Despite the development of cybersecurity measures this past year, many organisations in Asia Pacific (APAC) are anticipating successful cyber attacks this year. In fact, the threat landscape is such an issue that 82 per cent expect to be victims of cyber criminals according to Trend Micro Incorporated, a cybersecurity organisation.
The findings come from the Trend Micro biannual Cyber Risk Index (CRI) report. It measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. In the second half of 2022, the CRI surveyed more than 3,700 CISOs, IT practitioners, and managers across North America, Europe, Latin/South America, and APAC.
In the CRI, three in four organisations cited that it was “somewhat to very likely” they would suffer a breach or attack. Breaking down how they suspected an attack would come, 74 per cent said consumer data would be breached. Seventy-four per cent also said they believed they would likely suffer a breach of intellectual property, while 82 per cent said a successful cyberattack was likely to happen. Trend Micro’s CRI finds that these fears are still prevalent despite risk warning shifting from “elevated” to “moderate”.
Though they are declines from the H1’22: consumer data breach, 76 per cent; intellectual property, 78 per cent; and successful cyberattack (89 per cent), APAC organisations are still worried.
The Philippines’ cyber risk declines
APAC as a whole has improved its risk label to “moderate” from H1’22. It has declined from -0.11 to 0.05 However, not every country has been able to say this. The Phillippines has improved its cybersecurity preparedness from H1’22 (-0.21). Nonetheless, its CRI index remains negative at -0.06. Some business implications for an elevated risk label include:
- High likelihood of a compromise.
- Some ability to detect new threats.
- Low visibility of threats within network.
- Lack of an incident response process.
However, local organisations remain strongly on guard with over 80 per cent of organisations citing that they are “somewhat to very likely” to experience a breach. Specifically in: customer data (82 per cent), intellectual property (82 per cent), or successful cyberattack (87 per cent) in the next 12 months.
Building on momentum
Nilesh Jain, vice president, Southeast Asia and India, Trend Micro said: “We’ve seen a drastic improvement in the APAC cyber risk index since the first half of 2022. Figures are moving into positive territory at 0.05 from negative levels. This is a promising result as it means that organisations have greatly stepped up to improve their cyber preparedness.
“It is crucial for organisations to continue this momentum by focusing on the threats that matter most to their business this year. The first step is to gain complete and continuous attack surface visibility and control.
“To address new complexities arising from an expanding attack surface, security teams need to bolster their capabilities. Especially in proactive attack surface risk management.
“On top of architecture improvements for enhanced interoperability, scalability and agility, having a unified cybersecurity platform with extended detection and response (XDR) capabilities is also critical in enhancing security teams’ visibility and response to threats. Both across internal and external systems, and accounts and devices. This would give organisations a leg-up in understanding, communicating, and mitigating expected risks.”
Expected cyber threats in the Philippines and APAC this year
Organisations in the Philippines and APAC cited ransomware, business email compromise, and botnets among the top five cyber threats that they expect to experience this year.
Where the Philippines differs from the rest of the region is in expectation of watering hole attacks and denial of service (DoS) attacks. Meanwhile, the region more generally speaking expected more clickjacking and crypto-mining-based attacks.
Current infrastructure security risks of organisations in the Philippines and APAC
In APAC and the Philippines, the primary infrastructure risks cited are people related. Respondents in the Philippines and across the region named employees/personnel as representing three of their top five infrastructure risks. Specifically, both the region and the Philippines highlighted negligent insiders as the top concern.
The other two risks rounding out the top five included cloud computing infrastructure and provider risks and organisational misalignment and complexity.
Ian Felipe, country manager, Trend Micro Philippines: “Hybrid work has become the norm in the Philippines—Trend Micro’s recent Risky Rewards study revealed that 78 per cent of Filipino businesses believe that offering the ability to work from anywhere has become vital in the war for talent.
“At the same time, 62 per cent believe there is a strong connection between cybersecurity and overall business risk. Local organisations thus need to master a balancing act between offering employees flexibility and minimising both the security and business risks that arise. Armed with the insights provided by the CRI, CISOs and CIOs in the Philippines can now better evaluate not only the technology solutions, but its people and processes to help mitigate cyber risks across the enterprise.”
