Veracity Blog

Espionage fuels 25% of all cyber-attacks in the APAC region

Espionage fuels 25% of all cyber-attacks in the APAC region

A quarter of all cyber-attacks in the Asia-Pacific region are motivated by espionage according to figures released by Verizon Business. 

This contrasts sharply with that of Europe and North America, at 6% and 4% respectively and shows data harvesting and scraping is a continued threat to businesses of all sizes. 

The Verizon Business 17th-annual Data Breach Investigations Report analysed a record-high 30,458 security incidents and 10,626 confirmed breaches globally in 2023 – a two-fold increase over 2022. 

Of the 2,130 security incidents and 523 confirmed breaches in the Asia-Pacific region, system intrusion, social engineering, and basic web application attacks represented 95% of breaches in APAC.  

Due to its rapid digitalisation and high adoption rate of recent technologies, the APAC region is currently one of the major cauldrons for cyberattacks. 

How are cybercriminals getting in? 

The most common types of data compromised were credentials (69%), internal (37%), and secrets (24%). 

The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year globally, accounting for 14% of all breaches. This spike was driven primarily by the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors.  

The MOVEit software breach was one of the largest drivers of these cyberattacks, first in the education sector and later spreading to finance and insurance industries. 

Chris Novak, Sr. Director of Cybersecurity Consulting, Verizon Business, said: “Since so much of cyber espionage can be defined as an advanced persistent threat, it’s especially important for organizations in APAC to continuously refresh their security protocols to thwart the long-term collection of sensitive data by threat actors,” 

“It’s equally important to review one’s third-party network since sensitive information with national security implications can sometimes be accessed via organizations with more lax cybersecurity practices, such as academic institutions and research facilities.” 

Roughly one-third of all breaches involved ransomware or some other Extortion technique. Pure Extortion attacks have risen over the past year and are now a component of 9% of all breaches. The shift of traditional ransomware actors toward these newer techniques resulted in a bit of a decline in ransomware to 23%.  

However, when combined, given that they share threat actors, they represent a strong growth to 32% of breaches. ransomware was a top threat across 92% of industries. 

Businesses in APAC region vulnerable due to skills shortage 

This concern is also reflected in the latest report from Check Point, which revealed businesses in the APAC region are facing a growing onslaught of cyber-attacks, averaging 2,600 threats per week, significantly higher than the global average of 1,750. 

It is compounded by a severe shortage of people with cyber security skills. It is estimated Asia alone requires around 2.1 million additional security professionals, leaving many organisations in the region vulnerable. 

Ruma Balasubramanian, president of Check Point Software Technologies in Asia-Pacific and Japan, emphasised the critical role of having a cyber resilience plan and advised countries to look to Australia’s mature cyber security regulations. 

She also recommended that boards prioritise key areas including: 

  1. establishing and regularly testing incident response plans,  
  2. understanding reporting obligations,  
  3. and having a dedicated response team or third-party provider.  

This should be accompanied by a comprehensive risk assessment that considers processes, handoffs and technology. 

“Implementing a security action plan is a significant investment. As a starting point, I would suggest that the approach be built on the premise of not just securing the perimeter against outside threats, but also in reducing the damage a threat actor or insider threat could cause, once an organisation has been breached,” she added. 

The World Economic Forum believes the APAC region is vulnerable to cyber-attacks for a number of reasons, highlighting rapid digital transformation, especially during and after the pandemic, as one of the main contributory factors. 

It believes more countries should follow the example of Singapore and create dedicated cybersecurity task forces that can help coordinate efforts, share best practices and develop comprehensive strategies. 

Cybercrime costs expected to soar by 2028 

According to estimates from Statista’s Market Insights, the global cost of cybercrime is expected to surge in the next four years, rising from $9.22 trillion in 2024 to $13.82 trillion by 2028. 

Cybersecurity is something every business must consider in order to enhance the success – and protect the data – of their digital transformation in a region which has seen rapid growth in recent years. 

The rising costs of fighting cybercrime, as well as a growing awareness of the innovation required to fight the cybercriminals, has seen the global cybersecurity market grow from $83.32b in 2016 to around $166b last year. 

And there is good news coming from the APAC region, with Malaysia, Singapore, and South Korea leading the leading the national cybersecurity index for the area. 

The index measures each country’s preparedness to prevent and manage cyber threats – all three countries have central government bodies dedicated to cybersecurity in place.  

In terms of cybersecurity revenue, five APAC countries rank within the global top 15, with China taking second place behind the United States. Across these five largest markets, network security is heading the list as the leading cybersecurity solution. 

New technology brings advantages as well as risks 

The constant adoption of new tech is bringing new risks to the digital security of individuals and business, but it is also allowing the development of both Artificial Intelligence (AI) and Machine Learning (ML) to take the fight to the cybercriminals. Both technologies are being successfully implemented in cybersecurity solutions. 

Veracity Trust Network is one of those companies working in the APAC region and deploying patented and award-winning AI and ML technologies in the fight against the cybercriminals. 

We are an award-winning cybersecurity company, specialising in the detection and prevention of malicious bot activity in the web sphere: websites, web and mobile-web applications and APIs, with native mobile protection to follow.     

Our award-winning bot protection suite helps businesses mitigate against the risks, reduces wasted spend, improves customer experiences, and provides deep reporting insight into your system’s true performance.    

We were recently awarded the Cybersecurity Co-Innovation and Development Fund (CCDF) – CyberCall grant – by the Cyber Security Agency Singapore (CSA). 

The CyberCall grant encourages collaborations between cybersecurity companies and end-users by facilitating the matching of industry proposals to end-user challenges and supports the co-development of innovative cybersecurity solutions in Singapore. 

It will be used to develop and deliver the next generation of our technology, providing advanced malicious bot detection and working in partnership with a global efashion brand headquartered in the region. 

Stewart Boutcher, Veracity’s Global CTO and APCA CEO, said: “The Cybersecurity landscape is a complicated one and difficult to keep up with, due to technology changes, innovations by bad actors who have a strong incentive to innovate, and the lack of skilled people available to work for the good actors.   

“Cybersecurity cannot be an “add-on” or “afterthought”; it must be built into the core of all design planning, to avoid leaving gaps in coverage that may be exploited by potential attackers.” 

If you want to find out more about the work Veracity is doing in the APC region, please connect with Stewart on LinkedIn at: https://www.linkedin.com/in/thebluehand  

, , , , , , , , , ,

Award-winning malicious bot protection.

Cyber Award Winner 2021

AI-Enabled Data Solution of the Year – DataIQ Awards 2023 Finalist

Tech Innovation of the Year Winner – Leeds Digital Festival Awards

Cyber Security Company of the Year – UK Business Tech Awards 2023 Finalist

Best Use of AI – Tech Awards 2023 – Highly Commended

UK’s Most Innovative Cyber SME 2024 –
Runner Up