Microsoft’s new APAC cybersecurity council: Where it fits in

Southeast Asia nations face higher malware and ransomware rates, so Microsoft is hoping to use its broad presence to build a region-wide coalition to improve defences.

Aspects of employment / communication / networking / partnership / collaboration / teams / hiring
Metamorworks / Getty Images

Microsoft recently announced its plans to establish the Asia Pacific Public Sector Cyber Security Executive Council, covering the countries of Brunei, Indonesia, Malaysia, the Philippines, Singapore, South Korea, and Thailand. While the region has its cybersecurity challenges, Microsoft is hoping to build a region-wide coalition.

The council will bring together government agencies and state leaders in a forum that includes Microsoft in a region of developing markets with a higher-than-average rate of malware and ransomware attacks, siting at 1.6 and 1.7 times higher, respectively, compared the rest of the world, according to its own 2019 Security Endpoint Threat report. By contrast, developed markets face increased drive-by download attack volumes, the report found.

Microsoft taking on a quasi governmental role for cybersecurity

In announcing the new council, Sherie Ng, the general manager for public sector at Microsoft Asia Pacific, stressed the plan to drive collaboration and collective strength between regional countries in defending against threats. “Cyberthreats and attacks are inevitable in this interconnected world. … Our joint mission is to build a strong coalition, to strengthen our cybersecurity defense,” she said.

This initiative reflects Microsoft’s changing role, moving from providing software and networks to being responsible for keeping whole societies secure. Helaine Leggat, managing partner at ICT Legal Consulting Australia, tells CSO ASEAN “It was about five years ago, I first became aware of Microsoft’s changed attitude to cybersecurity. In my view, the company has moved from being merely a technology vendor to become the guardian of online societies. This includes forming this cybersecurity council and working with policy makers from governments in this region. Because their technology is ubiquitous, they are able to do this, and to also go after bad actors to resolve problems when working with governments around the world.”

Leggat said that as a private sector business, Microsoft “is creating the kind of interactions carried out by governments in public international law relationships between sovereign states — seeking to find balance and stability. Microsoft is doing the private sector equivalent of that sort of international cooperation and working at the cybersecurity level and policy level,” she said.

Where Microsoft fits in regional cybersecurity initiatives

There are already several initiatives in the region, including the ASEAN-Singapore Cybersecurity Centre of Excellence and several councils founded within associations like ISC2, ISACA, and the Australian Information Security Association (AISA) to promote cybersecurity strategies.

As Microsoft enters a field with existing entities, it will need to carve out the most effective role as a vendor looking to become a cybersecurity champion.

AISA director Branko Ninkovic said that these councils have been effective in attracting thought leadership, promoting awareness and policy changes within the sphere of influence, but there is nonetheless a role for Microsoft. Associations like AISA will look to collaborate with Microsoft to align councils and share information. “It has the funding and reach to help contribute at a regional level,” he said.

The challenges in the region are significant, and Ninkovic says to be effective Microsoft will need to cover pretty much everything: “education, company culture, skills, budgeting, and operational management within both the region and the public sector if it hopes to remain at the forefront as a platform for home and business users”.

If Microsoft can help address these challenges, it will benefit, but more importantly, the region will benefit. “Overcoming these challenges won't be easy. … The goal would be to open up the public sector to take advantage of the second wave of digital transformation and not be held to ransom to the region's cybersecurity challenges,” Ninkovic told CSO ASEAN.

While there are numerous threat intelligence feeds across free, publicly available providers and from commercial suppliers, Microsoft’s Asia Pacific Public Sector Cyber Security Executive Council is intended to be a region-specific forum to encourage public-private partnerships in cybersecurity and develop a continuous exchange of information on threats and solutions with partner countries.

Ninkovic stressed the importance of sharing online safety and cyberresilience education strategies used by government and industry across the region. “We need to understand what works best to drive long-lasting behavioural changes in both the community and among [small businesses],” he said.“And a greater focus on developing new and emerging leaders to help arm the next generation of CISOs in protecting organisations and informing boards on the best strategies to manage cyberrisks.”


Copyright © 2021 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)