Once more unto the breach
Firms can save on costs and aggravation by upgrading their data security measures
The pandemic has driven scores of organisations to pivot towards digitalisation to ensure business continuity, but more exposure to the digital world also means there is more risk of cybercrime if companies do not have proper defensive measures in place.
A series of organisations in Thailand have fallen prey to cyber-attacks the past couple of years, including airlines, banks, public service groups, healthcare and e-commerce firms.
A recent high-profile case involved state-run Phetchabun Hospital, which saw the data of more than 10,000 patients stolen through its web-based application, which is suspected to be of a subpar standard.
Cybercriminals have ramped up their attacks during the pandemic, using malware, spam, phishing and ransomware as more employees have to work from home and lack of proper cybersecurity protection.
Tech companies urge organisations to perform cybersecurity checks on critical infrastructure, business operations and workers to ensure there are strong defences against attacks.
Cyber-attacks may not be 100% preventable, but a strong cybersecurity defence can minimise the chance of data loss and help organisations to recover quickly, allowing for business continuity.
Patama Chantaruck, vice-president for Indochina expansion and managing director of IBM Thailand, said cybercriminals last year sought to profit from "the unprecedented socioeconomic, business and political challenges" brought about by the pandemic.
Citing IBM's "X-Force Threat Intelligence Index" report, she said cyber-attacks on healthcare, manufacturing and energy doubled from 2019 to 2020, with threat actors targeting organisations that could not afford downtime due to risks of disrupting medical efforts or supply chains.
The report drew on billions of data points collected from IBM's customers and public sources between January and December 2020.
In 2020, finance and insurance were the most attacked industries, followed by manufacturing and energy, according to the report.
Attackers took advantage of the nearly 50% increase in vulnerabilities in industrial control systems, which manufacturing and energy both strongly rely upon, said Ms Patama.
DATA BREACH COST
She said organisations that did not implement any digital transformation projects to modernise business operations during the pandemic incurred higher data breach costs.
"Organisations with a fully deployed security automation strategy had an average breach cost of US$2.90 million, whereas those with no fully deployed security automation strategy experienced more than double that cost at $6.71 million," said Ms Patama.
Customers' personally identifiable information (PII) was the most frequently compromised type of record and the costliest in the data breaches studied by Ponemon Institute, an IT security research organisation.
According to IBM's "2020 Cost of Data Breach Report", which surveyed 524 organisations that experienced data breaches in 17 countries including Thailand, the stolen records containing customers' PII cost businesses $150 per compromised record, compared with the average cost per lost or stolen record of $146.
Stolen or compromised credentials were the most expensive cause of malicious data breaches, she said.
Malicious attacks registered as the most frequent root cause (52% of breaches in the study), versus human error (23%) or system glitches (25%), at an average total cost of $4.27 million.
Misconfigured cloud servers tied for the most frequent initial threat vector in breaches caused by malicious attacks, at 19%.
Security complexity and cloud migration cost companies the most, with the average total cost of a breach $292,000, for an adjusted average total cost of $4.15 million.
"For organisations that needed to work remotely because of the pandemic, 70% indicated remote work increased the cost of a data breach and 76% said it would increase the time to identify and contain a potential data breach," Ms Patama said.
The average total cost of a data breach varied by country. Organisations in the US had the highest average total cost at $8.64 million, while those in Asean including Thailand had an average total cost of $2.71 million, she said.
The average time to identify and contain a breach varied widely depending on industry, geography and security maturity. While the life cycle of a breach averaged 329 days in the healthcare sector, the average life cycle in the financial sector was 233 days, said Ms Patama.
IBM says cyber-attacks on the healthcare sector doubled from 2019 to 2020.
She said during the pandemic, 63% of consumers surveyed engaged with pandemic-related services via a digital channel, such as web, mobile app, email or text message.
Consumers' adoption of a wide variety of digital channels for Covid-19 related services may spur greater digital engagement with healthcare providers moving forward by lowering the barrier for entry amongst new users, according to IBM Security analysis.
"Consumers' lax approach to security, combined with rapid digital transformation by businesses during the pandemic, may provide attackers with further ammunition to propagate cyber-attacks across industries, from ransomware to data theft," said Ms Patama.
Citing IBM's "Security X-Force" report, she said individuals created 15 new accounts on average during the pandemic, with 82% reusing passwords across accounts.
More than half of millennials surveyed would place an order using a potentially insecure app or website rather than call or visit a location in person, said Ms Patama.
She said a "zero trust" approach needs to be adopted by organisations, beyond multi-factor authentication.
"A zero trust approach applies advanced artificial intelligence [AI] and analytics throughout the process to spot potential threats, rather than assuming a user is trusted after authentication," said Ms Patama.
The average cost of a breach was $1.76 million less at organisations with a mature zero trust approach, compared with those without zero trust, she said.
Ms Patama suggested organisations make sure their security technologies work effectively across hybrid cloud environments. They should apply fully homomorphic encryption to their operations, which makes it possible to selectively restrict decryption capabilities so people can see only the portions of a file they are entitled to for them to do their work, she said.
Ms Patama also recommended organisations put in place strong data security controls to protect against unauthorised access, including monitoring data, detecting suspicious activity and encrypting sensitive data wherever it travels.
"Organisations should consider technical assurances such as confidential computing and 'keep your own key', which ensure even your cloud provider cannot access your data," she said.
The effectiveness of security automation in reducing the average cost of a data breach continued to grow, according to IBM.
"Implementing AI and automation will lead to greater speed and accuracy when responding to threats, rather than relying solely on manual reactions," said Ms Patama.
Organisations should also consider testing to verify whether the security strategies and technologies they've relied on previously still hold up today, she said.
The rise of remote work amid the pandemic opens the door for more cyberattacks unless proper defensive measures are put in place.
Chris Connell, managing director for Asia-Pacific at Kaspersky, a global cybersecurity company, said in the digital transformation, organisations face security challenges that strain resources.
"Investing in cybertalent and promoting security awareness and digital education for users are the keys to success in building cyber-resilient digital societies and economies," Mr Connell said in Kaspersky's APAC Online Policy Forum themed "Greater Cyber-resilience through Cyber Capacity Building".
Speaking at the same forum, Craig Jones, cybercrime director at Interpol, said there has been an increase in cyberthreats and cybercriminal activities around the globe.
"A key challenge Interpol identified is gaps in law enforcement cyber-capabilities and capacity, occurring nationally, regionally, and globally, while these criminal networks can expand their infrastructure and activities," he said.
"Law enforcement authorities must be a trusted partner beyond national borders. Being collaborative, inclusive and open will help us reduce the gaps, bridging the divides in capabilities and capacity."
Li Yuxiao, vice-president of the Chinese Academy of Cyberspace Studies, said cyber capacity-building in Asia-Pacific should focus on network infrastructure, being alert to cybersecurity challenges and enhancing personal training systems as the region harnesses Industry 4.0.