MekongNet and SA Solutions for Asia held the Cambodia Technology Risk Management Summit on May 9, 2024 at the Baitong Hotel & Resort, featuring international speakers from Alibaba Cloud, Zimperium, Xage Security and SA Solutions for Asia.
The summit, which was largely attended by representatives of banks and financial institutions (BFIs) in Cambodia, focused on Technology Risk Management (TRM), particularly the TRM guidelines published by the National Bank of Cambodia (NBC) in July 2019.
These guidelines were introduced to enhance the security, safety, and efficiency of business operations at BFIs in the country, reducing their risk due to cyber threats.
During his opening remarks, Ainsley Jong, Executive Director at SA Solutions for Asia, explained that while the TRM guidelines have been published since 2019, BFIs were expected to self-audit and report, however, now the NBC has decided to begin official audits for TRM compliance from 2024 onwards.
“This is a challenge because there are many, many different solutions that [BFIs] have to take up, which will be difficult, but we are here to try to help you manage that,” said Jong.
“[There is], of course, also the climate, [to consider]. All of you [in attendance] have been tasked to develop solutions, but the climate for banks at the moment… is focused on reducing spending. So how can we do that? Again, we try to bring you solutions that will be able to save you money while also getting that TRM audit clear,” he added.
Increasing Cybersecurity Threats In Cambodia
The summit’s timely importance was further underlined by the growing number of cybersecurity threats – including online scams, phishing, data theft, intrusions and ransom ware – in Cambodia.
For example, Kelvin Chin, Regional Director (APAC) of Xage Security, shared that Interpol’s 2021 Cybercrime Files “revealed 7,345 cases of data theft in Cambodia, with the banking sector being the most highly targeted,” receiving 21.3 per cent of all phishing attacks in the same year.
Albert Lee, VP Value Added Services at MekongNet, also emphasised:
As Cambodia grows, unfortunately, we also attract a lot more hackers, and with so many people doing transactions online, it's so important that banks and their suppliers focus on security.
“For example, in MekongNet’s SMS services, we blocked over half a million fraudulent SMS’s last year, and that allowed us to save a lot of costs and risks to our financial institutions that use our services. Cybersecurity is a team effort, and only by working together can we build a more secure business environment for everyone,” concluded Lee.
What Tech Solutions Can Help Banks And Financial Institutions In Cambodia Boost Their TRM Compliance?
Xage Security and Alibaba Cloud are officially distributed in Cambodia by SA Solutions for Asia, in partnership with MekongNet. Each of the tech companies present at the summit presented on the different solutions and services they offer to help BFIs in Cambodia better comply with the NBC’s TRM guidelines.
Visiting Chief Information Security Officer Program
One of the services highlighted by SA Solutions and Xage Security was the Visiting Chief Information Security Officer (VCISO) model. Understanding that it might be hard for some BFIs struggling with financial realities to justify hiring a Chief Information Security Officer full-time, the VCISO model allows companies to save costs while ensuring that an expert is still present to develop, implement and oversee a strategic cyber security plan.
Through the VCISO program, SA Solutions and Xage Security would help to assign a project manager to fulfill compliance, provide monthly reporting, and meet other needed requirements, while giving companies the flexibility to only pay for the services they need, scaling up or down based on their changing business needs.
“[Our services are] based upon mapping of international standards and compliance frameworks towards a secure financial system including formal gap analysis,” affirmed Chin.
Zero Trust Security Model
Another concept Xage Security presented on during the summit was the Zero Trust cybersecurity paradigm, which is focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.
“We are the only Zero Trust model that requires all users, whether in or outside the organisation’s network, to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data across OT-IT-Cloud,” shared Chin.
While the model has been around for a few years, not many have successfully implemented it in its entirety. Xage Security’s Zero Trust security model, in particular, is currently used by defense agencies in the United States.
Exploring Cloud Solutions – Alibaba Cloud ZStack
Gary Huang, Solution Architect at Alibaba Cloud, shared some of the data centre solutions and secure cloud services his company offers.
He proposed Alibaba Cloud ZStack as an alternative to VMware cloud solutions, highlighting its four key advantages as being Simple, Strong, Scalable, and Smart (4S). Since Alibaba Cloud has a data centre region established in Thailand, he also promoted the benefits of having a data centre in closer proximity, ensuring faster and more stable service.
Huang explained that switching to cloud services is one way BFIs could aim to reduce spending as it can be less costly to pay for a cloud subscription service rather than maintain a physical server and individual data centre. He acknowledged that BFIs may have concerns about maintaining TRM compliance when switching to cloud, however, he assured that SA Solutions offers support on this matter.
Mobile Threat Defence
Tee Wei Rong, Business Development Manager at SA Solutions for Asia, detailed another service his company can offer called Mobile Threat Defense (MTD), which is an application developed in the United States by ZIMPERIUM Inc.
Rong explained that the app can continuously detect suspicious activities and alert you immediately, even when your phone is offline, and without the need for software updates. Some of the additional services he highlighted that MTD has over traditional anti-virus were AI based machine-learning, the ability to operate on offline mode, alert customisation and enhanced user privacy protection.
“Mobile Threat Defense is totally different from your traditional antivirus, because nowadays, people want something that can protect your mobile phone without affecting the battery life,” Rong told B2B Cambodia.
“Some of the traditional antivirus on your mobile phone starts to make it lag and slow down, and the battery consumption is very fast… But today’s MTD only consumes a little bit of battery… and it will always also alert you when you are going to connect to an unsecure Wi Fi connection, or if you have downloaded some malware or malicious apps.”
Key Areas Of Technology Risk Management Support From SA Solutions And MekongNet
The key areas of TRM support SA Solutions for Asia and MekongNet emphasised they could provide were in gap analysis and support for audit reporting.
Jong explained that the audit support process would be complemented by testing and certifications, with the overarching goal of helping BFIs better understand the requirements of the TRM guidelines, while also recommending cost efficient solutions if needed.
A major benefit of these offered services also lies in the fact that the distributors are based locally, making access to support much more convenient.
“Our value is having local talents and certified professionals in Cambodia, deploying strong cutting-edge technologies provided by global corporations, backed with reliable support based on years of trusted service,” affirmed Tan Kiat Yong, Sales Director at MekongNet.