APAC firms face growing cyberattacks, take more than a week to remediate

Some 68% of businesses across six Asian markets say they have been breached, up from 32% in 2019, with an average 60.83% admitting to taking more than a week to remediate cybersecurity attacks.

More organisations across six Asia-Pacific markets have been breached this past year, with an average 60.83% needing more than a week to remediate these cybersecurity attacks. They cite lack of budget and skills as key challenges, and express frustration over an apparent lack of understanding about how tough it is to manage cybersecurity risks.

Some 68% of respondents in a Sophos study said they had been successfully breached this past year, up from 32% in 2019. Amongst those that were breached, 55% said they suffered "very serious" or "serious" data loss, revealed the survey, which was conducted by Tech Research Asia and polled 900 businesses -- with at least 150 employees -- in Singapore, India, Japan, Malaysia, Australia, and the Philippines. 

In addition, 17% faced more than 50 cyber attacks each week. In Singapore, for instance, almost 15% had to deal with at least 50 attempted security attacks or mistakes per week. Some 28% in the city-state eventually were successfully breached in the past year, with 33% describing the resulting data loss as very serious or serious. 

Global pandemic opening up can of security worms

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.

Read More

While Singapore had the least number of respondents that were breached, 75% said they needed at least a week to remediate the cyber attack -- the highest across the region. Some 68% of their Australian counterparts admitted to also taking more than a week to remediate cyber attacks, as did 65% in India, 64% in Malaysia, 55% in the Philippines, and 38% in Japan. 

Japanese organisations, in fact, were able to recover the fastest from a breach, with 62% needing under a week to do so. 

Across the region, respondents pointed to ransomware, malware, and phishing as the top three security threats. They also cited poorly designed or vulnerable supplier systems as a top risk they expected in 2023, fuelled in part by concerns they might be targeted as a result of third-party vulnerabilities and security and other technology vendors being breached. 

Some 53% acknowledged they also were ill-prepared for the security requirements brought about by the abrupt need to support remote work amidst the COVID-19 pandemic. In spite of this, 54% had yet to update their cybersecurity strategy in the past year, up by 3% from 2019., 

When asked if they had a team that could detect and manage security threats, just 52% replied positively, up from 50% in 2019. For 75% in Singapore, the pandemic was the biggest driver for their organisation to upgrade their security tools and strategy in the past year. 

The study further revealed that respondents were most frustrated over assumptions within the organisation that cybersecurity was easy to manage and threats exaggerated. They also were expressed exasperation over the lack of budget to deal and the inability to employ adequate security professionals.

Some 59% acknowledged their company's lack of cybersecurity skills was challenging, with 62% struggling to recruit the necessary skillsets. In addition, 59% said their cybersecurity budget was insufficient. Another 67% said they faced difficulties keeping abreast of the cybersecurity landscape 

Sophos' global solutions engineer Aaron Bugal said the "disturbing attitude" that cybersecurity incidents were exaggerated needed to be addressed. 

"It is confounding that this attitude prevails even when the end of 2020 showed us just how bad a global supply-chain attack could be," Bugal said. "If that wasn't enough, the more recent zero-day vulnerabilities in widely deployed email platforms demonstrates the desperate need for unification when it comes to cyber resilience. Everybody needs to play a part, and to play a part, we all need to understand the risk."

RELATED COVERAGE