Local preparations against cybersecurity threats should not be exclusive to governments and the private sector, but should also include the whole of civil society, cybersecurity researchers with the local United Nations University Institute told Macau News Agency (MNA).

Currently, researchers Debora Christine and Mamello Thinyane are preparing a study entitled Data and Sustainable Development and Smart Citizen Cyber Resilience focusing on how civil society individuals, non-governmental organisations and community groups can better prepare to face cybersecurity risks.

The United Nations University Institute in Macau is a research institute that conducts UN policy-relevant research and generates solutions, addressing key issues expressed in the UN 2030 Agenda for Sustainable Development.

The research conducted by Christine and Thinyane looks to fulfil the UN Sustainable Development Goals for better data usage towards individuals development and wellbeing and better tech inclusion of individuals and population groups.

Just now we are building on a repository of all of these [local cybersecurity] risks and weve identified over 109 types of risks The whole idea of resilience is that we need to be able to anticipate and plan for when the events occur we cant adapt. It includes contingency plans and preparation, Thinyane told MNA.

Local preparations against cybersecurity threats should not be exclusive to governments and the private sector, but should include the whole of civil society, cybersecurity researchers with the local United Nations University Institute told Macau News Agency (MNA).

A former computer sciences professor in South Africa, Thinyane indicated that traditionally people tend to think of cybersecurity in terms of technical risks such as data leakages or data breaches, denial of server, and identity theft, but tended to overlook social issues such as cyberbullying, misinformation or fake news.

For each of these risks, we are developing contingency plans and countermeasures. Individuals can do two things, they can access what is their risk exposure and based on that they can have options. For example with data branches ideally you should be doing two or three data backups, Thinyane added.

So were developing these models to allow individuals to think in a methodical way on how to improve their cybersecurity resilience

The project was conceptualised last year the researchers managing to successfully apply for funding from the Science and Technology Development Fund (FDCT) funding valid for 15 months.

The first key findings of the research are expected to be published in August or September with funding expected to last until March of next year, but with the researchers hoping their work can be maintained after that period and expanded to the other Asia Pacific jurisdictions.

According to the researchers, cybersecurity approaches in countries and regions in the Asia Pacific tends to focus on top-to-bottom models, where most initiatives tend to be expected from government departments and private groups, which have more resources for these kinds of policies.

Last year local authorities enacted the citys first Cybersecurity Law, which establishes that private and public companies and entities operating in crucial sectors including internet, media and communication operators, water and energy supply, banking, financial systems and gaming would be mandated to enforce cybersecurity measures.

Those specific stakeholders are more engaged about cyber risks and they have more resources to allocate to this. For example, Macau companies would have dedicated IT departments and probably even cybersecurity directors. An organisation like Caritas, very mission-driven NGO, might not even have an IT department, Thinyane stated.

You have to establish resilience in the whole of society We know from our work that the weakest link in your cybersecurity strategy is what will compromise the whole system One of the biggest attack services is social engineering. Simple things like you receive an e-mail from your boss to transfer money. It compromises individuals to access networks.

The SAR does have a Macau Computer Emergency Response Team Coordination Centre (MOCERT) managed by the Macau New Technologies Incubator Centre which provides computer security incident handling information to local enterprises however, the researchers noted that maybe many locals and organisations are not even aware of its existence.

The top to bottom model also tends to underplay the risks incurred by individuals and other civil society players, which ends up undermining the overall cybersecurity resilience of society.

The first phase of our cyber resilience research was already completed and weve looked at 14 Asia pacific national security strategies excluding Macau which does not have it yet. It has launched the cybersecurity law but no comprehensive cybersecurity measures with detailed stakeholders and their obligations to meet these objectives, Christine told MNA.

Mainland China was included in the research, but Hong Kong, like Macau, was not seen as a cybersecurity strategy that encompassed civil society.

According to the Indonesian researcher, in most of these national cybersecurity strategies, citizens or civil society organisations are not provided with avenues to be involved in these security efforts.

Singapore, Australia and New Zealand were considered as regions where cybersecurity efforts better develop a sense of overall society resilience to cyber threats.

However our focus is not to rank countries but check which ones are more inclusive in their cybersecurity resilience, Christine added.

In any sense, the researchers believe there should be a marriage between top-to-bottom and bottom-up strategies to cybersecurity and hope to be able to present their grassroots community resilience tools soon.

Original post:

Local UN institute researchers investigating cybersecurity tools to protect civil society - Macau Business