B2B Cambodia sat down with Shashika Kodikara, Head of Cybersecurity at Technovage Solution Co., Ltd., to discuss Cambodia’s cybersecurity landscape and how his company keeps up with the latest digital innovations and trends.
B2B Cambodia: Can you give us some background on Technovage Solution?
Shashika Kodikara: “I've been in the industry for 20+ years now, and I've been working as IT head, at the C-level, in so many positions in many sectors throughout Sri Lanka, Malaysia and now in Cambodia. I joined Technovage around three years back [when the company] was at the initial point of promoting cybersecurity. So, we’ve been working towards getting the public sector and the private sector together, consulting these sectors as a key differentiator in Cambodia.
“Technovage started around 2014 to be exact, and began mainly working in software development. Then in 2022, the company rebranded to ‘Technovage’ and started promoting cybersecurity services, because our core was in doing vulnerability assessments and penetration testing for government institutions. Since I joined, I started the cybersecurity pillar of the company. We have grown up to this extent, and now we are a well-known consultant for Cambodian conglomerates.”
B2B Cambodia: Tell us about the cybersecurity solutions that Technovage offers in Cambodia.
Shashika Kodikara: “Technovage offers end-to-end cybersecurity solutions. We start with a risk assessment, which is our core, and we have team members that are experienced in the industry, as well as certified pen testers. We’ve been providing services like advisory services, since I'm also a lead auditor. And, of course, we have our managed SOC service, which is end-to-end, from security operation as a service, as well as security products and services implemented to various sectors. Apart from that, we also have the ability to implement many cybersecurity products and threat intelligence platforms.”
B2B Cambodia: When you look at the cybersecurity landscape in Cambodia, how would you say the level of uptake has been?
Shashika Kodikara: “We can see that a lot of banks and MFIs have been taking cybersecurity as a serious aspect of their companies, because a lot of threats are evolving through these sectors. So they have been more interested in uptake of cybersecurity solutions as a main concern. Of course, telcos, since they get a lot of DDoS attacks and other regional attacks, so that's the reason telcos have been the second growing sector within the cybersecurity domain. Of course, SMEs as well, and then the government. The government faces a lot of cybersecurity threats and vulnerabilities. So that's what I can analyse about the Cambodian landscape.”
B2B Cambodia: What opportunities continue to exist here in the market for companies like Technovage? Would you say there's a lot of healthy competition in the cybersecurity space?
Shashika Kodikara: “When considering the cybersecurity market in Cambodia, it is kind of a maturing market. Of course, there is a lot of competition, and new players will be there, but that is good, because we can see a healthy growth in the cybersecurity domain. Considering the security posture of each company, there are a lot of solutions which we can provide as SIs (system integrators). There are a lot of SIs in the market, but the key differentiator of Technovage is we provide solutions rather than just sell a product.
A lot of other competitors in the market just focus on selling a product, not on the specific alignment of each company. So our key differentiator is, our first approach is to do a risk assessment and understand the company's security posture then only provide a solution so it will be robust, rather than just selling a product.
B2B Cambodia: How does Technovage keep up with rapidly changing trends and demands in the cybersecurity space?
Shashika Kodikara: “We have our team that is always doing certain research, including our marketing team, our pen testers, our SOC analysis team, all of them are doing continuous research, as well as updating their certifications.
Of course, growing trends are in AI, which everybody knows. But most people only talk about the benefits, and some of the disadvantages, not many talk about the deep fakes being made, for example. There are a lot of deep fakes, as well as fingerprint scans and biometrics being compromised on the dark web.
“We have a specialised team focused on threat intelligence, and we do this with a key player in the market called Cyfirma. We use Cyfirma, and we are the MSSP (Managed Security Service Provider), the main distributor for Cyfirma in Cambodia. So we are doing continuous research on threat intelligence. That's where we have been a continuous consultant to the government as well.”
WATCH: Cambodia's Cybersecurity Landscape - Shashika Kodikara, Technovage Solution - Pt. 2
B2B Cambodia: What are the main cybersecurity threats that you currently see in the market as you work with clients across both the public and private sectors?
Shashika Kodikara: “There are a lot of threats and vulnerabilities in the market, but in Cambodia we can see a lot of phishing due to a lack of employee awareness. There are a lot of phishing attacks, and there is a lot of malware and ransomware being distributed due to the use of USBs and clicking on links. Of course, there are AI-related attacks, but these are not that popular.
There's another trending attack for telcos called DDoS (Distributed Denial of Service). We have seen in past years a lot of big telco names encountering these kinds of big DDoS attacks, shutting down whole operations and making the internet go blank. We provide DDoS prevention solutions, as well as a vulnerability assessment, through which we can recommend certain applications related to prevention.
“Also SMEs might face attacks around malware and ransomware because they don't have proper solutions to protect their endpoints. This is another threat area being analysed by our company.”
B2B Cambodia: What are the top tips you would give to a company looking to strengthen its cybersecurity measures? What first steps would you advise companies to take?
Shashika Kodikara: “We believe that taking a risk-based vulnerability approach is key, applying to all companies who are just starting out, or have been in the industry for a while. We need to do a risk assessment and understand their security posture properly before giving them a solution.
“Because we have seen all these phishing attacks, endpoint threats and malware attacks due to not properly managing employee awareness, improving employee awareness is a must. Furthermore, companies have to do continuous vulnerability assessments. Some companies only do one vulnerability assessment per year, but they will end up facing so many threats and vulnerabilities in the next quarter. Our approach is to promote a risk-based assessment for the whole year.
“We work with our partners Cyfirma, providing support for vulnerability assessments, and CAMBODIASOFT, which provides us with certain solutions like penetration testing products. We use both licensed products and open source products. These are some of the key things I think an organisation must seek, in addition to a strategy for their security posture. Once a company gets its risk assessment, then they need to have a three or five year plan for their security operations, like what is their incident management, what is their backup and recovery? These are some key things they have to consider.”
B2B Cambodia: Can you give us an overview of legal and regulatory landscape concerning cybersecurity in Cambodia?
Shashika Kodikara: “The Ministry of Post and Telecommunications (MPTC) has introduced a certain level of regulations to the market, and so has the National Bank of Cambodia (NBC), introducing certain TRM (Technology Risk Management) guidelines. The MPTC is now focusing on finalising a Data Privacy Law and a Cybercrime Law as well. We are expecting to see these in the near future.
“But of course, comparing Cambodia to other countries in the region like Vietnam and Singapore, Cambodia is still not quite at that state of maturity. But the government is initiating these kinds of regulations at the moment, and they are working hard to get it done as soon as possible, since we face a lot of threats throughout the region.”
B2B Cambodia: What are the main cybersecurity trends that you think will have the biggest impact on the market in the coming years?
Shashika Kodikara: “Like I mentioned, AI is a number one threat to the world, because people use AI for their work but don't really care about data leakage. A key aspect of using AI concerns data breach on the dark web, for example. We have seen that a lot of data has been breached on the dark web, when it comes to the Cambodian market. And, of course, the use of Telegram, and other social media channels without any awareness also poses security threats and leads to more breached and leaked sensitive data on the dark web. We have been analysing this activity on the dark web more often.
“Another aspect is a lack of employee awareness is like leading to more phishing attacks. Recently, we saw one company employee plugged in a USB which impacted the company’s whole systems with ransomware… Not only that, we have also seen advanced persistent threats in government and regional initiatives. I can’t name the countries involved, but there are a lot of threats from other countries coming to Cambodia in the ASEAN region. So Cambodia needs to strengthen its cybersecurity posture against these kinds of threats. That's where the country would require cybersecurity laws and data principles in the near future.”