In Asia's rapidly evolving digital landscape, the need for robust digital resilience has become paramount as the region grapples with a volatile, uncertain, complex and ambiguous environment (VUCA), often characterised by a combination of technological disruptions, geopolitical tensions and economic uncertainties.
Organisations and governments must be equipped to withstand adapt and recover from these digital shocks. Digital resilience or the ability to maintain business continuity and secure critical infrastructure in the face of cyber threats and system failures is a crucial enabler of sustainable growth in Asia's digital economy.
Vishal Ghariwala, senior director and CTO for Asia Pacific at SUSE says digital resilience essentially is the ability of an organisation to adapt, respond to and maintain its critical infrastructure services and critical operations. He adds that resilience is being able to withstand these disruptions which could be coming from cyber threats or other types of disruptions.
For a non-IT person, he comments, digital resilience “means that whatever operations you're doing digitally or transactions you're doing digitally, (these are) able to continue and they are not disrupted.
He points out that in today’s economy, almost all transactions have a component that is performed in the digital realm or have a component that is digitally performed. This is a stark contrast to the past (possibly pre-COVID-pandemic) where many of the transactions were done physically.
“It is very important that the technology that is supporting a lot of these digital applications is resilient because if they go down, you will not be able to access the services."
Vishal Ghariwala
He posits a situation where a bank outage literally can mean the customer is unable to withdraw cash or do financial transactions. Such an occurrence can have a dramatic impact on both consumers and businesses, he suggested.
This is made real by a 2 May 2024 outage at DBS Bank in Singapore where customers faced issues logging to their bank accounts online and on their apps. The Downdetector website recorded more than 2,200 reports from users, and using PayLah! as reported by the Straits Times.
In 2023, DBS’ digital services were disrupted for about 10 hours during which time users were unable to access online banking services or make trades via its brokerage.
Three threats to digital resilience
Threats to digital resilience can come from multiple sources from data breaches, system failures and downtime, cyberattacks, third-party risks, operational risks, compliance and even emerging technology risks.
On 16 April 2024, the Bank of the Philippine Islands (BPI) posted an advisory notifying customers of efforts by the bank to restore banking services impacted by what the bank reports as unusually high weekend transactions due to tax payments.
Ghariwala acknowledges the threat that comes from technology outages. “Recently, I've seen a lot of technology outages which could be due to hardware issues or software bugs. It could also be due to a power outage, and that's not good because an outage means your electronic service is down,” he commented.
Cyberattacks, including those that target supply chains, have grown in persistence, veracity, impact and volume. The September 2019 SolarWinds supply chain attack illustrates how an attack on one component in the supply chain can have an expansive effect that lasts for months. In the case of SolarWinds, the attack ran for about six months.
Ghariwala said: “Supply chain attacks, for example, have grown exponentially over the years. So too have attacks that use malware as a threat vector.” But for Ghariwala, the more worrying trend is the ready availability of these threat weapons in an outsourced format, i.e., delivered as a service. “Third-party organisations can execute these attacks on your behalf,” he lamented.
As consumers, governments and organisations increasingly depend on public cloud providers for their connectivity and service needs, organisations and regulators must remain vigilant against the potential of these very same cloud providers experiencing disruptions themselves.
Alibaba, for instance, experienced two service outages in the same month affecting customers in China, Hong Kong and the United States.
One observable characteristic of security threats today is that these are no longer limited to purpose-built ones to attack a person, a function, a company or even an industry and that in the digital economy where businesses are built on networks of different, an attack on one can mean an attack on many.
"In an increasingly digital economy, the digital trust concept becomes paramount, and it is critical for business leaders, technology suppliers, organisations, and consumers to all understand the fundamental importance of risk, compliance, privacy, and business ethics,” said Nevin Çizmecioğulları, IDC's associate vice president and country director for Türkiye.
She cautioned that traditional approaches to security, risk, and compliance are no longer enough, with issues such as data security, confidentiality, integrity, and availability all becoming key concerns.
Ghariwala reminds us that just as the digital economy affords us scale, reach, convenience and availability, the very same technology comes with risks that left unchecked pose repercussions that go beyond the perimeter of the business and can impact any number of organisations and consumers some of whom may not know their exposure.
He notes that many governments globally have started forming regulations to address concerns about digital resilience. The Digital Operational Resilience Act formed by the European Union requires financial firms to be able to withstand and recover from disruptions which could be due to cyber threats, physical threats, or outages. In Singapore, the Monetary Authority of Singapore has outlined business continuity management guidelines for financial institutions to tackle digital resilience.
“From a technology angle we must leverage technologies that are secure, open and that are interoperable so that you have the flexibility to choose from a variety of solutions and adapt when you need to because resilience is ultimately about how quickly you can recover from disruption,” concluded Ghariwala.