In recent years, the Asia-Pacific (APAC) region has become increasingly attractive to cybercriminals. According to IBM X-Force Threat Intelligence Index 2022, Asia was the most attacked region in 2021, receiving 26 percent of the global attacks. India tops the list of the most attacked country in Asia.
Various reports highlight a significant shift in cyberattacks from North America and Europe to Asia. The rise in cyberattacks in APAC is credited to the region’s rapid digitalization coupled with low cybersecurity awareness, training, and regulations. This regional focus marks an emerging opportunity for business leaders in the APAC to consider how they can improve their cybersecurity postures and be aware of the latest cybersecurity trends.
Here are the top 4 cybersecurity trends for APAC companies in 2022:
- A renewed focus on data privacy and security
The impact of GDPR laws on data protection has inspired APAC governments to introduce cybersecurity bills on data protection. Bangladesh is well on its path to introducing the first of its kind draft cybersecurity strategy that aims at creating safer cyberspace. While India is inching toward the final approval for its Personal Data Protection (PDP) bill.
But the biggest impact for companies in APAC is the widespread introduction of mandatory data breach notification laws. For instance, Singapore’s new Cybersecurity Act requires organizations from 11 key industry sectors to report any breach of critical information infrastructures to the Singapore Cyber Security Agency. Under its Personal Data Protection Commission (PDPC), organizations are to notify of any cyber incident within three days of the event. The shift from voluntary to mandatory reporting, in a time-limited setting, would require companies to focus on improving their privacy compliance and security strategies or risk paying hefty fines.
iValue Recommends: Set up an incident response team and create a template data breach notification. Your team would be responsible for planning a response to a breach and notifying employees, partners, vendors, regulatory bodies, and other stakeholders.
- Combating Ransomware-as-a-Service
According to the 2022 Thales Data Threat Report, 1 in 5 businesses have paid or would pay a ransom for their data. Organizations in APAC are attacked 51 times per week on average. Indian companies are prime targets for ransomware, with 1 in 4 companies reporting a ransomware attack in 2021. Adding to the alarming statistics are reports that APAC organizations are more likely to pay the ransom sometimes as high as $USD 1 million.
APAC’s vulnerability to ransomware, fuelled by Ransomware-as-a-Service (RaaS), is a push for leaders to devise ransomware defense plans. The aim is to prioritize building cyber resilience by implementing new technologies and providing cybersecurity training to employees.
iValue recommends: The biggest element for cyberattacks is human error. Invest in training your staff in best practices of cybersecurity and maintaining basic security hygiene. Have advanced threat hunting solutions in place to weed out trojans (Trickbot, Emotet, Dridex, CobaltStrik) and ransomware infections from your network.
- Rise in collaborative cybersecurity efforts
Given that threat actors target companies with multiple locations, there is a need for an increased collaborative effort between governments, companies, vendors to strengthen the cybersecurity landscape. In light of the increasing threats and challenges, many companies and governments are working together to share information and best practices and develop new cybersecurity solutions. Through initiatives such as information sharing platforms and incident response exercises, organizations in the Asia Pacific region are working together to address cyber threats and accelerate public-private partnerships in cybersecurity.
For example, Philippine bankers are learning cybersecurity best practices from the United Kingdom. According to FIT Country Director Richard Colley, the initiative “aims to help forge relationships and build connections between the UK and the Philippines and work together in addressing cyber security risks.” Meanwhile, Microsoft is on a mission to unite APAC governments and state agencies with the cybersecurity council. The Asia-pacific Public Sector Cyber Security Executive Council is a growing group of government leaders, policymakers, regulators, and industry stakeholders from Singapore, Indonesia, South Korea, Malaysia, Thailand, Brunei, and the Philippines. The council meets every quarter to “maintain a continuous exchange of information on cyber threats and cybersecurity solutions.”
iValue recommends: Look for security management platforms that offer automation at scale, customized threat intelligence, and leverage AI.
- Cybersecurity education
A dearth of cybersecurity experts and skillsets is the bane of the cybersecurity industry. Despite reskilling and upskilling efforts, organizations are finding it increasingly difficult to find and retain qualified talent. According to the 2021 World Economic Forum (WEF) report, the APAC region accounts for 66 percent or 2.045 million of the global cybersecurity talent shortage.
Source: World Economic Forum (WEF) Report 2021
To address the cybersecurity workforce gap, organizations, institutions, and governments are working on specialized cybersecurity training programs. For instance, The Asia Pacific University of Technology and Innovation (APU) in Malaysia offers specialized graduate courses in collaboration with industry experts, a state-of-the-art infrastructure learning space (CyberSecurity Talent Zone), a full-fledged Cyber Threats Simulation and Response Center (or Cyber Range), and a Security Operations Center (SOC) with military-grade real-time cybersecurity monitoring systems, research centers, and simulation infrastructure. Whereas, giant tech corporations like IBM and Microsoft are investing in cybersecurity hubs in APAC regions to deliver immersive training programs.
iValue recommends: Cybersecurity is a necessity for every company. Organizations must recognize that investing in skilled cybersecurity professionals and building a team is essential for long-term success. Expand your team’s capabilities, skillsets, and geographies by hiring remote workers across the globe