TECH4GOOD
Digital innovations today are coming out at lightning speeds and cyberspace is fast becoming to be a rich goldmine for digital kidnappers. Data has become one of the most valuable assets for both legitimate organizations and crime groups. That is why data has become a favorite target of cybercriminals these days.
A recent Kaspersky survey report says that cyber threats come in a lot of forms. Among the most popular are ransomware, targeted data breaches, phishing, and malware designed to capture sensitive information such as personally identifiable information or PII, passwords, and authentication keys.
Ransomware is a type of malware that locks one’s computer and mobile devices or encrypts one’s electronic files. To get the “decryption” key or to get your data back, a ransom is required by the cybercriminals behind the attack. A data breach, on the other hand, is an incident wherein sensitive information is stolen from a system without the knowledge of the owner. Malware is software designed to disrupt a computer, leak information, gain unauthorized access or interfere with the user’s computer security or privacy. Ransomware actually is a form of malware.
The same Kaspersky study confirms that three in five businesses in Southeast Asia have been victims of a ransomware attack. Some once, but half have fallen prey multiple times. Their 2022 data reveals this threat will continue to be a menace for enterprises in SEA because it makes good money for cybercriminals. Known high-impact incidents include the Wannacry Ransomware which is estimated to have caused $4 billion worth of damage.
The digitalization of everything has inevitably led to massive amounts of data being shared and stored online. According to the latest First Site Guides estimates, the volume of data generated, consumed, copied, and stored is projected to reach more than 180 zettabytes (that is one followed by 21 zeroes) by 2025.
People now are beginning to question companies’ ability to keep their data secure despite the very strict policies of the National Privacy Commission. If not properly addressed, this will lead to a decline in confidence in business. The same Kaspersky report states that 29 percent of those surveyed say data leakages are caused by cyberattacks while 25 percent say employees are the culprits. Employee negligence is now almost equally worrying for companies in APAC as a major cause of data breaches. While malware infections and phishing attacks remain the top threats, new data leaks were from within the organization and have become additional headaches for IT security teams.
Kaspersky statistics reveal that almost 305,000 ransomware attacks have been blocked by their solutions last year in the SEA region alone. For the Philippines alone, a total of 21,076 ransomware attacks were tracked and foiled. To counter this growing threat, investments in cybersecurity services, software, and appliances for SEA organizations reached $3.2 billion in 2021 alone. This is expected to reach $6.1 billion by 2026. According to another report from AAG-IT, there were 623.3 million ransomware attacks globally in 2021. This should be enough to keep C-executives awake at night.
These digital kidnappers are not just targeting organizations these days. Malware is also known to target individuals through their computers and smartphones. There has been a reported increase in malware as reported by AAG-IT. In the first half of 2022 alone, it estimated 2.8 billion malware attacks. Other reports see an uptake in malware happening on social media platforms mostly done through third party features like filters which is very popular even among mature users.
An IDC study highlights that digitalization in Southeast Asia (SEA), including the Philippines, is hampered by a shortage of talent and a skills gap. While talent shortage is a global problem, it is more pronounced in the country. This will need a more concerted effort from the institutions like government and businesses to address the issue. We just do not have the numbers to fully support our local organizations in their efforts to secure their processes from cyber intrusions.
The government may also have to start thinking of coming up with regulations to force organizations to comply with cybersecurity standards that will keep their operations and data secure.
Businesses today will not just have to contend with global issues like post-pandemic inflation, geo-political uncertainties, and environmental, social, and governance (ESG) standards.
Cybersecurity trends will push them into proactive positions as they now have to protect themselves under rapid digitalization conditions and skills shortages. For most organizations, these additional challenges are uncertain waters.
As the Kaspersky report put it, business continuity is ever dependent on information security. When the digital infrastructure becomes more complex and cyber-attacks become more sophisticated, organizations have to become more cyber-aware and make cybersecurity resilience top of mind.
(The author is the lead convenor of the Alliance for Technology Innovators for the Nation (ATIN), vice president of the Analytics Association of the Philippines, and vice president, UP System Information Technology Foundation.)