SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
APAC orgs underprepared for cyber risks, study finds
Thu, 24th Mar 2022
FYI, this story is more than a year old

APAC IT decision-makers are woefully underprepared for cyber risks, according to new research from KnowBe4.

The provider of security awareness training and a simulated phishing platform, announced new research that found IT decision-makers are complacent about risks to the business from phishing and BEC (business email compromise, also known as CEO fraud).

Surprisingly, fewer than half (45%) of APAC IT decision makers say they are concerned about phishing as a risk to their organisation, while even fewer are concerned about BEC (34%).

When asked to determine whether example emails and SMS were real or fake, only 3% of APAC IT decision-makers were able to correctly identify them all.

In addition, more than a quarter (27%) of APAC IT decision-makers use their work phones for personal activity and 25% use their work email address for personal activity.

KnowBe4 security awareness advocate for APAC Jacqueline Jayne says, “When those charged with keeping a business secure are unaware of the risks and unable to identify scam emails and SMS messages, their organisations are at significant risk.

"According to the ACCC, Australians lost a record $323 million to scams in 2021 (up a massive 84% from the previous year) and Singapore's Anti-Scam Centre states Singaporeans lost $201.7million in the first half of 2021. If those in charge of security are unaware of best practices, then they cannot educate and train employees.

“When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim to a phishing attack that uses a hook such as delivery delays to entice the victim to click through.

"Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam - if you know you never shop online using your work email address, then you know that email from Amazon cannot be real.

Alarmingly, fewer than half (46%) of APAC IT decision-makers say they are confident they would know the steps they would need to take following a cyber incident or data breach in their organisation.

Furthermore, just four in ten APAC IT decision-makers believe the employees in their organisations understand the business impact of falling victim to a cyber attack (47%), are confident their employees can identify phishing and BEC emails (42%) and that their employees report all emails they believe to be suspicious (39%).

The majority (77%) of APAC IT decision-makers say they plan on investing in/spending money towards cybersecurity in 2022.

Those who plan on investing in/spending money towards cybersecurity in 2022 are most likely to be investing in/spending money on new cybersecurity software solutions (48%), followed by a cybersecurity awareness training program with ongoing and relevant content (47%).

Other areas of investment include further investment in infrastructure (39%), employee policy changes related to cybersecurity (33%), cybersecurity insurance (35%) and simulated phishing and social engineering for end users (29%).