Firm to plug holes in online security

Singaporean IT consultancy Lantium is set to tap into Cambodia’s underdeveloped cybersecurity market and begin operating in the Kingdom within the next two weeks after announcing yesterday it had entered into a joint venture with local investment firm KH Niron.

Jeff Middleton, president and CEO of Lantium, is optimistic about the potential for expansion in Cambodia given the limited competition in the country’s online security sector.

“It is a new market but it is not a big enough market to attract big players, which means the competition right now is very small,” he said. “As Cambodia grows and its GDP increases, people will get wealthier and the threats will start to appear.”

Cambodian companies have little knowledge of how cybersecurity threats can affect their businesses, Middleton explained. Many will wait until they know they have been hacked to seek cybersecurity services, and then it is often too late, he added.

“A lot of companies do not realise they are a target, but smaller companies can often be stepping stones to larger companies and so that makes them vulnerable,” Middleton said. “In Asia, the average is 500 days until a hack is discovered.”

On the other side of the equation, there is also a global shortage of trained cybersecurity experts, a fact that Steven Path, president of the Cambodian ICT Federation, said is particularly true in Cambodia.

Partly because of the low media coverage of the issue in Cambodia, cybersecurity awareness is not very widespread, Path said, adding that because few hacks have been reported, many firms do not understand the risks or the need to implement cybersecurity prevention measures.

“The problem is that if a company invests in cybersecurity and there is no breach, they do not see how their investment is benefitting them so it is like a catch-22 and it gives them a false sense of security,” he said. “Just because you have not been hacked does not mean you are secure.”

He added that the ICT Federation is trying to act preemptively before any major breach is discovered and that further efforts to address the issue would require the cooperation of the government and private sector.