In May of this year the WannaCry ransomware attack affected more than 200,000 computers in 30,000 organizations across 150 countries. These attacks highlight the importance organizations should place on ensuring employees understand cyber risk and relevant information security measures.
This is especially true for organizations in the Asia Pacific (APAC) region, who are 80 percent more likely to be the target of a cyber attack. Despite this heightened risk, a recent report by the Asia Pacific Risk Center (APRC) maintains that a lack of transparency in the region leaves it ill-prepared to thwart such attacks.
Fast pace of digitalization contributing to risk
APAC countries face a higher potential threat to cyber attacks than other countries across the globe in large part due to the speed and scope of growth in the region’s digital use and connectivity.
It is expected that globally online users will increase by approximately 500 million between now and 2020, with the APAC region contributing to 60 percent of this growth.
Similarly growth in 4G mobile connections is expected to rise to 4.2 billion by 2020 up from 1 billion in 2015, and it is predicted that the number of overall Internet-enabled devices will increase to 8.6 billion by 2020 in the APAC region.
Large number of users uninformed of cyber risks
APAC’s cyber risk is also heightened by the fact that a lot of the increase in digitalization is comprised of users who are completely new to the Internet and have no knowledge of viruses, malware or phishing scams.
Most of these users, the report found, are connecting to the Internet via their mobile phones – which are less likely to have anti-virus protection – with many likely to be downloading pirated software. This leads to their devices being unable to run updates and obtain the latest security measures. These factors all contribute to a digital environment full of vulnerabilities that sophisticated criminals are more than ready to exploit.
Risks outpacing cyber security efforts of APAC organizations
Organizations in APAC are exacerbating the situation by lagging behind growing digitalization. For example:
- APAC organizations take 1.7 times longer than the global average to detect a breach;
- 70% of organizations in APAC lack a solid understanding of their cyber posture; and
- APAC investment in cyber security is 47% lower than in North America.
Lack of transparency hinders momentum
An estimated 90 percent of large APAC organizations experienced some form of cyber attack last year, although the true extent of this exposure is difficult to determine given that most countries have no legislation requiring governments or organizations to disclose such attacks.
This lack of transparency fosters complacency regarding cyber threats and minimizes the true impact of cyber attacks. This, in turn, prevents the region from reaching a level of threat awareness that would compel organizations and governments to take the necessary action on cyber security prevention.
APAC governments also bear responsibility for the region’s weak cyber security, according to the report. Although some APAC countries — Hong Kong, Philippines, South Korea, Taiwan, China, Japan and Australia — have comprehensive data protection regimes in place, many countries still have yet to implement effective cyber security legislation. Even where laws do exist, there are countries that lack the resources to enforce legislation, and in some cases the structure, processes or culture necessary to comply with regulations.
Action needed to stem loss of business revenue to cyber crime
Even though several individual governments have developed effective legislation, organizations in those countries are still susceptible to cyber attacks. The APAC region lost an estimated $81 billion in business revenues to cyber crime in 2015, with costs continuing to increase. Stemming such losses requires that organizations adopt and implement comprehensive cyber security programs aimed at making them better able to detect, address and withstand cyber attacks.
Insiders a significant threat to organizations
In developing such programs, organizations should note the findings in IBM’s 2016 Cyber Security Intelligence Index, which states that insiders account for 60% of breaches, one-third of whom were inadvertent actors who either mistakenly allowed attackers access to data or failed to observe proper cyber security policies.
Employee training is critical for effective cyber security efforts, and with Thomson Reuters your organization is provided with online training courses on Information Security and Cyber Risk Awareness and Data Privacy and Security. These courses provide your employees with an overview of the most effective ways to implement cyber security measures, as well as the tools to identify and avoid risks when handling sensitive information.