Most Asia-Pacific organisations believe they are not prepared to handle cyberattacks, despite more such incidents and new threats arriving in the horizon, according to Internet infrastructure company Cloudflare.
Some 78 per cent of respondents experienced at least one cybersecurity incident in the past 12 months, revealed a Cloudflare study that was conducted with 4,000 cybersecurity decision-makers and leaders across Asia-Pacific.
For 63 per cent of survey participants, cybersecurity events cost their firms at least US$1 million in the last year, with 14 per cent reporting losses of more than US$3 million.
The organisations were similarly worried about regulatory action. According to 33 per cent of respondents, their organisation reported violations to the appropriate authorities, 26 per cent of whom paid fines, and the same percentage of whom were subject to legal action.
While cybersecurity events now occur more frequently, just 38 per cent of organisations perceive themselves to be highly prepared. The industries that feel they are less ready to handle an issue are healthcare (16 per cent), education (13 per cent), government (10 per cent), and tourism (10 per cent).
Separately, a threat landscape report released this week by Tenable, a cyber exposure solutions provider, found that cybercriminals are focusing on healthcare facilities across the Asia-Pacific. While these targets may not have substantial financial reserves, attacks can still inflict great harm.
In 2022, healthcare was the industry most frequently attacked by ransomware attacks, accounting for 35.4 per cent of all breach instances studied, according to Tenable’s most recent study. This was a significant increase from its prior contribution of 24 per cent of all breach instances in the prior year.
“Cybercriminals have traditionally been attracted to high-yield targets such as the banking, finance, and pharmaceutical sectors,” said Nigel Ng, vice president for Asia-Pacific and Japan at Tenable.
“However, it’s become evident that their attention has been veering towards healthcare information, mainly because they recognise the slower pace at which healthcare providers in our region are adopting preventive cybersecurity measures,” he noted.
Some well-known cyber incidents include the recent Covid-19 vaccination portal breach in India, which resulted in the unauthorised disclosure of millions of people’s medical and personal information.
The Cloudflare study also found that Web attacks, phishing, Distributed Denial-of-Service (DDoS), insider threats, and stolen credentials were the most common online attacks. According to respondents, cybercriminals’ top priorities are financial gain, data exfiltration, ransomware, and the installation of malware, in that order.
Notably, the most urgent cybersecurity challenges that organisations face are securing a hybrid workforce (51 per cent), protecting against cyberattacks (48 per cent), and deploying Zero Trust (42 per cent).
Of the Singapore respondents, 81 per cent experienced a cybersecurity incident in the past year, with 46 per cent saying their organisations suffered a financial impact of at least US$2 million in the last 12 months.
Despite the huge business impact of cybersecurity incidents in Singapore, only 27 per cent of respondents indicated they were well prepared to prevent them. This is lower than the Asia-Pacific average of 38 per cent.
Essentially, organisations need to build a strong security culture, said Jonathon Dixon, vice-president and managing director for Asia Pacific, Japan and China at Cloudflare.
“[This] empowers business leaders to approach cybersecurity as a strategic imperative to every organisation, including technological and cost consolidation, in order to get the double benefit of spending less while having a more robust and simpler-to-manage cybersecurity infrastructure,” he added.