The Asia-Pacific (APAC) region saw a rise in cyber threats over the past year as more businesses went online and remote working became the norm. This has led to increases in cybersecurity spending as organizations were faced with the need to protect their systems and networks from disruptions brought about by DDoS, ransomware, viruses, and various other cyber attacks.
However, the risk of cyber attacks in APAC remains high and it is expected that more data breaches will happen in the months ahead. According to the Cyber Risk Index (CRI), which was developed together with Ponemon Institute, APAC is experiencing an elevated level of risk.
Based on the latest CRI numbers, the Asia-Pacific region logs a -0.24, which is comparable to the CRI of Europe (-0.22). It is around half of the global average (-0.42) and considerably lower than North America’s CRI (-1.27). However, this does not mean that the region is in a safe zone. Only Latin America logged a moderate cyber risk index (+0.06) according to the latest CRI figures.
The CRI provides a quantified gauging of the perceived level of risk to cyber-attacks of organizations. It is a regularly refreshed comprehensive measurement that depicts the gap between the security capabilities of organizations and the likelihood that they will experience attacks. CRIs are based on a numerical scale from -10 to +10 with the former inferring greater risk while the latter showing the opposite.
SOC capability needs to be improved
Cybercriminals continue to successfully attack organizations and they are also said to be getting smarter in defeating cyber defenses. Even in the midst of a lingering pandemic, there’s no letup among bad actors in spreading malicious software, disrupting businesses with denial-of-service attacks, stealing data, and undertaking various other adversarial actions against organizations. With all these, there is an obvious need for better security operations center (SOC) capabilities.
The SOCs employed by businesses and organizations have greatly improved over the years. However, they still need to level up further to keep with rapidly evolving cyberattacks and the ever-progressing skills and ingenuity of cybercriminals. SOCs are perpetually confronted by various challenges that need to be addressed effectively.
The latest release of the biannual Cyber Risk Index report, which covers the first half of 2021, notes that cyber risks have reached an all-time high. The APAC region now has the second-highest risk index. Also, nearly 9 in every 10 respondents surveyed in the report said that their organizations are likely to suffer breaches over the next year while around a quarter said they encountered 7 or more successful cyberattacks over the past year.
These findings are indicative of a serious weakness in the ability of organizations to detect and prevent attacks. If the security posture of APAC organizations were to stay the same, it would be extremely difficult for them to manage the inevitable barrage of attacks.
The CRI report highlights five prominent attacks, namely ransomware, advanced persistent threats (APTs), watering hole attacks, fileless attacks, and malicious insiders. It is also worth noting that IT infrastructure in APAC, particularly in Southeast Asia, is seeing rampant attacks because of malicious and negligent insiders as well as the failure of organizations to properly align their cyber defense strategies with the threats.
The worsening cyber threat landscape
As mentioned, the APAC CRI now stands at -0.24. This number represents a decline from -0.02 back in 2000. Asia-Pacific organizations interviewed for the 2021 H1 CRI report are saying that attacks have led to serious disruptions and critical IT infrastructure damages. These attacks have also led to intellectual property losses as well as additional company expenditure in hiring external cybersecurity experts or consultants. All of which tend to adversely impact business reputations.
Indonesia has reached its highest risk level as its CRI dipped into the negative territory at -0.12 in 2021. It was at +0.26 in 2020. “With more than half of respondents reporting customer data leaks in the past 12 months, companies must better prepare themselves by identifying high-risk datasets, focusing on major impact threats, and deploying more layered protection”, TrendMicro Indonesia Country Manager Laksana Budiwiyono said.
Malaysia has a CRI at the moderate level at +0.08, but this is characterized as having low preparedness against cyber attacks. For this, Trend Micro Malaysia and Nascent Countries Managing Director Goh Chee Hoh said that there are plenty of operational and infrastructure risks in the country.
“To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms,” Goh Chee Hoh said.
In Australia, the CRI is at -0.89, which is significantly higher than the global average. Nearly 7 in every 10 organizations in Australia said that they expect a data breach penetrating their organizations in 2021. Some 30 percent of organizations in the country also said that they have suffered at least 7 cyber attacks on their networks and systems while around 24 percent said they experienced at least 7 customer data breaches over the past year.
The Philippines similarly expects worsening cyber threats in 2021. A joint statement from several Filipino business groups said that cybercrimes in the country are expected to rise further. Phishing, smishing, vishing, and various other online fraud tactics are projected to rise as more Filipinos turn to online transactions.
Countering the risks
There is no other way for organizations to address the problem but to face it head-on. This is of course easier said than done. It is crucial to prepare for the threats particularly by using the right cybersecurity technologies and having adequate cybersecurity skills.
Fortunately, there are already numerous advanced cybersecurity solutions capable of handling most of the attacks. The problem is that not all organizations get the best out of these advanced security solutions because of the lack of proper cybersecurity skills. A study by Dimensional Research indicates that 53 percent of SOCs find it difficult to hire skilled cybersecurity professionals. This coincides with the findings of a McKinsey study that says most executives worldwide experience digital skills shortages.
The inadequacy of cybersecurity skills covers the spectrum of cybersecurity professionals, from IT technicians to security engineers and chief information security officers.
This problem also permeates businesses of all sizes across the Asia-Pacific region, but it is most notable among small and mid-size enterprises. These smaller businesses are the ones that tend to cut corners or get stingy on their cyber defenses and even in their digitalization efforts in general.
In summary
It is not surprising that cyber threats are increasing across the APAC region. The same can be observed in most other parts of the world. The emerging economies in the Asia-Pacific, however, appear to be attractive targets for cybercriminals especially because of companies that tend to put cybersecurity spending at the lower rungs of their priorities. The pandemic has made this reality more obvious as companies have been forced to go online and operate in survival mode with very limited resources.
Scarcity of resources is not enough reason not to invest in better cybersecurity, though. After all, cyber-attacks are as grave as the other challenges that threaten the survival of businesses. An unexpected ransomware attack or worse, online financial theft, can spell the end of a barely surviving company.
TechNode Global publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
Image Copyright: gorodenkoff