As if cyber attacks could not get any worse, there are reports of a first fatality suspected from a cyber attack, a patient in Germany died from delayed treatment allegedly due to ransomware. This and the recent cyber-attack that brought down New Zealand’s stock exchange (NZX) are grim reminders that bad actors never sleep and are capable of overwhelming cybersecurity teams – and especially now, during a pandemic.
An analysis of the cyber-threat landscape across Asia throws up an uncomfortable picture. Findings from a 2020 Data Threat Report – Asia Pacific (APAC) showed that an alarming 45 per cent of 500 APAC executives surveyed admitted to suffering a breach or failing a compliance audit. Cybercrime rates are the highest concern in Singapore at 69 per cent. The findings come as workers across the region are working from home due to Covid-19, often using personal devices which do not have the built-in security which office systems do, significantly increasing the risks to sensitive data.
There is also a disconnect from the grave reality. Some 34 per centof APAC respondents state they are “not at all vulnerable” to internal threats. The silver lining though, is that security spending has increased – Australia and China had the highest percentages of countries that reported exceeding 2020 security budget, at 50 per cent and 47 per cent respectively. New Zealand and India had the lowest percentages. Some 47 per cent of Asia-Pacific organisations also plan to spend more money on data security in the upcoming year. Indonesia at 68% had the highest percentage of any country that said its data security spending would increase.
This paranoia over cyberthreats is not unfounded. One of the most potent cyber-attacks is through phishing – an attack using a disguised email to trick email recipients into revealing personal or sensitive information – which has become a growing concern, aided with sophisticated social engineering.
Phishing is no longer confined to emails. Attackers are becoming more creative and looking at baiting users through frequently used applications such as popular messaging platform WhatsApp, which has an estimated 1.5 billion active monthly users globally. WhatsApp is reportedly the fifth-most impersonated company in phishing attacks, with a staggering 13,000 percent increase quarter-on-quarter growth in phishing URLs. WhatsApp leads other social media as the platform most exposed to phishing attacks, as professionals increasingly rely on chatgroups to communicate. This surface yet another vulnerability for businesses – that of “lazy phishing”, where attackers target any means to get whatever they can get.