Asia Pacific has emerged as the new ground zero for cybercrime incidents, said Check Point recently.
According to a report by Check Point Research, APAC witnessed the highest year-over-year increase in weekly cyberattacks during the first quarter of 2023, averaging 1,835 attacks per organisation.
In contrast, the global average stood at 1,248 attacks per week, the firm noted.
But Why has APAC emerged as the new ground zero for cybercrime ?
The increased number of sophisticated attacks in the region gives real cause for concern, as seen in the case of the popular 3CX phone service application which was turned into a trojan as part of a supply attack, said Vivek Gullapalli, Chief Information Security Officer, APAC, Check Point Software Technologies.
The democratisation of malware is also in full swing, with recorded incidents of threat actors using ChatGPT to generate code designed to help less-skilled actors launch cyberattacks with ease, he added.
According to him, there are several factors at play as follows.
Accelerated digital transformation. The APAC region has undergone rapid digital transformation, especially during and after the pandemic. Many organisations have rushed to adopt new technologies and digital platforms, often without adequately securing them, leaving vulnerabilities ripe for exploitation. This increased digitisation has expanded the attack surface for cybercriminals.
A new generation of users. The "TikTok" and "Facebook" generation in APAC heavily rely on mobile devices and collaborative tools, to the point they have become desensitised to the risks associated with clicking on suspicious links or sharing sensitive information online. Their online habits make them more susceptible to social engineering attacks and phishing attempts.
The hybrid working model. The rise of the hybrid workforce, combining remote and in-office work arrangements, has created new challenges for cybersecurity teams. The shift towards remote work has increased reliance on digital communication and collaboration tools, exposing organisations to new security risks as cybercriminals exploit vulnerabilities in remote access systems and unsecured access points within the home.
The collaboration conundrum. The proliferation of collaboration platforms has introduced a new attack surface for cybercriminals. The increased usage of tools like video conferencing, cloud storage, and file-sharing platforms has become a breeding ground for potential security breaches, with threat actors targeting weak security settings, unpatched software, and unsuspecting users to gain unauthorised access to sensitive data.
Huge manufacturing demand. The APAC region, particularly countries like Taiwan, China, Vietnam and more plays a significant role in the semiconductor and manufacturing sector. The manufacturing industry's economic importance and the intellectual property it holds make it an attractive target for cyber espionage and intellectual property theft.
What can be done to stop APAC from becoming the ground zero for cybercrime
Gullapalli also advised organisations to take the following steps to prevent APAC from becoming a prolific breeding ground for cyber threat activity.
Higher level of public and private collaboration. Enhanced intelligence sharing among organisations, governments, and cybersecurity agencies can help prevent attacks and proactively address emerging threats.
This collaborative approach can facilitate the timely dissemination of threat intelligence, enabling organisations to strengthen their defences.
Establish national task forces. Following the examples of countries like Singapore, creating dedicated task forces focused on cybersecurity can help coordinate efforts, share best practices, and develop comprehensive strategies to combat cybercrime effectively.
Greater awareness and education. Governments, banks, and businesses should invest in awareness campaigns to educate the public and employees about the risks of cybercrime; in Singapore with their “Better Cyber Safe than Sorry’ campaign with private e-commerce retailers like Shopee and supermarket chain, NTUC Fairprice, continuing with instructional videos, national television advertisements and posters at most bus stops.
By promoting cybersecurity awareness and providing guidance on recognising and responding to potential threats, individuals can become more vigilant and better equipped to protect themselves and their organisations.
Improved national regulations. APAC countries should consider implementing robust and standardised cybersecurity regulations to ensure consistent protection.
Learning from successful examples such as Australia and Singapore, these regulations can set minimum security standards, encourage regular assessments, and establish penalties for non-compliance.
By creating a regulatory framework that emphasises cybersecurity, APAC countries can encourage organisations to prioritise security measures and adopt best practices.
Strengthen cybersecurity leadership. Organisations in APAC should focus on improving their cybersecurity leadership and governance structures by appointing qualified professionals with expertise in cybersecurity to executive positions and boards of directors.
By prioritising cybersecurity at the highest levels of decision-making, organisations can foster a culture of accountability and ensure that security measures are given due importance.
Organisations need this right level of CISO leadership with empowerment and a strong mandate to drive “intelligence led prevention first cybersecurity approach” to combat the new frontier of cyber battlefields.
Collaboration with international partners. Cybercrime knows no borders, and it is crucial for APAC countries to collaborate with international partners in combating cyber threats.
By sharing information, resources, and expertise, countries can collectively strengthen their defences and mitigate the risks posed by cybercriminals who may operate from different jurisdictions.
Continuous investment in cybersecurity. APAC organisations must allocate adequate resources to cybersecurity initiatives. This includes investing in robust security solutions, regularly updating and patching systems, and conducting comprehensive security audits to stay ahead of evolving threats and reduce their vulnerability to attacks.
