Cyberattack concerns grow among Singapore & Malaysia firms
Research conducted by Cohesity has highlighted a growing concern among companies in Singapore and Malaysia regarding the increasing number and sophistication of cyberattacks.
The study, which surveyed 504 IT and security decision-makers from the two countries, revealed that many organisations are finding themselves compelled to pay ransoms because they cannot sufficiently recover their data and restore business processes.
The findings suggest an alarming scenario where businesses operate under the assumption that it is a matter of 'when,' not 'if,' they will be attacked. According to the research, the majority of surveyed companies experienced a ransomware attack within the last six months. In both Singapore and Malaysia, the perception is that the threat of cyberattacks will only increase in 2024. Almost all respondents (91% in Singapore and 97% in Malaysia) said that the threat to their industry has or will increase, with nearly half (47%) predicting an increase of over 50%.
One significant challenge highlighted by the respondents is maintaining up-to-date cyber resilience and data security strategies. Around 41% admitted to having little confidence in their organisation's ability to handle current cyber threats. Despite this, most companies (92% in Singapore and 95% in Malaysia) stress-tested their data security and recovery processes in the past year, with 56% in Singapore and 67% in Malaysia doing so within the last six months.
The data recovery times reported by respondents painted a concerning picture as well. Only 3% of companies said they could recover data and restore business processes within 24 hours. This figure was somewhat higher in Singapore (5%) compared to Malaysia (1%). The majority of companies indicated recovery times ranging from one to two weeks, with 13% stating they need over three weeks. Despite these lengthy recovery times, 97% of respondents said their ideal recovery time objective is within a day.
Due to these recovery shortfalls, a large number of companies have resorted to paying ransoms. Over 82% of respondents (80% in Singapore and 85% in Malaysia) expressed that their organisations would pay a ransom to recover data and restore business processes. Notably, close to 3 in 5 respondents in Singapore and almost 3 in 4 in Malaysia would be willing to pay over USD $1 million, with a smaller percentage willing to pay over USD $5 million.
James Blake, Global Cyber Resilience Strategist at Cohesity, commented on the findings: "It's not earth-shattering that organisations are being hit with cyberattacks. But what is of major concern is that 69% of respondents said their organisation had paid a ransom, with many breaking their 'do not pay' policies because they either can't recover their data and restore business processes or overestimate their cyber resilience capabilities."
The survey also shed light on data access control measures, with only 66% of companies deploying multi-factor authentication, 57% implementing administrative rules requiring multiple approvals, and 55% using role-based access controls. Sathish Murthy, Director of Systems Engineering, Cohesity ASEAN & India, underscored the importance of securing business-critical data: "The fact that just over 2 in 3 have one of the three most important data access controls deployed demonstrates the significant risk that Singaporean and Malaysian companies have in being able to recover as fast as possible."
The study further revealed disparities in companies' preparedness to comply with data privacy laws, with only 56% of respondents confident in their IT and security capabilities to identify sensitive data. Additionally, 88% noted that advanced threat detection and data classification were vital for securing cyber insurance or obtaining discounts on policies.
In addition to traditional cyber threats, the survey highlighted the rise of AI-based attacks. Four in five respondents (76% in Singapore and 85% in Malaysia) said their organisation had dealt with AI-based threats in the past year, although 89% felt they had the necessary AI-powered tools to counter these attacks.