Compared to the US, Europe, Africa and the Middle-East, there are some cybersecurity trends in APAC that organizations should pay heed to in 2021.
The annual CrowdStrike Global Security Attitude Survey for 2020 identified four major trends:
- APAC was found to be the hardest hit region (vs the US and EMEA) as the proliferation of ransomware has led to more frequent payouts
- State-sponsored cyber-attacks are far more common in APAC than we think, with concerns that organizations could be targeted for intelligence, intellectual property gain or due to vulnerabilities caused by COVID-19, amidst growing international tensions
- Concerns surrounding these threats could be exacerbated by APAC being the region that is finding it the hardest to staff inhouse cybersecurity teams
- Addressing all of the abovementioned issues would be key for organizations that are investing heavily in digital transformation and business recovery
CybersecAsia discussed these APAC findings with Sherif El Nabawi, Vice President, Engineering, Asia-Pacific and Japan, CrowdStrike, who also has some advice for CISOs on how best to approach incident detection, response and remediation to defend their organizations in the year ahead.
What was expected / unexpected from the survey findings? How does the APAC region stack up against other regions such as the US and EMEA?
Sherif El Nabawi (SEN): Among the key findings for the APAC region from the 2020 CrowdStrike Global Security Attitude Survey is the growing fear of nation-state intrusions and ransomware attacks in the wake of COVID-19 outbreaks.
With 63% of respondents’ organizations reporting a ransomware attack within the last 12 months, the APAC region was hit harder than the US and EMEA. Apart from the frequency of attacks, the increasing ransom demands by eCrime (internet crime) actors and average ransom amounts being paid out is a major concern. Among organizations in the APAC region that were hit by ransomware, 31% chose to pay the ransom – more than the US and EMEA. This cost organizations across the region on average US$1.18 million – more than the US (US$0.99 million) and EMEA (US$1.06 million).
In addition, 89% of respondents in the APAC region indicated that nation-state attacks are much more common than most people think. In fact, 79% say these attacks will pose the single biggest threat to organizations like theirs in 2021.
Potentially compounding these risks are the expanded surfaces of attack that cybercriminals can target and a persisting talent gap that has left security teams leaner than before.
The former is due to a large majority of organizations (88%) in the region having accelerated their digital transformation efforts as a result of COVID-19 – with three-quarters stating that they have increased cloud rollouts to support employees working remotely.
With half of regional respondents’ organizations having 5% to 20% of their cybersecurity team leave the business in the past year and 61% finding it more difficult to hire cybersecurity professionals this year, staffing in-house cybersecurity teams has also become a greater challenge in the APAC region, as compared to the US and EMEA.
The frequency and cost of ransomware attacks have grown – is there no other option but to pay the ransom?
SEN: It is no secret that ransomware attacks have continued to plague organizations and the global pandemic has created fertile ground for adversaries to renew and evolve their efforts.
The survey seems to indicate that organizations realize the link between COVID-19 and an increase in both ransomware attacks and the costs they incur, as some organizations are choosing to pay the ransom rather than endure protracted interruptions to their business processes or risk having sensitive corporate data exposed.
The danger and increasing sophistication of ransomware is not lost on this year’s survey respondents, with 54% of all respondents globally expressing concern over ransomware attacks – a significant increase over last year’s finding of 42%.
When businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. Whether to pay the ransom or not can therefore be a difficult decision for organizations.
This decision must be taken with acknowledgement of the following risks and in consultation with various stakeholders – security experts, legal counsel, law enforcement and cyber insurance carrier.
1. In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key.
2. The act of paying a ransom might result in sanctions from regulators. OFAC, which is part of the US Department of the Treasury – and has extraterritorial reach, administers economic and trade sanctions that could impact companies that choose to pay a ransom. A recent advisory from the US Department of the Treasury warns that “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations”
3. Paying ransoms emboldens criminals to target other organizations and reinforce such modes of attack as an alluring and lucrative enterprise
4. There remains risk of data exfiltration as attackers that have managed to access an organization’s system through ransomware can simultaneously canvas its IT infrastructure to find other monetization opportunities. This could include password lists, bank account information and other financial data that can then be used to make fraudulent transactions