Asia Pacific organizations quietly suffered during a ransomware attack, report says

- Advertisement -

SOME 83 percent of organizations in Asia Pacific were breached by ransomware at least once in the past five years, but only 32 percent publicly disclosed that an incident occurred. The ExtraHop 2022 Cyber Confidence Index–Asia Pacific, conducted by StollzNow Research and covering Australia, Singapore, and Japan, sheds light on the efficacy of current security practices and the reality of the ransomware attack landscape.

Growing cybersecurity budgets don’t necessarily buy improved degrees of protection and confidence, with only 39 percent of IT decision makers (ITDMs) in Asia Pacific expressing a high degree of confidence in their organisation’s ability to prevent or mitigate cybersecurity threats, and an equal percentage having low confidence. Of those that are confident, many shouldn’t be: Lax security practices, continued reliance on legacy technology, and actual attack numbers all suggest that confidence levels may be overstated or unrealistic.

This may explain why executives in the region don’t back transparency or disclosure of incidents, since they can’t be confident history won’t repeat itself. It often does: On average, Asia Pacific businesses that identify as a ransomware victim will be infected–or reinfected–at least once a year.

- Advertisement -spot_img

Key findings of the study include the high cost of ransomware, how attacks come in numbers, how bosses and security teams disagree on disclosure, repercussions to the affected businesses public, and the slow response to vulnerabilities are making companies anxious.

On the bright side however, the is an attentive focus on supply chain risks reflected by the increase or retain budgets for cybersecurity, and finally, 54 percent of respondents said they have updated their cybersecurity infrastructure in 2020 or before. However, a great number–76 percent–said they are concerned about legacy systems being attacked.

“Security leaders in Asia Pacific are facing a challenge. They’re in disagreement with executives around disclosure, they’re getting increased budgets but it doesn’t feel like enough, and there is worry around legal obligations,” said Jeff Costlow, CISO, ExtraHop.

Even as companies continue to innovate with cloud technologies and remote workforces, IT infrastructures remain vulnerable to past architectural decisions, with legacy technology providing ongoing opportunities for attackers to infiltrate networks and unleash ransomware attacks. A lack of visibility and effective use of data has also contributed to organizations’ obstacles in identifying vulnerabilities and preventing ongoing ransomware attacks.

“Digital adoption rates have skyrocketed in Asia, especially during the pandemic as organizations prioritized modernizing their legacy systems to support remote and hybrid working. Yet almost 80 percent of Asian organizations are worried about these legacy systems being attacked,” Kenneth Chen, VP of Asia, ExtraHop concludes.

Author

Share post: