More

    The biggest challenge with increased cybersecurity attacks, according to analysts

    Published on:

    Thomas Berwick/Getty Images

    Cybersecurity attacks continue to rise in the Asia-Pacific region, even as organizations in markets such as Singapore struggle to implement the necessary security measures due to a lack of knowledge.

    The region saw a 15% increase in cyberattacks in 2023, with an average of 1,963 attacks recorded per week, with ransomware leading the way. The financial industry is the fourth most targeted industry by ransomware in the Asia-Pacific region, according to a survey by the Financial Services Information Sharing and Analysis Center (FS-ISAC), which analyzed data from its members.

    Related article: Cybersecurity 101: All about how to protect your privacy and stay safe online

    The industry group also highlighted the growing sophistication of hostile tactics, techniques and procedures (TTPs), including SEO poisoning and QR code phishing. Threat actors also want to leverage generative artificial intelligence (AI) to scale and automate attacks such as “poisoning” and manipulating generative AI tools.

    FS-ISAC identifies four new threats that the financial sector must defend against: increased geopolitical hacktivism activity, new extortion tactics in line with global regulations, and efforts to achieve crypto agility. He listed various initiatives.

    The group said that amid ongoing geopolitical conflicts and elections around the world, online adversaries are launching misinformation campaigns and distributed denial of service (DDoS) attacks against critical information infrastructure. He pointed out that this is expected. It added that in 2023, DDoS attacks accounted for 35% of attacks targeting the financial services sector.

    Also: The best VPN services (and how to choose the right one for you)

    Additionally, threat actors are fine-tuning their tactics to take advantage of upcoming global regulations in 2024, weaponizing disclosure requirements to force companies to meet compliance deadlines.

    “Threat actors will exploit vulnerabilities in critical infrastructure and use the tools available to them to destroy confidence in the security of systems,” said Teresa Walsh, EMEA chief information officer at FS-ISAC. Stated. “The financial services sector operates in an ever-changing cyber environment, as cybercrime and fraud converge and new technologies create new exposure opportunities. To maintain trust, businesses must prioritize proactive cyber hygiene to ensure operational resiliency.'' The Face of Attack. ”

    Singapore organizations face a knowledge gap

    Businesses that are hampered by a lack of expertise have difficulty adopting the necessary safeguards.

    For example, a study by the Cyber ​​Security Agency (CSA) found that organizations in Singapore have adopted an average of 70% of critical cybersecurity measures across five key categories. The study lists assets, backups, and responses in five areas.

    Also: Best VPN services for iPhone and iPad (yes, you should use them)

    The government agency responsible for the country's cybersecurity strategy is urging businesses to take all important measures to avoid exposing themselves to unnecessary risks. The study surveyed 2,036 large companies and small and medium-sized businesses (SMBs) from May to August 2023.

    CSA's cybersecurity certification schemes, Cyber ​​Essentials and Cyber ​​Trust, outline national cybersecurity standards to guide businesses in prioritizing which processes.

    “Adopting partial measures is not enough and unless all essential measures are adopted, organizations will continue to be exposed to unnecessary cyber risks,” the CSA said in its report. The organization has room for improvement as only one out of three organizations has fully implemented at least three of his five categories of measures in Cyber ​​Essentials. says.

    Also: 6 Simple Cybersecurity Rules You Can Apply Now

    When asked why they did not implement cybersecurity measures, 59% of organizations surveyed cited lack of knowledge or experience as their biggest challenge. CSA attributes this shortage to a talent shortage in cybersecurity and a rapidly changing threat landscape.

    Additionally, 46% of organizations believe their organization is unlikely to be the target of a cyberattack, and therefore have chosen not to adopt all mandatory security measures. Approximately 36% cited low return on investment as the reason, and 31% cited lack of budget as a challenge.

    More than 8 in 10 companies admit to having experienced a cybersecurity incident in the past year, with 49% saying they have experienced several such incidents. These typically include ransomware, social engineering scams, and exploiting cloud deployment misconfigurations.

    Of the organizations that experienced a security incident, 99% had an impact on their business, 48% of businesses experienced business interruption, and 46% experienced data loss. An additional 31% of companies suffered financial losses, of which 27% suffered such losses due to incident response actions.

    CSA Chief Executive David Coe said: “Organizations are taking steps to protect their assets, but given the increasing frequency and scale of cyber threats we face today, this That’s not enough.” “Organizations are making cybersecurity a priority and [government’s] Financial support and resources available to supplement it. Doing this only after an incident occurs will be much more costly. ”

    Improve security with generative AI

    Organizations in Singapore are also considering using generative AI to improve their cybersecurity posture.

    81% of decision makers expect their budgets for generative AI to increase over the next three years, and 53% believe implementing this technology will improve resources such as employee time and operational efficiency. I am. Additionally, 52% expect a better customer experience and 46% expect generative AI to help expand global business through enhanced translation and research capabilities, according to data search and observability vendor Elastic. This was revealed through a commissioned investigation.

    Related article: 3 ways to accelerate your generative AI implementation and optimization

    This global report was conducted by Vanson Bourne and surveyed 3,200 IT decision makers in Europe, the US, and Asia Pacific, with 1,200 respondents from Singapore, Japan, India, and Australia in Asia Pacific. included.

    The survey found that 99% of organizations in Singapore face IT security challenges, including maintaining current security practices and detecting and responding to threats.

    All city-state respondents believe that generative AI will strengthen their security posture, including 51% who say the technology can automate security responses based on security protocols. Additionally, he expects generative AI to improve security report generation and predictive capabilities by 50%. Almost half (49%) believe these tools will improve entity recognition capabilities, and a further 49% believe generative AI can detect anomalies.

    However, nearly all respondents in Singapore said the adoption of generative AI has been slow, with 42% citing concerns about regulations as a barrier. About 40% cited skills gaps in implementing generative AI technology in-house as a challenge, and 39% noted that the technology could generate persuasive and inaccurate information.

    Chris Walker, vice president of solution architecture for Asia Pacific Japan at Elastic, asked about the apparent conflict between the desire to use generative AI to automate security tasks and skepticism about the accuracy of that data. and pointed out the importance of basic data governance and management.

    Organizations need the right competencies to apply generative AI to their operations and ensure that the data used to train AI models is relevant and evidence-based, Walker said. said in a media briefing to explain the results. This approach ensures that the AI-powered responses users receive are reliable and reduces potential risks such as hallucinations.

    Also: Two of my favorite ChatGPT Plus features and what you can do with them

    Apart from automating processes such as quarantine, generative AI can also be used to surface information that cybersecurity experts can consider and act on, he said.

    Organizations must first address the challenges they may face in extracting insights from their data.

    “Organizations in Singapore struggle more than any other market in the region to access and leverage data stored across multiple systems and formats,” said Elastic Vice President, ASEAN said Ravi Rajendran. “Users are faced with the challenge of identifying relationships between different data points and are looking for ways to break down data silos and leverage that data more effectively.”

    He added: “There is a lot of investment in AI, but this is fundamentally a search problem. We use GenAI to process data through search and summarization, and use it to make records better.” “Managing this is a key area of ​​concern for our organization here.”

    Walker continued, “GenAI is now a game-changer for enterprises. When effectively integrated with powerful search and observability tools, GenAI can address the long-term global challenges enterprises face, as well as “We can address the unique challenges that the Pacific markets are grappling with.”

    Related

    Leave a Reply

    Please enter your comment!
    Please enter your name here