CFOs and businesses should expect higher cybersecurity risks in 2024 such as more large-scale cyberattacks on supply chains and critical infrastructure, said Kaspersky recently.
Utilising AI, cyberattacks are expected to exponentially increase in frequency and intensity as well, said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
These advancements are anticipated to intensify politically motivated attacks and cybercrime, he added.
For 2024, Kaspersky’s researchers predict that phishing remains to be a major cyber threat with the advancement of digitalisation and technology adoption in Asia Pacific at the consumer level.
Merely two weeks into 2024, more than 200 bank customers in Singapore have already fallen prey to scams, with losses amounting to S$446,000 in total, the firm noted.
With the number of victims increasing due to the increased digitalisation, coupled with threat actors exacerbating the situation by evolving their exploitation means, the firm said it believes that the threat landscape will continue to move in 2024.
What organisations and CFOs should ado to mitigate cybersecurity risks in 2024
According to Yeo, organisations could take the following actions to mitigate cybersecurity risks in 2024.
Factoring the escalating and unavoidable risk of cyber threats into security budget. Among the findings from the firm’s recent study, 19% of companies in Asia Pacific have experienced cyber incidents due to insufficient cybersecurity investment in the last two years. In addition, nearly one-in-five (16%) of those surveyed admitted they do not have the budget for adequate cybersecurity measures.
Being vigilant is not enough, organisations must also invest strategically in the appropriate security tools to safeguard itself.
A robust cybersecurity strategy. A strategy consisting of employee training and awareness, network security, infrastructure security, application security, information security, cloud security and disaster recovery should be considered by senior management.
For companies handling millions of data, it is imperative to empower their security operations centre (SOC) teams with the latest threat intelligence to stay ahead of sophisticated threat actors.
If an organisation has yet to build its own SOC, it should consider a managed detection and response service that will continuously hunt, detect, and respond to threats targeting your enterprise.
Creating awareness among employees. Kaspersky’s research showed that in the last two years, 33% of cyber incidents against businesses in APAC occurred due to employees intentionally violating security protocol.
This figure is almost equal to the damage caused by cybersecurity breaches, 40% of which occurred because of hacking.
Clearly, enhance security awareness among employees is urgently needed.
Companies can fulfil this by providing all staff with basic cybersecurity hygiene training and investing in training and improving the skills of your IT security specialists to ensure that they are up-to-date and well-equipped to handle any sophisticated attacks.
Consider experts’ help. If an organisation is facing difficulties due to a lack of experts, consider external experts—they have more relevant expertise and are adept at managing the technologies more efficiently compared to company employees.
Organisations also need incidence response to have a proactive posture in case of trouble, even on retainer.
It is, still, important to remember that an organisation can outsource the function, but never the responsibility so it owes to itself the ability to check and keep ahead of situations.
What to consider if you plan to outsource cybersecurity mitigation
Cyberattacks leave a devastating impact on businesses no matter how big or small the business is.
As a result, organisations and CFOs have to recognise the importance of cybersecurity, Kaspersky said.Â
By having a comprehensive understanding, the senior management is then equipped with the ability to make informed decisions regarding security measures and best practices, the firm advised.
As for budget capabilities, it’s important to consider the budget allocated for investments in cybersecurity in the next 12 to18 months, the firm added.
Organisations are also advised to use a risk-based approach when planning their cybersecurity budgets.
Identify the types of cybersecurity risks most relevant to your industry and company, before considering the cost and the probability/possibilities to ensure the investments in security are in line with business needs, Yeo pointed out.
For organisations looking to engage the services of an external cybersecurity company, Yeo advised that they pay attention to the following details.
Independent tests and reviews. Organisations need to look beyond a service provider’s marketing campaign. It’s important to look at its independent tests and reviews.
The best cybersecurity firms want their products tested and are willing to share their findings. An essential note that it is necessary to look at multiple tests from multiple, independent consulting companies to ensure you’re getting the most comprehensive assessments.
Opt for quality over cost. Avoid companies that only come in to install software before disappearing. Additionally, a company claiming to specialise only in one field without offering additional products or support may not be able to offer the comprehensive protection you need.
Additional support. Select a company that helps you navigate threats, provides solutions, and takes the hassle out of cybersecurity.
Growth potential. Choose a cybersecurity company that has the ability to grow with an organisation business. As an organisation’s business grows, a comprehensive range of security systems is required to safeguard its business and mitigate future risks.
