More than half of organizations (59 per cent) surveyed in Asia have detected a business interrupting security breach at least once a month, shows the Cyber Security Report 2017 released by Telstra.
The study paints a mixed view of the state of cyber security in Asia, most alarming is the increase and regularity of cyber-attacks on businesses, while cloud security came up as a major security issue for Asian organisations.
The findings indicate that businesses in India are most at risk to cyber security attacks, with organisations in the country experiencing the highest number of weekly security incidents of all Asian countries surveyed (14.8 per cent).
India is followed closely by Hong Kong, with 14.7 per cent experiencing weekly incidents. On the other end of the scale, organisations in Singapore appeared to be the most resilient with the least number of incidents occurring weekly.
Telstra’s Director of Security Solutions, Neil Campbell, said with the rapid growth in the number and variety of connected devices and applications, including emergence of the Internet of Things and virtual cloud environments, the surface area for cyber security threats continues to grow considerably year on year.
“Businesses in Asia are dealing with unprecedented security and business challenges. Many of these are fuelled by mobility, cloud based service offerings and the need to have an environment that adapts to the way users want to work and interact. Organisations must invest in appropriate security initiatives in order to reap the benefits of innovative technologies, like Cloud and IoT devices, as they emerge,” said Campbell.
Ransomware on the rise
Ransomware attacks were also amongst common security breaches with one in four organisations across the region experiencing an attack on a monthly basis. Approximately half of those affected indicated that they paid the ransom, however, nearly 40 per cent of organisations that paid the ransom did not recover their files.
“When it comes to cybercrime, our research shows that there is no such thing as honour among thieves. If businesses choose to pay a ransom to criminals, they are taking a major gamble,” said Campbell.
Cloud adoption outpacing security teams’ ability to manage risk
While 93 per cent of businesses in Asia are using cloud services, respondents still view the adoption of cloud services as a significant security challenge. Six in ten businesses see theft of corporate data as a major threat in adopting cloud services, yet only 43.1 per cent feel that they are ready to handle this risk.
“We’re seeing more organisations turning to the cloud to improve agility and flexibility, as well as improving collaboration and reducing costs. With this, businesses are opening themselves up to a number of security risks but what needs to be considered is that these are just like any other business risks. The only difference is that they are a relatively new form of risk, and as such they require a new way of thinking. One of the most effective ways to prevent and mitigate such threats is by increased C-level responsibility,” said Campbell.
Greater C-level involvement
In comparison to the Telstra Cyber Security Report 2016, there has been an increase in C-level executives taking primary responsibility for security incidents, as well as being more actively involved in prevention and mitigation initiatives.
C-level executives in Asia are perceived to be the primary stakeholders in taking responsibility for security incidents which has increased from 35 per cent in 2015 to 65 per cent in 2016. This significant responsibility shift may reflect the growing involvement of the C-suite executives in the cyber security strategy and responsibility within their organisations.
“The good news is that over two out of three C-level executives in Asia now have high involvement in their cyber security initiatives. This is a signal that cyber security is now recognised as an all-of-business issue, not just an IT issue, requiring an approach involving people, process and technology,” said Campbell.
Heightened awareness
The growth in cyber-attacks and incidents across Asia has resulted in a heightened awareness of the business impacts such risks can have. This has in turn led to increased IT security spend with close to 94.7 per cent of organisations in Asia increasing their security budget this year.
Phishing email attacks were the most common cyber security issue reported, with more than 30 per cent of organisations experiencing at least one attack each month.
‘Network attack or outage’ was ranked as the top threat with the adoption of cloud services by respondents from Singapore, unlike the rest of the Asia region which cite “theft of company data” as the number 1 potential risk as a result of adopting cloud services.