As vaccines become available for Covid-19, another kind of virus is spreading widely, disrupting businesses. Mainly as a result of remote working, cybersecurity incidences have spiked ten times this year, according to PwC.
The rise in cases is highlighting lapses in cybersecurity that is mainly due to the lack of basic hygiene such as misconfiguration of VPN and firewall, and outdated software. In a recent webinar hosted by The Asset Events+, audience participating in the discussion voted cybersecurity as their number one worry as they embrace digitalization.
In 2020 alone, PwC Hong Kong says it responded to over 30 cases of active breach or network intrusion. The firm’s clients range from telcos to airline subsidiaries to Hong Kong-based international conglomerates.
“From over 300 techniques documented, we’ve learnt that the recurring patterns of these attacks include both front door break-ins like leaked credentials or exposed ports, and lack of internal monitoring like remote access and data sharing,” notes Kok Tin Gan, PwC Hong Kong cybersecurity and privacy partner.
Rapid changes in technologies and remote working due to Covid-19, he adds, have had a significant impact on organizations’ attack surface, providing opportunities for threat actors. Hackers are deploying both evolving and recurring tactics.
Ransomware incidents are the most common and damaging to organizations, Gan continues. Threat actors have also started to employ more manual hacking techniques during their intrusion, only deploying ransomware at the final stages of their computer network exploitation. “Business email compromise remains a threat to companies, with cybercriminals taking advantage of the lack of interpersonal communications.”
A recent survey conducted by Cisco of 4,800 security, IT and privacy professionals across 25 countries reveal that change is a primary factor in cybersecurity success. “On average, programmes that include a proactive, best-of-breed tech refresh strategy are 12.7% more likely to report overall security success – the highest of any practice,” the survey finds.
Unfortunately, not all organizations have the budget or expertise to make this happen. The Cisco study suggests that a strategy to migrate to cloud and SaaS security solutions can help close this gap as subscription-based solutions are affordable, easy to deploy and integrate, while automatic updates ensure the technology is continually modernized without additional cost or effort.
On the other hand, the study notes that simply knowing potential cyber risks appears to correlate the least with overall success. “This seems surprising, but points to the importance of a comprehensive threat intelligence and incident management programme with the ability to both mitigate and remediate. In fact, practices such as timely incident response and accurate threat detection correlate much more strongly with overall security success.”
Rising cybersecurity threats, in turn, are spawning a booming business in managed security services. GlobalData, a leading data and analytics company, estimates the revenue in the Asia-Pacific region for managed security services is set to reach US$17 billion in 2024.
“The key factor driving the increased spending by enterprises on managed security services market is the rise in cyberattacks (including direct, indirect and induced), resulting in significant losses to enterprises,” says Rohit Sharma, senior technology analyst at GlobalData. “Additionally, due to the lack of skilled cybersecurity professionals, enterprises are looking for trusted partners, thereby resulting in the growth of the segment.”
China is estimated to account for US$4.5 billion in 2020, Sharma points out. “It would be the highest revenue accounting country by 2024, representing more than 33% of the total. The key driver for the market is the increased emphasis by the government to raise cybersecurity awareness among the public and private enterprises. Revenue in Indonesia and Australia is expected to witness the highest CAGRs of 5.2% and 1.3%, respectively, during the forecast period.”