Story image

Asian SMEs lagging behind in data breach disclosure policies

09 Oct 2017

With the Asia Pacific region’s security technology spending forecast to grow 13.8% in the next two years according to research from IDC, a recent report from ESET says that Asia Pacific’s small and medium enterprises are worried about the cost of implementing such technologies.

Released in August, ESET’s State of Cybersecurity in APAC: Small Businesses, Big Threats report found that 35% of SMEs find it difficult to justify security spending, especially when other areas of the business need it more.

 "The lack of sufficient budget is more apparent in developed markets such as Japan (40%), Singapore (34%) and Hong Kong (28%) compared to emerging markets such as India (24%) and Thailand (20%). This could mean that SMBs in emerging markets could leapfrog those in the developed markets when it comes to cybersecurity solutions," ESET comments in the report.

Local SMEs also have some way to go in the areas of information and communication in the event of informing employees about cyber breaches.

While 54% of the 1500 respondents surveyed said they had suffered a breach in the last year, only 56% have policies in place to inform employees about the breaches and 49% have policies to inform clients.

“This lack of transparency can be particularly damaging as it can erode customers’ trust in a business. SMBs need to reconsider their communication policies and see how they can be improved. Successfully recovering from a breach with transparent communications can help bolster trust and improve relationships with customers,” ESET comments.

Hong Kong SMEs see the greatest costs associated with cyber breaches, at $43,607. India fared lowest in the costs, incurring $29,948 in damages.

The report also found that 81% of SMBs apply encryption to at least one form of information or device type within their organisation; and most used antivirus software and firewalls.

However, fewer organisations use anti-ransomware and two-factor authentication as part of their cybersecurity measures.

ESET says there have been a number of breaches targeting the Asia Pacific region. Singapore telecommunications company StarHub was hit by a DDoS attack; Japan’s Mitsubishi Heavy Industries was also hacked.

“The economy in this region, particularly Southeast Asia, is largely driven by SMBs and there is a need to highlight the importance of investing adequately to combat the increasingly rampant cyberattacks,” ESET comments.

Over the last three years, 75% of Indian SMEs suffered a security breach, followed by 61% in Hong Kong, 54% in Singapore and 53% Thailand. Japan is most resilient with only 29% of SMEs experiencing breaches.

SMEs cite the risk of employees using non-company devices to access networks as the biggest cybersecurity challenge they face (22%), followed by the risks from using third-party service providers and suppliers.

“With a rise in the ‘Bring Your Own Device’ (BYOD) culture in the workplace, SMBs are exposed to a larger attack surface, especially if they do not restrict access to the organisation’s network to only authorised devices,” ESET comments in the report.

“Network monitoring is essential for organisations in reducing the mean time to detect potential malware attacks. SMBs need to be able to react quickly in order for them to take proactive measures which can either prevent problems from occurring or reduce the impact of the damage.”

All countries surveyed (Singapore, Hong Kong, India, Thailand and Japan) cite the cybersecurity skills shortage as a major barrier to ensuring cybersecurity. The concern is most pronounced in Japan, where 40% of companies are worried about the shortage.

“Cybersecurity only became a major consideration in the last few years. Demand for cybersecurity experts currently outstrips the supply of such individuals. Unlike enterprises, SMBs do not necessarily have the funding to outsource the role to a managed service provider,” ESET concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.