By Vivek Gullapalli, Field CISO, Check Point.
- The average annual cost of cyber crime is expected to increase from $8.4 trillion in 2022 to more than $23 trillion in 2027.
- The Asia Pacific (APAC) region is experiencing a huge increase in cyber attacks compared to its global counterparts.
- We outline why APAC is being targeted and what can be done to prevent cyber crime.
The pace at which the cyber threat landscape is evolving with the democratization of malicious software, the mobilization and organization of cyber criminal groups, geopolitical conflicts, and economic uncertainty have all combined to create the perfect environment for threat actors to flourish. According to FBI and IMF data, the average annual cost of cyber crime is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.
Nowhere is this industry disruption more prevalent than in the Asia Pacific (APAC) region, which has emerged as the new “ground zero” for cyber crime incidents. According to a report by Check Point Research, APAC witnessed the highest year-over-year increase in weekly cyber attacks during the first quarter of 2023, averaging 1,835 attacks per organization. In contrast, the global average stood at 1,248 attacks per week. This alarming trend raises concerns about the reasons behind this shift and the measures needed to address the growing cyber threats in the region.
Why is cyber crime soaring in APAC?
The increased number of sophisticated attacks in the region gives real cause for concern, as seen in the case of the popular 3CX phone service application which was turned into a trojan as part of a supply attack. The democratization of malware is also in full swing, with recorded incidents of threat actors using ChatGPT to generate code designed to help less-skilled actors launch cyberattacks with ease.
What has triggered this increased volume and sophistication of attacks? If we consider why the region has become a hotbed for cyber crime, there are several factors at play:
- Accelerated digital transformation: The APAC region has undergone rapid digital transformation, especially during and after the pandemic. Many organizations have rushed to adopt new technologies and digital platforms, often without adequately securing them, leaving vulnerabilities ripe for exploitation. This increased digitization has expanded the attack surface for cyber criminals.
- A new generation of users: The TikTok and Facebook generation in APAC rely heavily on mobile devices and collaborative tools, to the point they have become desensitized to the risks associated with clicking on suspicious links or sharing sensitive information online. Their online habits make them more susceptible to social engineering attacks and phishing attempts.
- The hybrid working model: The rise of the hybrid workforce, combining remote and in-office work arrangements, has created new challenges for cyber security teams. The shift towards remote work has increased reliance on digital communication and collaboration tools, exposing organizations to new security risks as cyber criminals exploit vulnerabilities in remote access systems and unsecured access points within the home.
- The collaboration conundrum: The proliferation of collaboration platforms has introduced a new attack surface for cyber criminals. The increased usage of tools like video conferencing, cloud storage, and file-sharing platforms has become a breeding ground for potential security breaches, with threat actors targeting weak security settings, unpatched software, and unsuspecting users to gain unauthorized access to sensitive data.
- Huge manufacturing demand: The APAC region, particularly countries like Taiwan, China, Vietnam and more plays a significant role in the semiconductor and manufacturing sector. The manufacturing industry’s economic importance and the intellectual property it holds make it an attractive target for cyber espionage and intellectual property theft.
What can be done to prevent cyber crime?
Steps need to be taken now to prevent APAC from becoming a prolific breeding ground for cyber threat activity, including:
- Higher level of public and private collaboration: Enhanced intelligence sharing among organizations, governments, and cyber security agencies can help prevent attacks and proactively address emerging threats. This collaborative approach can facilitate the timely dissemination of threat intelligence, enabling organizations to strengthen their defenses.
- Establish national task forces – Following the examples of countries like Singapore, creating dedicated task forces focused on cybersecurity can help coordinate efforts, share best practices, and develop comprehensive strategies to combat cyber crime effectively.
- Greater awareness and education: Governments, banks, and businesses should invest in awareness campaigns to educate the public and employees about the risks of cyber crime; in Singapore with their “Better Cyber Safe than Sorry” campaign with private e-commerce retailers like Shopee and supermarket chain, NTUC Fairprice, continuing with instructional videos, national television advertisements and posters at most bus stops. By promoting cyber security awareness and providing guidance on recognizing and responding to potential threats, individuals can become more vigilant and better equipped to protect themselves and their organizations.
- Improved national regulations: APAC countries should consider implementing robust and standardized cyber security regulations to ensure consistent protection. Learning from successful examples such as Australia and Singapore, these regulations can set minimum security standards, encourage regular assessments, and establish penalties for non-compliance. By creating a regulatory framework that emphasizes cybersecurity, APAC countries can encourage organizations to prioritize security measures and adopt best practices.
- Strengthen cyber security leadership: Organizations in APAC should focus on improving their cyber security leadership and governance structures by appointing qualified professionals with expertise in cyber security to executive positions and boards of directors. By prioritizing cyber security at the highest levels of decision-making, organizations can foster a culture of accountability and ensure that security measures are given due importance. Organizations need this right level of CISO leadership with empowerment and a strong mandate to drive “intelligence led prevention first cyber security approach” to combat the new frontier of cyber battlefields.
- Collaboration with international partners: Cyber crime knows no borders, and it is crucial for APAC countries to collaborate with international partners in combating cyber threats. By sharing information, resources, and expertise, countries can collectively strengthen their defenses and mitigate the risks posed by cyber criminals who may operate from different jurisdictions.
- Continuous investment in cyber security: APAC organizations must allocate adequate resources to cyber security initiatives. This includes investing in robust security solutions, regularly updating and patching systems, and conducting comprehensive security audits to stay ahead of evolving threats and reduce their vulnerability to attacks.
It is important to recognize that shifting APAC from being the most heavily attacked region requires a multifaceted approach involving collaboration, awareness, regulation, and continuous improvement from multiple parties. By implementing these measures and fostering a cyber security-conscious culture, APAC can enhance its resilience against cyber criminals and protect its digital infrastructure, businesses, and individuals from the ever-growing threat landscape and mitigate the risks to secure its position as a future leader in the digital age.
This article was originally published by the World Economic Forum and has been reprinted with permission.