Home Tech Updates APAC organizations do not disclose ransomware breaches

APAC organizations do not disclose ransomware breaches

by Helen J. Wolf
0 comment

Most (85%) of organizations in Asia-Pacific have been hacked by ransomware at least once in the past five years, but only 28% publicly disclosed an incident.

According to the ExtraHop Cyber ​​Confidence Index – Asia Pacific Report 2022, conducted by StollzNow Research, which sheds light on discrepancies in how IT decision-makers (ITDMs) view their current security practices, and the realities of the ransomware attack landscape.

It shows that the outer and inner perceptions of security can be deceptive. Externally, 72% of Australian organizations will try to keep a ransomware incident quiet, tell little or no one, and do their best not to make it public.

APAC organisations fail to disclose ransomware breaches

Meanwhile, growing cybersecurity budgets don’t necessarily buy better levels of protection and trust, with only 43% of Australian ITDMs expressing a high degree of confidence in their organization’s ability to prevent or mitigate cybersecurity threats, and an equal percentage have a low level of confidence. To trust.

Of those who are confident, many should not be. The researchers say that loose security practices, continued reliance on legacy technology, and actual attack rates all suggest that trust levels may be exaggerated or unrealistic.

This may explain why executives in the region do not favor transparency or disclosure of incidents, as they cannot trust that history will not repeat itself. That’s often the case: On average, every company that identifies as a victim of ransomware has been infected or re-infected each year in four of the past five years, the study found.

As executive committees and directors are better trained in cybersecurity risks and become accountable for those risks to shareholders and regulators, ITDMs and security teams are likely to face more detailed questions and future audits of their security posture, decision-making, and protection, especially as it relates to budget and resource allocation.

Boards of directors and executive committees can be prompted to conduct their separate due diligence on low-trust environments and indicators, ExtraHop believes.

ExtraHop CISO Jeff Costlow says, “Security leaders in the Asia Pacific face a challenge. They disagree with executives over disclosure, they are getting higher budgets, but it doesn’t feel like enough, and there are concerns about legal obligations.

“These leaders need to focus on their risk tolerance for their IP, data, and customer data and arm their teams with the tools and network intelligence to help them defend their most critical assets. This research reinforces the challenge organizations face in preventing attacks. Let’s arm defenders with the tools and forensics necessary to prevent a break-in from becoming a full-blown breakthrough.”

Rohan Langdon, country manager of ExtraHop A/NZ, said: “The high level of fear of the security implications of legacy environments and the very real threat of multiple breaches per year is a reminder of how quickly cybersecurity postures can become outdated and vulnerable. Defenders need tools to track attackers’ activities across cloud, on-premises, and remote environments to identify and stop an attack before it can put the business at risk.”

You may also like