Asia Pacific organisations face heightened cybersecurity threats
Key business and personal information continues to be at risk from cyberattacks, with more than 7.1 billion identities stolen over the past eight years. The Asia-Pacific region continues to draw attacks, with poor governance, a high volume of devices and low company investment making it easier pickings for attackers.
Cybersecurity has become an area of increasing concern, and with considerable stakes – organisations can sometimes hold extremely private or sensitive information, from medical records to business secrets which create considerable downside risks for people or businesses if lost. Meanwhile, financial and personal information loss can result in a wide variety of attacks, from theft to loss of identity.
The effect of a breach can have dire consequences for companies, depending on the breadth and content lost – with one study finding major breaches can result in loss of share value in the longer-term. Increased regulatory pressure, particularly from the EU’s General Data Protection Regulation (GDPR), seeks to shore up protection of consumers by fining companies that are lax with data security.
The global cost of cybersecurity breaches to business continues to rise, topping $280 billion in 2016. And, as a new report from Oliver Wyman, titled ‘MMC Cyber Handbook 2018’, highlights, the landscape appears to be seeing increased activity from hackers.
The number of recorded breaches has fallen somewhat on 2014, however, the impact of the breaches has increased significantly – almost a million identities exposed per breach. In 2016, around 1.1 billion identities were exposed, while over the past eight years upwards of 7 billion identities have been exposed. This includes only the recorded breaches, actual breaches may be considerably higher.
Aside from breach numbers remaining stubbornly high, ransomware, as an attack vector, has increased in virility – with the number of detections increasing from more than 340,000 in 2015 to more than 460,000 in 2016. The number of variants has increased to 101, while the sophistication too has increased – with WannaCry leveraging zero-day exploits. The average ransom too has increased, up from $294 in 2015 to $1,077 in 2016. Attack vectors continue to vary, but ‘hurricane’ like events, such as WannaCry may become increasingly common.
While globally cybersecurity breaches continue to impact business outcomes, the Asia Pacific region continues to weather higher than average attacks – the study showing that businesses in the region are 80% more likely to be affected, while business revenues lost to attacks top $81 billion. Large scale attacks include the loss of personal information from Singapore’s defence ministry’s online database, a bank heist in Bangladesh, and the loss of data from 6.4 million children when a digital toy maker was hacked.
According to the consulting firm's study, this might just be the tip of the iceberg. The authors write, “Apart from selected countries (i.e., Japan, South Korea) and industries (i.e., financial services in Singapore), APAC still lags the West in terms of cyber transparency. Organizations are able to conceal data compromises from regulators and their stakeholders, dulling the true impacts of cyberattacks and impeding the threat awareness required to act against cyber criminals.”
The study highlights that the region continues to lag North America and Europe in terms of basic mitigation measures for internet users, with almost 80% not receiving any education around cybersecurity.
Organisations face a range of hurdles, with a lack of funding – 47% spent less than North American firms on information security – and breach detection times at 1.7 times longer than the global median. Companies are in part hampered by the lack of access to talent, with 74% saying it is difficult-to-extremely difficult to recruit staff. Companies in the region also lack a strong understanding of their posture in the space – while insurers are reluctant to insure companies above $100 million in the current environment.
The authors suggest the problem is likely to become more acute; “Reasons for the relatively higher cyber threat potential in Asia Pacific (APAC) are twofold: the growing speed and scope of digital transformation, and the expanding sources of vulnerability stemming from increasing IoT connectivity.”
As to the future, a greater awareness of the severity of the issue and the desire to meet GDPR regulations for APAC companies wishing to operate with European residents’ data may offer some hope for improvement. Just recently, the Big Four professional services consulting firm EY has announced its intention to double its number of cybersecurity specialists in China over the next 18 months.
In another recent report by Oliver Wyman's Asian team, the firm's consultants found that affluent Chinese are increasingly looking to diversify risks and rebalance portfolios.