Southeast Asia sees surge in web threats amid digital shift

Businesses in Southeast Asia experienced an average of 146,944 web-based threats daily during the first half of 2024, according to data from cybersecurity firm Kaspersky.

In Southeast Asia, the rapid shift towards digitalisation has positioned the region as a major target for cybercriminal activities. Kaspersky reported detecting and blocking over 26 million web threats within this period, revealing the scale of cyber risks inherent in the digital economy.

Malaysia emerged as the most targeted nation in Southeast Asia with 19,615,255 web-based threats, demonstrating the country's susceptibility amid the ongoing digital transformation. Indonesia was the second most affected, recording 3,204,294 threats.

Web threats, which are facilitated by vulnerabilities among users, web developers, or the web services themselves, can potentially disrupt organisations and individuals by exploiting digital systems. Vietnam and Thailand recorded 1,445,452 and 1,057,732 web threats respectively, with the Philippines and Singapore experiencing 846,837 and 574,292 incidents.

Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, commented on the implications of these threats, "As businesses and governments in the region continue to embrace digitalisation to drive economic growth, their increased reliance on digital platforms broadens their attack surface. This leads to more opportunities for cybercriminals to exploit vulnerabilities in unprotected systems, which can cause disruptions to supply chains, financial institutions, and critical infrastructure such as healthcare and energy. Such incidents can damage productivity, lead to financial losses, and erode trust in digital systems."

He emphasised the importance of proactive measures, "While governments are increasingly focusing on mandatory regulations and laws to protect data and enforce accountability for cybersecurity incidents, it is important that local businesses too must continue keeping round-the-clock vigilance, prioritising and strengthening their cybersecurity posture."

Kaspersky encourages businesses in the region to invest in robust cybersecurity defences in response to sophisticated cybercriminal tactics. "Cybercriminals in the region are becoming more sophisticated, utilising AI-driven attacks and other tools and techniques. Businesses must invest in robust cybersecurity tools like endpoint protection, firewalls, and real-time event monitoring and management. Regular security assessment and audits must be conducted to identify weaknesses and address vulnerabilities," Yeo remarked.

As part of enhancing cybersecurity infrastructure, Kaspersky advises businesses to maintain up-to-date software, schedule regular data backups, and conduct thorough assessments and audits of supply chains. Visibility over network access and activity is crucial to identify and address any anomalies and prevent unauthorized access and data breaches.

Organisations are also encouraged to establish security operation centres using tools such as Kaspersky's Unified Monitoring and Analysis Platform. Utilising the latest Threat Intelligence information can help security professionals gain insights into potential threats and improve defence strategies.

Employee education on cybersecurity threats remains a vital component, with training tools such as Kaspersky's Automated Security Awareness Platform recommended to enhance cybersecurity literacy among staff.

For companies lacking dedicated IT security functions, Kaspersky suggests subscribing to managed security services like Kaspersky MDR, which can significantly bolster security capabilities while organisations develop in-house expertise. For smaller businesses, Kaspersky Small Office Security provides streamlined cybersecurity management without the need for an IT administrator.