APAC organisations fail to disclose ransomware breaches
The majority (85%) of organisations in Asia Pacific were breached by ransomware at least once in the past five years, but only 28% publicly disclosed that an incident occurred.
This is according to the ExtraHop Cyber Confidence Index - Asia Pacific Report 2022, conducted by StollzNow Research, which sheds light on discrepancies in how IT decision makers (ITDMs) see their current security practices, and the reality of the ransomware attack landscape.
It shows that both outward and inward perceptions of security can be deceiving. Externally, 72% of Australian organisations will try to keep a ransomware incident quiet, telling few people if anyone, and certainly doing their utmost not to make it public knowledge.
Meanwhile, growing cybersecurity budgets don't necessarily buy improved degrees of protection and confidence, with only 43% of Australian ITDMs expressing a high degree of confidence in their organisations ability to prevent or mitigate cybersecurity threats, and an equal percentage having low confidence.
Of those that are confident, many shouldn't be. Lax security practices, continued reliance on legacy technology, and actual attack numbers all suggest that confidence levels may be overstated or unrealistic, the researchers state.
This may explain why executives in the region don't back transparency or disclosure of incidents, since they cant be confident history won't repeat itself. It often does: on average, every business that identifies as a ransomware victim was infected or reinfected yearly in four of the past five years, the research shows.
As executive committees and directors become more educated in cybersecurity risks, and accountable for those risks to shareholders and regulators, ITDMs and security teams are likely to face more detailed questions and future audits of their security posture, decision-making and protections, particularly as it relates to budget and resource allocation.
Boards and executive committees may be driven to undertake their own separate due diligence on low confidence environments and indicators, ExtraHop finds.
ExtraHop CISO Jeff Costlow says, “Security leaders in Asia Pacific are facing a challenge. They’re in disagreement with executives around disclosure, they’re getting increased budgets but it doesn’t feel like enough, and there is worry around legal obligations.
"These leaders need to focus on their risk tolerance for their IP, data, and customer data and arm their teams with the tools and network intelligence that can help them defend their most critical assets. This survey reinforces the challenge organisations face in preventing attacks. Let's arm defenders with the tools and forensics needed to prevent an intrusion from becoming a full-blown breach.”
ExtraHop A/NZ country manager Rohan Langdon says, “High levels of fear around the security implications of legacy environments, and the very real threat of multiple breaches a year, is a reminder of just how quickly cybersecurity postures can become outdated and vulnerable. Defenders need tools that can track attacker activity across cloud, on-premises, and remote environments so they can identify and stop an attack before it can compromise the business."