The global pandemic brought about a lot of new changes in how we all rely on technology – from the sudden growth of remote working practices to the use of virtual conference and cloud applications both for work and education, as well as the continued surge we are seeing in online shopping and e-commerce. It always takes time for things to reach normality when such significant changes are underway and before that is achieved, there is usually chaos.
And in this chaos, cybercriminals are taking advantage, carrying out a variety of scams and malicious activity. This can be seen in the growing number of large-scale, well-publicised breaches occurring over the past year or so, which shows that not only are the number of cyber threat incidents going up — they’re increasing in severity, as well.
According to the 2021 Thales Global Data Threat Report, more than half (56%) of APAC respondents claimed to have experienced a security breach at some point, which was in line with the global average. Out of these, 30% said they experienced a breach in the last 12 months. This is concerning because managing security risks is also undoubtedly getting more challenging.
What’s even scarier is that most companies don’t know where their data is located and understand its sensitivity level. Only 25% of APAC respondents said that they have complete knowledge of where their data is stored and about a third (33%) claimed to fully classify their data. Although this is in line with global averages, the result shows that organisations will have to up their game and understand how to build sufficient protections to protect their data against breaches.
COVID-related cyber attacks have been very successful for cybercriminals, especially when they exploit our human nature. Phishing techniques, which use not only technology but also some parts of psychology, social engineering, underhanded ingenuity and trickery, have proven to be a highly potent threat vector. Different types of phishing campaigns are taking advantage of the COVID-19 pandemic to distribute malware, steal credentials and scam users out of money.
Fast forward to 2021, you would think that working remotely would put less burden on organisations but that’s not the case. In fact, four-fifths (82%) of businesses still remain concerned about the security risks of employees working remotely. Nearly half (46%) of businesses report that their security infrastructure was not prepared to handle the risks caused by COVID-19, and only 20% of organisations believe that they were very prepared.
Looking at the specific types of threats that are being seen in APAC, malware is ranked at the top at 57%, while ransomware comes in second at 48%. These results shouldn’t be surprising as we have seen multiple ransomware incidents this year, targeting critical infrastructure, private companies and even municipalities, grabbing headlines daily.
More and more companies are adopting a zero-trust approach to address the ever-increasing threat landscape. Zero-Trust takes a “Never Trust, Always Verify” approach to secure an organisation’s digital assets. In this strategic, initiative-based security model, trust is seen as a vulnerability and any user or device looking to access confidential data is never trusted by default. Instead, they have to undergo strict and continuous identity verification regardless of whether they are within an enterprise’s network perimeter or accessing that network remotely.
In fact, a third (30%) of global respondents who claimed to have implemented a formal zero-trust strategy, interestingly, are less likely to report having been breached.
We are all hopeful that vaccines will eventually keep the COVID-19 virus at bay. The good news is that for the COVID-related rise in cyber attacks, we already have an antidote – adopting a zero-trust strategy. Click here to find out more about the report on how you can counter cyber attacks targeting these vulnerabilities.