Southeast Asia firms rank data protection as top security concern

Organizations in Southeast Asia (SEA) have witnessed – or experienced – major data breaches in the last year, which is leading to an urgent reshuffle of priorities and placing data protection at the top of the IT challenge pile.

Kaspersky’s annual Global Corporate IT Security Risks Survey suggests that data protection and maintaining relationships with customers and partners are going to be the two biggest challenges this year, particularly as the world turns to remote working.

“The past few years have shown and proved the ugly and costly aftermaths of a successful cyber attack. From the $81M USD heist against a central bank to a data breach leaking names of HIV cases, our past offers timeless lessons on cybersecurity which organisations and businesses in all shapes and sizes should definitely learn from,” says Kaspersky’s general manager for Southeast Asia, Yeo Siang Tiong.

SEA companies fear data loss and being exposed to a targeted attack the most (34%), followed by electronic leakage of data from internal systems (31%).

Furthermore, 22% are concerned about surveillance or espionage from their competitors, while 20% are concerned about identifying and fixing vulnerabilities in the IT systems. Additionally, 18% are concerned about third-party IT infrastructure hosting, and a further 18% are worried about inappropriate IT resource use by employees.

As a result of these concerns, almost half of respondents (46%) say they aim to increase specialist expertise.

“It is encouraging to see that local companies are starting to prioritise IT security. In fact, our research showed that, on average, businesses in the region are currently spending $14.4 M to build their cybersecurity capabilities,” says Yeo Siang Tong. 

“84% of the professionals we surveyed also confirmed plans to increase the budget for this area in the next three years which is really important in this era where networks are becoming more advanced and complex, thanks to breakthrough technologies like Internet of Things, 5G, and the rapid adoption of Industry 4.0,” he adds.

The Global Corporate IT Security Risks Survey is based on 4958 interviews across 23 countries. 300 respondents are from Southeast Asia.

Kaspersky provides the following recommendations:

• Assess cybersecurity risks when planning a budget. Consider the cost to the company and the probability of the risks’ occurrence.
   
• Rely on expertise. One sole person should not be responsible for cybersecurity tool or service decisions. Before this stage, expert analysis should be made that reveals the best option for the best price.
   
• Involve higher management in cybersecurity matters, including budgets and make sure to speak to them in their language. Don’t tell them how cybersecurity works, show them the business risks and the amount of money they can lose by not improving cybersecurity.
   
• Start with a sturdy foundation, a dedicated endpoint product that demands minimum management allowing employees to do their main job but protects from malware, ransomware, account takeover, online fraud and scams.
   
• Build cybersecurity capability with security solutions and services founded with in-depth threat intelligence.