76% of organizations expect data breaches in 2022
Data breaches are a concern for all organizations today. However, how many of these concerned companies are taking their cybersecurity and data protection seriously enough?
Globally, concerns about data breaches have seen companies invest in more cybersecurity protection services. This includes investing in modern technologies like AI-enabled threat detection, endpoint solutions, and network security.
In the Asia Pacific, data breaches are also still rampant. 2022 has already witnessed several companies hit by data breaches. For example, Singapore was ranked sixth in the world for having the most databases exposed last year.
According to Trend Micro’s findings of its latest global Cyber Risk Index (CRI) for the second half of 2021, 76% of respondents expect a breach in the next 12 months. While this is a 10% decrease, it is still an indication of critical security gaps. Over one-third of organizations faced seven or more successful network attacks in the past 12 months, which is actually a 10% increase since previous results.
The findings from the semi-yearly report aim to measure the gap between respondents’ preparedness for attack and their likelihood of being attacked. In the second half of 2021, the CRI report surveyed more than 3,400 Chief Information Security Officers (CISOs) as well as IT practitioners and managers across Asia-Pacific, North America, Europe, and South America.
The CRI report also highlighted the top five cyber threats in Asia-Pacific (APAC). They include:
- Phishing and social engineering – attacks that often scam and steal user data with fraudulent messages usually via emails or text with links or attachments
- Botnets – cybercriminals that infiltrate and gain control of the organizations’ network
- Fileless attack – a malware that uses legitimate tools built in the system to execute an attack
- Ransomware – an attack that withholds critical or personal data, usually to extort some form of payment or exchange from its victims
- Denial of Service (DoS) – an attack that disrupts and prevents the daily operational functions of its victims
APAC organizations also ranked the top five negative consequences of an attack as stolen or damaged equipment, cost of outside consultants and experts, regulatory actions or lawsuits, reputation or brand damage, and customer turnover.
Interestingly, when it comes to security risks within IT infrastructure, organizations are most worried about mobile or remote employees, across third-party applications, and mobile devices such as smartphones. As such, companies are investing in cybersecurity to support remote working, drive business efficiencies and agility, and understand the corporate attack surface.
For Dr. Larry Ponemon, chairman and founder of Ponemon Institute, organizations are facing demanding security challenges every day, from software vulnerabilities, and data breaches, to ransomware attacks and more.
“The semi-annual survey has been a tremendous asset in evaluating the rapidly evolving cyber risk landscape to help organizations improve security readiness and serve as a guidance in strategic planning,” commented Dr. Ponemon.
Over in Malaysia, the CRI revealed that 67% of organizations in Malaysia think they’ll be successfully attacked in the next 12 months, with 22% claiming this is “very likely” to happen.
The report also revealed that 87% claimed to have suffered one or more successful cyberattacks in the past 12 months with 31% suffering more than seven cyberattacks that infiltrated networks or systems. 26% also had more than seven data breaches of information assets while another 24% suffered more than seven breaches of customer data over the past year.
Goh Chee Hoh, Managing Director for Trend Micro Malaysia and Nascent Countries explained that to craft an effective cybersecurity strategy, organizations must master the art of risk management. For Goh, reports like the CRI can be a great resource in highlighting areas of possible concern.
“As remote working and digital infrastructure threats persist, organizations should adopt a platform-based approach to optimize security whilst minimizing their security sprawl,” added Goh.