Organisations in Southeast Asia are more targeted than their counterparts elsewhere by cyber attackers, underscoring the need to shore up their cyber defences against increasingly sophisticated adversaries.
According to research by Check Point Software, organisations in the region were attacked, on average, 1,810 times per week over the past six months, compared with 929 times per week globally.
The Philippines was the most targeted country in the region, with phishing emails predominantly being used to implant malware, including backdoor trojans, in victims’ machines, according to Teong Eng Guan, regional director for Southeast Asia and Korea at Check Point Software.
“ASEAN is a very highly targeted region, so we need to lift the cyber security awareness of companies in the region and address their cyber security pain points,” he added.
Teong noted that many companies in the region were still focused on plugging software vulnerabilities, while threat actors are already employing advanced techniques to compromise a network.
“They can enter a network through mobile, cloud, email and web browsers, launch attacks from different angles, and move laterally across the network,” he said. “It’s a departure from noisy attacks – it’s stealthy and you don’t even know you’re being attacked or that your data is being exfiltrated.”
In ASEAN, the utilities sector has been hardest hit by cyber attacks, primarily from threat actors looking to obtain personal information, Teong said, noting that the larger attack surface brought about by the integration of IT and operational technology systems had drawn more attacks to the sector.
Against this backdrop, Check Point has seen growing interest in its solutions from organisations that would like an integrated platform that spans network, cloud, mobile, email and internet of things (IoT) security, said Teong.
“While network security was the entry point for our customers 30 years ago, today it’s the entire suite, because customers are becoming aware that there is a gap between what they have and what they need to do.
“The traditional way was to buy best-of-breed security products, but it can be a challenge to manage them along with all the security alerts and incidents. Customers are starting to see if they can go to a security vendor that has integrated and consolidated security products across different points of threats,” he said.
That said, Teong noted that it is often small and medium-sized enterprises (SMEs) that are taking a platform approach in their cyber defences due to their lack of skills and resources. Large enterprises, he acknowledged, remain saddled by a hodgepodge of security tools due to organisational structure and other legacy issues.
“It’s a longer cycle for bigger organisations to hop onto this consolidated, integrated platform approach because of the way they’re structured,” said Teong. “But there’s always a trigger point, like a security incident, that will cause them to rethink.”
On Check Point’s business in the region, Teong said the faster pace of digital transformation and growing adoption of cloud across ASEAN had provided “tailwinds” for growth, particularly in the public sector and financial services industry.
Moving forward, Teong said Check Point was looking to expand its reach in the region by growing its sales force and partner ecosystem to address the needs of SMEs that are warming up to the company’s platform approach to cyber security.
Read more about cyber security in ASEAN
- Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability.
- The Malaysian Highway Authority is now more resilient against cyber attacks through a local disaster recovery-as-a-service offering powered by Veeam software.
- Organisations will need to develop behavioural detection, machine learning and threat hunting capabilities to keep pace with the onslaught of cyber attacks.
- The narrowing gender gap may be a cause for cheer, but more needs to be done to curb discrimination, and attract and retain women for cyber security roles in Asia-Pacific.