(Source – Shutterstock)

Online attacks against businesses in SEA up by 45% in 2022

Article by Nathan Hew

As the COVID-19 pandemic led to an increase in e-commerce and businesses digitalizing their services, it also opened the door to increased online attacks. While online attacks continue to increase globally, the Southeast Asian region seems to be experiencing them at a much higher and faster pace.

Southeast Asia (SEA) has always been a target for cyberattacks in the region. Significant data breaches affected many industries, including government, healthcare, and financial services. With the region housing a rapidly growing population of internet users and an accelerating digital transformation, it also has made itself a target for cybercriminals looking to steal sensitive information and disrupt online services.

Last year, cybercriminals had a blast targeting companies in SEA, according to the latest data from Kaspersky. Statistics showed a 45% jump in web threats blocked by its business solutions in 2022.

Web threats are online attacks that expose users to online harm and can cause undesired actions or events. Not only are these online attacks damaging to businesses, but they can also severely impact customers. Some of the most common types of web threats include data theft, phishing attacks and computer viruses.

At the peak of the COVID-19 pandemic in 2020, the global cybersecurity and digital privacy company prevented 10.20 million web attacks from infecting businesses in the region. The number dipped slightly in 2021 at 9.18 million and spiked again in 2022 at 13.38 million.

Kaspersky found that Singapore logged the highest year-on-year jump in terms of web threats targeting business last year. It recorded more than a three-fold spike (329%) after Kaspersky’s business solutions blocked a total of 889,093 web attacks, a whopping increase from 2021’s total of 207,175 incidents.

A similar trend is seen across the other four other countries in SEA. Malaysia is another prime target, with a 197% increase in web threats targeting businesses, followed by Thailand (63%), Indonesia (46%), and the Philippines (29%).

The only exception, however, appears to be Vietnam. Kaspersky’s data recorded a slight dip (-12%) after recording only 2.49 million incidents last year as compared to 2021’s 2.82 million. Southeast Asia general manager Yeo Siang Tiong explained why this is the case.

“The Vietnam government has continuously pushed to beef up the cybersecurity defenses of the nation and the country’s local companies and it is encouraging to see that the efforts are translating into concrete results,” Yeo shared.

“The manager adds that while the IT security talent gap remains an issue, outsourcing experts and comprehensive solutions can offer efficiencies to fill this missing piece. “As 2023 will be the first year of fully re-opened borders and markets, we encourage companies here to allocate budget and resources to strengthen their defenses against the increasing attacks against their networks,” said Yeo.

online attacks

(Source – Kaspersky)

How can businesses protect themselves from web-based online attacks? 

Web-based threats, or online threats, are attempts to download malicious objects from a malicious or infected website. Malicious users deliberately create these websites; they include sites with user-contributed content, such as forums, and compromised legitimate resources.

Regardless of intent or cause, the consequence of a web threat may damage both individuals and organizations. Cybersecurity Ventures predicts global cybercrime costs to grow by 15% per year over the next five years — reaching US$10.5 trillion annually by 2025.

Here are some general tips for both end-users and web service providers to protect themselves against web threats:

  1. Always create backups: You should copy all valuable data and store it safely to prevent data loss in the case of an accident. Websites, device drives, and even web servers can be backed up.
  2. Enable multi-factor authentication (MFA): MFA allows for additional layers of user authentication on top of traditional passwords. Businesses should enable this protection for users, while end-users should use this feature.
  3. Scan for malware: Regular scans for infections can help to secure your computer devices. Enterprise endpoint machines and computer networks should use this protection as well.
  4. Keep all tools, software, and OS up to date: Computer systems are more vulnerable when they’ve been unpatched against undiscovered holes in their programming. Software developers should regularly probe for weaknesses and issue updates for this purpose. Businesses can protect themselves by downloading these updates.