IBM Security: APAC was the most attacked region in 2022, led by Japan

IBM Security: APAC was the most attacked region in 2022, led by Japan.

Beware the evolving threat landscape in Southeast Asia

The evolving threat landscape continues to be a major hurdle for businesses in Southeast Asia. In the past, businesses only focused on protecting their critical assets and data. However, an increase in the number of connected devices organizations have today plus the move to remote working has made widen the threat landscape.

Today, cybercriminals can infiltrate organizations from almost anywhere. From company emails to mobile devices to wireless printers in offices and unsecured network connections, any form of connectivity access can serve as an entry point for cybercriminals.

According to statistics from Fortinet, 40% of all crime-related activities in Singapore are cybercrimes today, with viruses being the most common form of attack. Recent reports from the Cyber Security Agency of Singapore also showed growth in both ransomware and botnet cases in the island state.

Looking at industries in Singapore, the manufacturing, retail, and healthcare sectors were targeted mostly by ransomware while the tech, banking, and social network sectors were targeted by phishing. Government agencies were not spared as well as there was an increase of fake websites set up to trick users.

The big shift

“What’s very interesting is that we have seen before the pandemic, the different kinds of tactics, techniques, and tactics against certain kinds of countries, are mainly due to countries adopting more technology than others.

The big shift in trends is caused by working from home, which resulted in countries having a similar environment. The time they had to shift their whole infrastructure towards something that can be accessed remotely was very limited. A lot of people are mainly concerned with the availability to reach their systems. However, they had not considered the security aspects of it,” said Jonas Walker, Security Strategist FortiGuard Labs, Fortinet.

Singapore’s Central Business District (Photo by ROSLAN RAHMAN / AFP)

Walker explained that back in January 2020, when the Covid-19 lockdown started during Chinese New Year in China — much earlier than the rest of the world — the attackers did plenty of reconnaissance to understand how the business environment changes when people start working exclusively from home during a lockdown.

Later, when other countries in Southeast Asia and Hong Kong followed and initiated lockdowns too, the attackers were already prepared, because they knew how people are working from home and what cloud applications they are using.

He further explained how cybercriminals analyzed what kind of software people adapt to connect to their corporate networks, their remote services, and what impact collaboration software will have on businesses. While they were prepared, people over here were mainly defensive and reactive, instead of proactive.

“The other thing we are seeing is, threat actors are adapting to how strong the security posture of a particular country is. We still see a lot of attacks in Singapore but in Singapore, some enterprises adapted an integrated cybersecurity strategy, and for some threat actors which are prioritizing their campaigns based on the return of investment, they might move to areas where they seem more vulnerable in Southeast Asia and Hong Kong.

“For example, a lot of our manufacturing facilities in the rest of Southeast Asia are not as advanced. The patching systems are not yet done, the air gaps are not realistic, the IT and OT systems are not talking to each other. This is creating more vulnerabilities in certain other countries, which we think the attackers might exploit later. So, one of the things that we are doing with many government agencies is to create that posture to say it’s not just the responsibility of an individual or a company, we need a nationwide cybersecurity strategy across the board,” explained Walker.

Building resilience

With a broader threat landscape, deciding on which solutions work best for organizations can be complicated as well. A lot of cybersecurity vendors often offer similar products that cover the same areas. Picking the right vendor to ensure to best security coverage is key.

For Jess Ng, Fortinet Country Head at Singapore and Brunei, a lot of organizations, especially the smaller businesses (SMEs), have this difficulty because they feel that there are so many options for them, and they don’t know which vendor to choose.

Ng feels that the only way forward is to use the platform approach, whereby companies work with one vendor who can provide an integrated end-to-end solution that allows visibility. As a result, they can find out where and what went wrong and how they can mitigate those risks faster.

“There is no shortage of vendors in Fortinet’s space; we’ve got hundreds of security vendors and more by the day. Everybody thinks there’s a magic silver bullet to cybersecurity. Unfortunately, the complexity is such that we are seeing many organizations can’t even bring it up to the board of directors’ level on what’s their cybersecurity policy,” said Ng.

At the end of the day, Ng believes that businesses need to have a cybersecurity conversation at every level of the organization. They need to look at the size of the company that they are operating in.

With remote working still ongoing and the convergence of IT and OT increasing as well, planning for resilient cybersecurity needs to be at the core. The threat landscape will only continue to evolve with new attack vectors and methods.