 report which identifies the key malware (malicious software) threats in the region and ranks markets in Asia Pacific according to how much they are affected, Cambodia tipped in at seven on a list of top markets in the Asia Pacific under threat from malware.

Pakistan took the top spot as the country with the highest malware encounter rates, followed by Indonesia, Bangladesh, Nepal and Vietnam.

Keshav Dhakad, assistant general counsel and regional director of Digital Crimes Unit, Microsoft Asia, said when it comes to threats from cyber criminals, they will go after low-hanging fruits. “The easiest targets are the ones where there is a lack of awareness and IT maturity in terms of how people maintain and mange their IT environments,” he told Post Supplement.

“For Cambodia, eight out of ten computers do not have any protection whatsoever because they are on non-genuine systems.”Four common IT environment issues included the use of old IT assets, adopting unmanaged and unregulated IT assets, poor cyberhygiene of users and negligent employee behaviour inside companies, and the inability of the companies to timely monitor, detect and remove modern cyber threats.

While Dhakad noted that Southeast Asia was a fast adopter of technology, cyber criminals were equally paying attention by targeting unsuspecting individuals and businesses. “Cambodia is a growing country with a younger generation and a lot of banking transactions are happening here,” he said.

“The banking sector as a whole is a heavy target by the criminal network. We know that attacks are not general. Sometimes they target a particular industry. If someone wants to steal credit card data then they would attack banks in certain fashions and the malicious software would be customised to grab that data.”

Phnom Penh-based IdeaLink Consulting is trying to stay ahead of the game when it comes to security solutions for banking institutions, big and small. The company partnered up with Molla technology three years ago to provide digital banking security solutions.

The venture already counts Acleda Bank, Vattanac Bank, Hattha Kaksekar Limited microfinance institution and Phillip Bank as its customers for its security software solutions.“The banks are becoming more aware on how security products can help them prevent the internet fraud and hijacking,” InterLink managing director Sophanak Chhor said.

While he would not disclose the costs associated with the security software, he admitted it was the banks with large balance sheets that were quicker to adopt the IT security solutions.“The big banks have money to invest in security solutions but some of the small banks and microfinance institutions don’t have much money to invest,” he said.

“From IdeaLink’s point of view, we are trying to help the [smaller] banks get security products but in a different business model, such as using leasing instalments.”Phillip Bank general manager Han Peng Kwang said IdeaLink will be providing it with software to generate a One Time Password (OTP), Signature One Time Password (SOTP), and verify S/OTP.

“How this works is whenever a transaction is made from a mobile banking app, there is SOTP, generated with time-based event, working in the background to pass to our system for verification. Upon successful verification, meaning the data is reliable and genuine, then the transaction will be executed,” he said.

Han noted that quite a few cybersecurity conferences have been held in Cambodia recently in an effort to raise awareness around the various types of cyber attacks.“We understand that financial institutions have started to implement firewall and real-time threat intelligent system to capture any suspicious activities over their organisations’ networks,” he added.

No matter the size of the financial intuition, Microsoft’s Dhakad said banks needed to place cybersecurity at the forefront of their agenda.“The studies that we’ve done show that one big data breach at an enlarged enterprise could cost $12 million. We hear that IT budgets are always under severe pressure from a cost perspective, but we’re seeing now that the trust in technology is a question of boardrooms and CEOs,” he said.

Dhakad advocates the adoption of Cloud technology as a means of a one-stop-shop for taking care of businesses IT management, analytics and security compliance. “For financial services, Cloud is one of the best ways they can keep the integrity of their system and protect their data,” he said.

Dhakad also emphasised the need for consumers to take a high level of care when undertaking financial transactions over the internet.“When it comes to financial transactions, people need to be careful, especially doing online transactions. They need to be vigilant.”