2022: How APAC Organisations are Preparing for a New Threat Landscape
- Most APAC organizations across Singapore (89%), Australia (81%), and India (88%) saw increased cyber threats during the pandemic
- Cloud security was the top solution that organizations in APAC invested in
- IT professionals in Singapore (37%) and Australia (39%) are looking to invest more than US$1 million in 2022.
The threat landscape continues to evolve and businesses across APAC are aware of this. As such, more organizations are now looking to increase their cybersecurity expenditure as they usher in the new year.
According to a report by McAfee Enterprise and FireEye, most APAC organizations have experienced a two-fold blow, caught between increased cyber threats and reduced security budgets. Looking ahead to 2022, nearly all IT professionals across Singapore (99%), Australia (94%), and India (99%) see an urgent need for organizations to place more emphasis on their overall cyber readiness.
Among APAC countries surveyed, Singapore was the hardest hit by the pandemic, with almost 9 in 10 (89%) organizations reporting increased threats, followed by India (88%) and Australia (81%).
The ever-evolving threat landscape means organizations need more cybersecurity protection. And it is no longer about just protecting data and employees. Businesses are also now looking at how they can protect their IT supply chain as well. Cloud security is now the top security solution implemented by organizations across Singapore (79%), India (82%), and Australia (71%).
“As APAC forges ahead to 2022 and transitions to a digital-first way of life, the new digital economy is creating new revenue streams and opportunities for not only businesses but also cybercriminals. If businesses are to capitalize on the next wave of digital growth, they must act now to strengthen their cybersecurity posture against the new and dynamic cyber threats,” said Jonathan Tan, Managing Director of Asia at McAfee Enterprise.
With remote work expanding the threat landscape as well as new variants of COVID-19 affecting business planning, some organizations are now facing financial pressures on how they can expend their cyber protection. Nearly half of the organizations in Australia (44%) and India (42%) had their technology and security budgets reduced – much higher than the global average of 33%. Meanwhile, Singapore fared slightly better with 31% of organizations facing budget cuts.
Managing the threat landscape in 2022
The dust of the pandemic may not be settling anytime soon, especially with new variants continuing to disrupt most business agendas. Hence, APAC organizations may not pivot away from crisis mode yet but they still need to invest in fortifying their cyber defenses. Fortunately, around 2 in 5 organizations in Singapore (37%) and Australia (39%) plan to invest more than US$1 million in 2022. However, this figure falls to only 1 in 5 (20%) in India, although Indian organizations experienced the most downtime globally (77%).
The top three cyber risks of 2022 that will be the most threatening to businesses in APAC are:
- Singapore: Malware attacks (51%), data breaches (46%), and phishing scams (46%)
- India: Malware attacks (54%), data breaches (50%), and cloud jacking (35%)
- Australia: Data breaches (52%), phishing scams (48%), and malware attacks (40%)
Emerging new threats have remained under the radar of APAC organizations. API services and apps are now becoming lucrative targets for threat actors and now account for over 80% of all internet traffic, as feature-rich APIs are being increasingly used in 5G mobile apps and IoT devices. Worryingly, most attacks targeting APIs go undetected as they are generally considered as trusted paths with lower levels of security controls. The connected nature of APIs could also potentially introduce additional risks to businesses as they become an entry vector for wider supply chain attacks.
Faced with numerous security threats, the top three technologies that organizations intend to invest in for 2022 also varied across different countries:
- Singapore: Endpoint Security (59%), cloud security (49%), advanced threat protection (45%)
- India: cloud security (57%), the security operations center (SOC) (57%), advanced threat protection (55%), and endpoint security (47%)
- Australia: Advanced threat protection (57%), SOC (57%), Cloud security (51%)
As investments to deal with the evolving threat landscape and threat actors increase, one reality is also on the mind of all organizations. Will they be able to cope not just with the increasing threats but also with the more cybersecurity solutions they bring in?
Skills shortage in tech and IT security is still a major problem in APAC. While some of these processes and solutions can be automated, the need for a SOC or specialized IT security teams will be crucial for organizations next year, especially SMEs.