Opinion: What the Public Should Know About Cybersecurity in Cambodia

More education is needed to help Cambodians understand what’s at stake as more of life goes digital

Cambodia has embraced changes in information and communication technologies (ICTs), while enjoying significant digital economic growth linked to internet access, social media adoption and smartphone connectivity. The country has seen internet penetration soar, with 13.44 million internet users in January 2022 and the penetration rate reaching 78.8 percent of the total population.

In the wake of the COVID-19 pandemic, Cambodians have widely recognized the perks of e-commerce, ranging from an online shopping to digital payments, and the use of both ride hailing apps and food delivery services has increased to deal with the risk of COVID-19 and associated restrictions.

Cambodia’s information and digital landscape is transforming, with the expansion of internet access linked to the UN’s Sustainable Development Goals and the government gearing up for the 4th industrial revolution by centering digitalization at the heart of public sector reform.

Why Everyone Should Care About Cybersecurity

Cybersecurity simply means an approach to protecting and defending online activity from cyber-attacks, but frequently, cybersecurity may refer to information security and the terms are used interchangeably.

The development of the cybersecurity sector has undergone drastic change in recent years, and the public—here and beyond—is beginning to pay more attention, particularly in relation to safely using the internet and safeguarding social media accounts.

Whatever the term, the goal of cybersecurity is to safeguard a person, institution and object from a digital loss. To explain cybersecurity simply, let’s use the example of a house: To keep the property and its inhabitants safe, you lock the windows and doors when leaving because you understand the risk of leaving your house unlocked.

Likewise, a hacker may highjack your smartphone anytime and your personal information could be compromised if you don’t take cybersecurity seriously.

The more technology is able to assist us in daily life, the more we come to rely on it and the more information about us our phones and laptops store. Society really needs to wake up and smell the coffee—cybersecurity has already become a part of our lives and whether we understand it or not will determine how safe we can stay in an increasingly connected world.

In 2020, international police force Interpol warned of the seven most common types of cyberthreats in Southeast Asia such as Business E-mail Compromise (BEC), phishing campaign, ransomware, e-commerce data interception, Crimeware-as-a-Service (CaaS), cyber scrams and Cryptojacking.

Cambodia was not specifically mentioned in the report concerning target countries for cyberattacks, but various online scams and crimes have been reported over the years. Voice over Internet Protocol (VoIP) scams, bonnets (DDoS and APT attack) phishing scams, and loss of social media accounts have all been reported, with hundreds of Chinese scam artists deported from Cambodia in 2019 and the government being targeted by both state-sponsored hackers from Vietnam and China.

Cybersecurity is a complex and crossed-border issue, but Cambodia has shown little concern for the threat and given the country’s accelerating digital transformation, more attention needs to be paid to the weak spots emerging. Increased digital connectivity in both the private and public sector means increased risks and regional data breaches in e-commerce, the banking and finance sectors, as well as the transportation industry have highlighted the urgency with which Cambodia should address the issue of cybersecurity and online privacy for the sake of its digital economy.

Education is Key

Cambodia should begin with the provision of cybersecurity education aimed at teaching the public how to stay safe while using a computer and surfing the internet. In the digital age, even those only using technology for basic tasks should be aware of basic levels of protection available, like setting up strong passwords.

Cyber literacy programs should be a cornerstone in protecting society from harm. At a minimum, everyone needs to receive fundamental education covering Cybersecurity 101, which is a course is designed to help everyone to use computers effectively, protect their data and avoid spam and phishing attacks.

Cambodia is applying cyber literacy education throughout various initiatives, in collaboration with the Ministry of Education, Youth and Sport and the private sector, but these are yet to be incorporated into a formal education, which should take place at the beginning of high school or sooner.

Strengthening the Law to Protect Citizens

Breach of privacy and data insecurity are unaddressed issues with far-reaching consequences.

In 2020, Southeast Asia was reported as a hotspot for data breach incidents and during the COVID-19 crisis, for instance, certain factors have affected data protection and user privacy. Cambodia currently lacks a comprehensive and sufficient legal framework governing online safety.

However, some provisions of internet protection are embedded in domestic laws including the Civil Code, the Criminal Code, the Law on Telecommunications, the Law on the Management of Private Medical, Paramedical and Medical Aid Practice and the Physicians’ Code of Ethics, as well as the E-commerce and Consumer Protection laws.

Significantly, the country is pending the long-awaited draft Law on Cybercrime, has been worked on since at least early 2014 and has since prompted widespread concern from human rights advocates regarding the law’s effects for online freedom of expression.

Over the last few years, Cambodia has indicated that progress has been made on the draft law, which is being led by the Ministry of Interior, which established a technical working group that added that the draft law on cybercrime would cover fake news.

In addition, Cambodia’s E-commerce Law offers important scope over cybersecurity. Chapter six of the law governs roles and regulations over customer data and information, stating that it should be protected through electronic communication. Article 32 states specifically that data protection regulates to Cambodia’s digital ecosystem and business.

However, the provision contained herein broadly determines the scope and mechanism which requires further discussion and comprehensive analysis, as well as a comparative study. For instance, the implication of key terms the first paragraph of Article 32 including “private information,” “information owners,” and “authorized parties” intend to cover a wide range of meanings or applications. In other words, those phrases are loosely defined and can be interpreted broadly.

Finding the Way Forward

Developing awareness and understanding of cybersecurity is the foundation of a more protected digital ecosystem and to enjoy our connected future, we need to act now and expand national education programs to cover cyber literacy. Changing behavior is something that takes time, but using cybersecurity best practices will provide a safer world.

Protective actions against cyberthreats needs strong collaboration. Interpol’s ASEAN Desk was formed as the joint operational framework for improving coordinated action against cybercrime. The organization also introduced four pillars regarding a strategic response to cybersecurity: Enhancing cybercrime intelligence for effective responses to cybercrime, strengthening cooperation for joint operations against cybercrime, developing regional capacity and capabilities to combat cybercrime, and promoting good cyber-hygiene for a safer cyberspace.

In Cambodia, Anti Cyber Crime Department of Ministry of Interior is the prime law enforcement agency and the department has an obligation to keep people safe from cybercrime and to secure cyberspace.

The country has also established the Cambodia Computer Emergency Response Team (CamCERT), serving as a point of contact for dealing with computer security incidents.

At the end of the day, trust is the most important factor. Trust is earned through ethical responsibility, accountability and transparency, all of which are needed to collectively advance Cambodia’s cybersecurity capabilities.

Meas Ratanak is the founder of Storyful Data and media educator in Phnom Penh

Related Articles