The biggest challenge with increased cybersecurity attacks, according to analysts

It's time for organizations to wake up to the cyber threat as new vectors, including generative AI, increase in importance.
Written by Eileen Yu, Senior Contributing Editor
Thomas Barwick/Getty Images

Cybersecurity attacks continue to climb in Asia-Pacific, even as organizations in markets such as Singapore struggle to adopt the necessary security measures due to a lack of knowledge. 

The region saw a 15% increase in cyberattacks in 2023, clocking an average of 1,963 attacks weekly, with ransomware leading the pack. The financial industry was the fourth-most targeted sector by ransomware in Asia-Pacific, according to findings from FS-ISAC (Financial Services Information Sharing and Analysis Center), which analyzed data from its members.

Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online

The industry group further highlighted the growing sophistication of adversarial tactics, techniques, and procedures, or TTPs, that now encompass SEO poisoning and QR code phishing. Threat actors also want to tap generative artificial intelligence (AI) to scale and automate attacks, including "poisoning" and manipulating generative AI tools.

FS-ISAC named four new threats the financial sector has to safeguard against, including increased geopolitical hacktivism activities, new extortion tactics that align with global regulations, and efforts to achieve cryptographic agility.

The organization noted that online adversaries are anticipated to roll out misinformation campaigns and DDoS (Distributed Denial of Service) attacks against critical information infrastructures amid ongoing geopolitical conflicts and a year of elections globally. It added that DDoS attacks accounted for 35% of attacks targeting the financial services sector in 2023.

Also: The best VPN services (and how to choose the right one for you)

In addition, threat actors are tweaking their tactics to leverage upcoming global regulations in 2024 and weaponizing disclosure requirements to extort companies leading up to compliance deadlines.

"Threat actors will exploit vulnerabilities in critical infrastructures and leverage any tool available to destroy trust in the security of our systems," Teresa Walsh, FS-ISAC's EMEA chief intelligence officer, said. "The financial services sector operates in a cyber landscape that is endlessly dynamic, as cybercrime and fraud converge, and emerging technologies create additional opportunities for exposure. In order to maintain trust in the sector, companies must prioritize proactive cyber hygiene to ensure operational resilience in the face of an attack."

Singapore organizations face a knowledge gap

Businesses that are hindered by a lack of expertise find it tough to adopt the necessary safeguards. 

Organizations in Singapore, for instance, have adopted an average of 70% of essential cybersecurity measures across five key categories, according to a study by Cyber Security Agency (CSA), which lists assets, backup, and response among the five areas.

Also: The best VPN services for iPhone and iPad (yes, you need to use one)

The government agency responsible for the country's cybersecurity strategy urges businesses to adopt all essential measures to avoid exposing themselves to unnecessary risks. Its study polled 2,036 large enterprises and small and midsize businesses (SMBs) between May and August 2023. 

CSA's cybersecurity certification schemes, Cyber Essentials and Cyber Trust, outline national cybersecurity standards to guide companies on what processes to prioritize. 

"Partial adoption of measures is inadequate and unless all essential measures are adopted, organizations are still exposed to unnecessary cyber risks," CSA said in its report. The organization said there's room for improvement since just one in three organizations have fully implemented at least three of the five Cyber Essentials categories of measures.

Also: 6 simple cybersecurity rules you can apply now

Queried about why they had not adopted cybersecurity measures, 59% of organizations in the study pointed to a lack of knowledge or experience as a top challenge. CSA attributed this deficit to the talent shortage in cybersecurity and the fast-changing threat landscape.

Another 46% of organizations believed they were unlikely to be a target of cyberattacks and, hence, chose not to adopt all essential security measures. Some 36% cited the low returns on investment as a reason, while 31% pointed to the lack of budget as a challenge.

More than eight in 10 companies acknowledged having experienced a cybersecurity incident within the past year, including 49% that encountered such incidents several times in the year. These typically include ransomware, social engineering scams, and exploitation of misconfiguration of their cloud deployment. 

Among organizations that have experienced security incidents, 99% suffered a business impact, 48% of enterprises encountered business disruption, and 46% suffered data loss. Another 31% of businesses incurred financial loss, including 27% that suffered such losses from incident response measures.

"While organizations have put in place some measures to protect their assets, this is not sufficient given the increasing frequency and scale of cyber threats that we are facing today," CSA Chief Executive David Koh said. "Organizations should make cybersecurity a priority and take advantage of the [government's] funding support and resources available to catch up. Doing this only after an incident has happened will be much more costly."

Using generative AI to beef up security

Organizations in Singapore are also looking to use generative AI to improve their cybersecurity posture. 

As many as 81% of decision-makers expect their budgets for generative AI to increase over the next three years, and 53% believe adopting the technology will improve resources, such as employees' time and operational efficiency. Another 52% anticipate improved customer experiences, while 46% expect generative AI to help scale their global business through augmenting translation and research capabilities, revealed a study commissioned by data search and observability vendor, Elastic.

Also: 3 ways to accelerate generative AI implementation and optimization

The global report was conducted by Vanson Bourne and surveyed 3,200 IT decision-makers in Europe, the US, and Asia-Pacific, the latter of which included 1,200 respondents from Singapore, Japan, India, and Australia. 

The study found that 99% of organizations in Singapore face IT security challenges, including maintaining current security practices and detecting and responding to threats. 

All respondents in the city-state believe generative AI will beef up their security postures, including 51% who said the technology can automate security responses based on their security protocols. Another 50% expect generative AI to improve security report generation and predictive capabilities. Almost half (49%) believe such tools will improve entity recognition capabilities and another 49% think generative AI can detect anomalies. 

However, almost all respondents in Singapore noted that generative AI adoption is being slowed, with 42% pointing to fears around regulations as a barrier. Some 40% cited the skills gap in implementing generative AI technologies in-house as a challenge, while 39% noted the potential for the technology to generate convincing inaccurate information.

Asked about the apparent paradox between wanting to use generative AI to automate security tasks and the skepticism of its data accuracy, Chris Walker, Elastic's Asia-Pacific Japan vice president of solutions architecture, noted the importance of basic data governance and management

Organizations need the right competencies to apply generative AI to their operations and ensure the data used to train AI models is relevant and grounded, Walker said during a media briefing to discuss the study's findings. This approach will ensure the generative AI-powered responses they receive are trustworthy and the potential risks mitigated, including hallucinations.

Also: My two favorite ChatGPT Plus features and what I can do with them

Apart from automating processes, such as quarantining, generative AI can also be tapped to surface information cybersecurity professionals can review and act on, he said.

Organizations will first have to address challenges they may face to extract insights from their data.

"More than any other market in the region, organizations in Singapore struggle to access and leverage data stored across multiple systems and formats," Ravi Rajendran, Elastic's Asean area vice president, said. "Users face the challenge of identifying the relationship between different data points and they are searching for ways to break down data silos and better leverage that data."

He continued: "Although AI is where investment is concentrated, this is fundamentally an issue of search. Using GenAI to process data by searching and summarizing and using it to better manage records is a key area of interest for organizations here."

Walker added: "GenAI is now a game-changer for businesses. When integrated effectively with powerful search and observability tools, GenAI can address long-term global challenges faced by companies and unique challenges that the markets in Asia-Pacific are tackling."

Editorial standards