A global study has gleaned some unsurprising insights about the region’s increased exposure to cyber threats, yet not enough is being done.
To understand how organizations are coping with the changing nature and requirements of work during the pandemic, and if attitudes and behavioral trends reveal potential risks in the coming weeks, a survey was conducted among 4,048 senior decision-makers in Australia, France, Germany, Great Britain, India, Japan, Netherlands, Singapore and the US, by London research group YouGov on behalf of cybersecurity firm CrowdStrike, from 14 to 26 April 2020.
For the Asia-Pacific (APAC) region, 1,780 respondents (Australia: 500, Japan: 502, India: 526, Singapore: 252) were polled.
Some findings of interest
Note that the survey period did not involve much relaxations of lockdown measures. The report found:
- 83% of respondents in the APAC region were working remotely more often or about the same as before. Specifically
- Australia: 87% were working remotely more often or about the same as before, with almost six in 10 (59%) working remotely more often as a direct result of the pandemic.
- Similarly, the figures for Japan were77% (more often or about the same as before) and 40% (more often as a direct result of the pandemic).
- For India: the results were 83% and 69%.
- For Singapore: the results were 90% and 74%.
- Australia: 87% were working remotely more often or about the same as before, with almost six in 10 (59%) working remotely more often as a direct result of the pandemic.
- Based on the data points above, the percentage of respondents in Singapore working remotely more often as a direct result of the pandemic was the highest of all countries included in the research, followed by India, suggesting that a greater transition is being made in these two countries, as compared to counterparts like Australia, Japan, and even the US (65%) and the UK (63%)
- A mix of corporate and personal devices for work in the Asia-Pacific region created cybersecurity challenges and risks, especially for organizations whose cybersecurity policies only catered for in-office work environments.
- 62% in the Asia-Pacific region reported that they were using their personal devices, including laptops and mobile devices, to complete work.
- 86% in the Asia-Pacific region reported that they were using a mix of company and personal devices to complete work.
- With vulnerabilities accrued to the use of unpatched devices and insecure personal networks, Singapore, and India, with a greater share of their workforces using personal devices for work, could be at greater risk.
- India: 72% reported that were using their personal devices, including laptops and mobile devices, to complete work; 93% reported that they were using a mix of company and personal devices to complete work.
- Singapore:70% reported that were using their personal devices, including laptops and mobile devices, to complete work; 97% were using a mix of company and personal devices to complete work.
- Australia (62% and 89%) and Japan (47% and 70%) could also be subject to the same risks, but to a lesser extent.
- India: 72% reported that were using their personal devices, including laptops and mobile devices, to complete work; 93% reported that they were using a mix of company and personal devices to complete work.
- 62% in the Asia-Pacific region reported that they were using their personal devices, including laptops and mobile devices, to complete work.
- Such risks are exacerbated by the fact that exactly half of respondents in the APAC region who used a device to work from home believed that these devices were only “somewhat secure” against advanced cyber-threats, with a further 10 % saying that the devices they used to work from home were “not very secure” or “not secure at all”.
- Australia: 54% who used a device to work from home believed that these devices were only “somewhat secure” against advanced cyber-threats, with a further 7% saying that the devices they used to work from home were “not very secure” or “not secure at all”.
- Similarly, for Japan the results were 65% and 16%.s
- For Singapore the results were 56 % and 12%.
- For India the current state of the workforce might be giving respondents in India a false sense of security, with 58% of local respondents believing that these devices are “very secure” against advanced cyber-threats, especially when the next insight below is reviewed.
- Australia: 54% who used a device to work from home believed that these devices were only “somewhat secure” against advanced cyber-threats, with a further 7% saying that the devices they used to work from home were “not very secure” or “not secure at all”.
- Across the board, respondents reported insufficient training on the risks associated with working from home, especially among small businesses, despite the belief that serious cyber-attacks are more likely during the pandemic.
- More than half (54%) of respondents in the APAC region believed that their companies are more likely to experience a serious cyber-attack during the COVID-19 pandemic than they did previously (i.e., before the COVID-19 outbreak).
- This belief was the strongest in India, with 61% of respondents believing that their organizations are more likely to experience a serious cyber-attack during the COVID-19 pandemic than they did previously (i.e., before the COVID-19 outbreak), followed by Japan (57%), Singapore (49%) and then Australia (47%).
- Respondents in the APAC region were more likely to believe their organizations are more likely to experience a serious cyber-attack during the COVID-19 pandemic than they did previously, as compared to their counterparts in the US (41%) and the UK (32%).
- This belief was the strongest in India, with 61% of respondents believing that their organizations are more likely to experience a serious cyber-attack during the COVID-19 pandemic than they did previously (i.e., before the COVID-19 outbreak), followed by Japan (57%), Singapore (49%) and then Australia (47%).
- 45% of respondents in the APAC region said that their employer had not given them extra training on the cybersecurity risks associated with working from home.
- This issue appears to be the greatest in Japan, with 60% of local respondents saying that their employer had not given them extra training on the cybersecurity risks associated with working from home, followed by Australia (48%), Singapore (40%) and then India (36%).
- This issue appears to be the greatest in Japan, with 60% of local respondents saying that their employer had not given them extra training on the cybersecurity risks associated with working from home, followed by Australia (48%), Singapore (40%) and then India (36%).
- More than half (54%) of respondents in the APAC region believed that their companies are more likely to experience a serious cyber-attack during the COVID-19 pandemic than they did previously (i.e., before the COVID-19 outbreak).
- The report finds that small businesses are at even greater risk, with the majority of respondents saying that their employer had not given them extra training on the cybersecurity risks associated with working from home—Australia (64%), Japan (73%), Singapore (61%) and India (45%).
Overall, in the Asia-Pacific region, the survey reveals that almost 6 in 10 of respondents reported working remotely more often as a direct result of the pandemic. Commented Sherif El Nabawi, Vice President, Engineering, APJ, CrowdStrike: “With telecommuting still highly encouraged despite the progressive easing of various countries’ lockdown measures, unresolved cybersecurity risks from the initial shift to remote work will be carried forward and will continue to present more opportunities for cyber adversaries.”
Furthermore, with 86% of respondents in the Asia-Pacific region reporting that they were using a mix of company and personal devices to complete work, there are the increased risks associated with Bring Your Own Device (BYOD), including the possibility of an individual’s compromised personal device jeopardizing their employer’s corporate network.
“These include employees inadvertently introducing malicious code when they move work-related files and documents between personal and corporate devices and networks. Personal or home internet connections are also more vulnerable to threat activity, making remote workers a potential threat to sensitive company information,” said Nabawi.
The survey report notes that organizations must update their cybersecurity policies to consider remote-working. This includes planning for the use of personal devices, secure access for BYOD on corporate networks, and leveraging VPNs to protect sensitive data accessed through insecure Wi-Fi.
As nearly half of the respondents in the region said that their employer had not given them extra training on the cybersecurity risks associated with working from home, such training should be a key consideration in the weeks ahead.
Nabawi reiterated: “We also recommend that organizations remain well-prepared, with crisis management and incident response plans that can be readily executed remotely at a moment’s notice and include effective remote collaboration tools. Finally, having advanced endpoint detection and response cybersecurity technology is crucial, so organizations’ cybersecurity teams can centrally and remotely isolate and remediate any threats that emerge from a particular employee’s devices or personal network, well before the threat can break out of its initial beachhead and proceed to infect other users or systems throughout the entire network.”