If you think cybercriminals are going after Asia Pacific’s financial services and government sectors rather than your industry, think again!
The Asia Pacific has seen significant digital transformations across industries. But this technological progress is also creating more threat-related opportunities, especially with the pervasive adoption of the cloud and ‘anytime, anywhere’ access to corporate infrastructure, apps and data.
According to Veritas Technologies’ research, companies receive 6 threats every minute in Asia Pacific, and 51% of all cyber-attacks resulted in a loss of more than US$1 million.
The fastest-growing method of attack is via ransomware, which is expected to continue escalating in the coming year. Even bad actors with little to no programming skills can carry out these cyber-attacks, due in part to the easily acquired ransomware attack kits available on the Dark Web.
The financial services industry has always been a target but is also the best protected. So which other industries are cybercriminals setting their eyes on? Why are these industries most at risk of being hit?
To get some answers – as well as solutions to the growing challenges – CybersecAsia discussed Veritas’ recent research findings with Andy Ng, Vice President and Managing Director, Asia South and Pacific Region, Veritas Technologies.
How has the pervasive adoption of the cloud, as well as hybrid work arrangements, contributed to cyber risks?
Ng: Recent Veritas research shows that 80% of organizations globally expanded their cloud deployments beyond their original plans during the COVID pandemic. Often, this was to empower new ways of working or of delivering services where, with limited access to their in-house IT infrastructure, the cloud became a convenient solution to meet their needs.
We’re seeing a lag between the rapid expansion of the threat surface that comes with increased multi-cloud adoption, and the deployment of data protection solutions needed to secure them. Our research showed that 39% of companies globally felt that their security measures had failed to keep up with their digital transformation and, while some businesses are investing to close that resiliency gap, unless this is done at greater speed, companies will remain vulnerable.
New working regimes have also meant business data is being spread across a great number of different locations. Everything from deal-making to the processing of orders is now taking place on cloud collaboration tools, such as Microsoft Teams and Zoom, fracturing a digital paper trail across a rapidly expanding group of cloud platforms.
Our data shows that companies are exposed to data breaches and compliance risks when employees misuse messaging platforms. For example, 58% of employees globally are saving their own copies of information they share over instant-messaging apps, while, in stark contrast, 54% of employees delete it entirely.
Neither scenario serves the company well – the former could potentially lead to data theft and compliance challenges, while the latter could subject companies to hefty fines if companies fail to produce a paper trail upon request from regulators.
What enterprises need is a way to oversee, protect and manage their data across hybrid physical, virtual and cloud environments from a single platform that allows them to tackle new threats as they arise.
It has often been assumed that FSIs are always major targets for cybercrime. What has Veritas’ recent research found to be the industry sectors in Asia Pacific most at risk of being hit?
Ng: FSIs are widely recognized as cash-rich targets for hackers who have historically found them very attractive. Veritas’ recent Vulnerability Lag research found, however, that they were not suffering as badly as some of their counterparts in other verticals.
Pharma companies fell victim to more security events, and more ransomware attacks than any other vertical group, suffering 4.29 incidents and 3.7 ransomware attacks that led to downtime over the past 12 months. FSIs succumbed to 3.00 security events and 3.22 downtime-causing ransomware attacks over the same period, which are higher than the average of 2.83 and 2.57. Public sector organizations were attacked the least with 1.15 security events and 1.18 ransomware attacks that led to downtime.
However, it’s not just how many incidents that is important. How quickly the organization is able to recover is also a critical factor. Healthcare bodies took the longest to resolve their issues, with a whopping 39 hours of downtime in the last 12 months. FSIs were down for an average of 9 hours.
This can, in part, be attributed to the investment that financial organizations have made in their IT. FSIs spent 19% more than average on their IT over the past year and already increased their planned budgets by 6.66% to support their COVID-led digital transformation.
Why do you think these industries are targeted?
Ng: Hackers choose targets for all manner of reasons. Those who are politically motivated may select governmental systems. Those in search of glory focus on targets that are known to be much harder to crack, such as IT security companies or national security forces. Those who have a grudge may only get into hacking to wreak revenge on one specific target that they perceive as wronging them. By far the most common motive though is money.
A huge proportion of cybercrime is perpetrated for financial gain, which means that the target either has something worth stealing, or they have something worth paying to protect. Medical records have an especially high value on the dark web at the moment, so a lot of data theft is being directed at hospitals and other healthcare facilities.
FSIs have been targeted historically because they can deliver a double whammy for hackers. Downtime for financial services companies can be extremely expensive. On the money markets, milliseconds can cost millions – making FSIs highly motivated to pay ransoms to get them back online as fast as possible. On the flipside, financial records, such as credit-card data or bank details, can also be easily sold for profit.
The recent focus on pharmaceutical companies could well be the result of the high profile that they’ve had through the pandemic. Unlike other industries that were in the news for reduced sales and supply-chain challenges, the pharma sector was seen to be growing with COVID treatments and vaccines swelling their revenues. The hackers will always follow the money.
How should Asia Pacific business leaders realign their strategies, for consistently stronger and more efficient cybersecurity practices?
Ng: The most important thing for business leaders to consider is whether they really do have a strategy or if, really, they just have several security tactics. It’s still the case that many CXOs design business and digital transformation projects before properly considering their security.
Many businesses were forced to take this approach during the pandemic where the urgent need to evolve processes to survive new conditions meant that projects had to be pushed into production today, and security could follow tomorrow. Our data showed that 37% of organizations polled in the region said that their security infrastructure hasn’t kept pace with their transformation projects born out of the pandemic.
Businesses now expect it to take another two years before their protection will catch up but, even when this happens, for too many companies this approach will see them look at each project and retrospectively select a point product to plug the gap in their protection. This tactical approach, however, does them no favors.
Businesses can make significant savings and gains by proactively developing a holistic data protection strategy that they can enact from the start of their projects. Standardizing on a single-platform data-protection solution can save on the cost of purchasing multiple products, the admin of managing multiple products and the damage caused by ransomware slipping through the gaps between the patchwork of solutions that would otherwise have been deployed.
This shift in mindset and approach would have the biggest impact for many organizations across the Asia Pacific region.
What best practices would you suggest for protecting organizations across different sectors against cloud-based attacks?
Ng: Attacks on data in the cloud are growing rapidly at the moment because hackers are using a common misunderstanding as a chink in the armor of businesses across Asia Pacific. Veritas research showed that 49% of IT leaders strongly believed that it was their cloud service provider’s responsibility to protect their data.
However, most cloud companies will make it explicit in their terms and conditions that this responsibility actually lies with their customers.
This confusion over who should be managing the protection of data stored in the cloud means that it’s easy for situations to occur where nobody is doing it. Hackers know this and will proactively seek out opportunities to exploit the vulnerability.
Organizations who want to avoid this situation should consider embracing a comprehensive data protection platform that can cover them from edge to core to cloud. In this way, they’re able to simply extend the protection that they rely on in their own data centers to their critical data in the cloud, closing the gaps and defending their businesses.