This is according to a global survey involving 800 responding firms in the region.
Ransomware attacks have proven to be especially effective weapons for cybercriminals.
More than six in 10 organizations across the Asia Pacific region (63%) have suffered a ransomware attack this year, with a further 22% having not suffered a ransomware attack but expecting to be hit within the next 12 to 24 months. The USA was less affected (57%) and Europe, the Middle East and Africa (50%).
At least that is what a global survey commissioned by CrowdStrike and conducted in August and September 2020 on cybersecurity attitudes indicate. The study surveyed 2,200 senior IT decision-makers and IT security professionals in the US (400 respondents), UK (200), France (200), Germany (200), Spain (100), Italy (100), Netherlands (100), Middle East (100), India (300), Japan (200), Singapore (100) and Australia (200) across major industry sectors.
Key findings include:
- In APAC, India was the worst hit by ransomware, with 74% having suffered an attack this year, as compared to Australia (67%), Japan (52%) and Singapore (46%).
- Among APAC organizations hit by ransomware, 31% chose to pay the ransom: more than the US (27%) and EMEA (22%). This cost organizations across APAC on average US$1.18m: more than the US (US$0.99m) and EMEA (US$1.06m).
- Phishing / spear-phishing was also a concern for 49% of APAC respondents.
- Some 77% cybersecurity experts APAC were more worried about ransomware attacks due to the pandemic. Respondents in India were most worried (83%), followed by Australia (80%), Singapore (69%) and Japan (68%)
- Globally, IT security professionals’ concern around ransomware attacks continued to increase year-over-year, with an increase in this year’s findings (54%) compared to that of 2019 (42%) and 2018 (46%).
Fear of state-sponsored cyberattacks
Nation-state activity weighed heavily on the minds of regional IT security professionals as 89% of respondents in APAC ‘agreed’ that state-sponsored cyberattacks were far more common than people think.
As international tensions and the US election created a nesting ground for increased nation-state activity, organizations have been under increased pressure to resume operations despite the risk of being targeted for their data amid rising vulnerabilities caused by remote-working and other pandemic-related safety measures.
Key findings include:
- Even with the massive rise in internet crime over the course of 2020, 79% of APAC respondents believed nation-state-sponsored cyberattacks will pose the single biggest threat to organizations in 2021. This belief was the strongest in India (90%), followed by Singapore (75%), Japan (74%) and Australia (71%).
- Some 65% APAC cybersecurity experts viewed nation-states as the category of cybercriminals most likely to cause concern.
- 91% of APAC respondents were fearful that growing international tensions (e.g., the US-China spat) were likely to result in a considerable increase in cyberthreats for organizations.
- Nearly half of APAC IT security professionals believed a nation-state cyberattack on their organization would be motivated by intelligence (49%), for financial or intellectual property gain (55%), or for exploiting pandemic-linked increases in attack surfaces (53%).
IT staffing challenges
The shortage of relevant human resources and expertise remained a major concern, with a cybersecurity talent gap continuing to persist.
Key findings include:
- 61% of regional respondents’ organizations were finding it more difficult to hire cybersecurity professionals this year compared to last year. The region found hiring cybersecurity professionals harder than in the US (54%) and EMEA (54%. In APAC, this difficulty was most heavily experienced in Singapore (64%), compared to Australia (61%), Japan (63%) and India (59%).
- 39% of APAC respondents said that the greatest challenge when hiring cybersecurity professionals was that there was not enough talent available in the market, with 42% highlighting that outsourcing had become easier than direct hiring. In the APAC region, this difficulty was most heavily experienced in Singapore (43%), compared to India (40%), Japan (38%) and Australia (35%). However, more organizations in Australia and India were leaning to outsourcing (44%), as compared to Japan (41%) and Singapore (36%).
- All of this was against the backdrop of in-house cybersecurity teams having reduced in size, with half of APAC respondents having had 5%–20% of their cybersecurity team leave the business in the past year.
DX now a priority
In the wake of rising cyberthreats, cybersecurity experts have accelerated their digital and security transformation efforts to address the growing activity from cybercriminals and nation-state actors.
While financial spending on digitalization continued to trend upward, the COVID-19 pandemic accelerated the timeline for 88% of respondents across the APAC region, with additional investment made to rapidly modernize security tools for the remote workforce.
Key findings include:
- Across the APAC region, Australian respondents (92%) have accelerated the DX timeline, more so than in India (90%), Singapore (90%) and Japan (79%).
- 58% of APAC respondents had spent more than US$1m on DX over the past three years, lagging behind the US (74%).
- 90% of APAC respondents had spent an additional US$100,000 or more to adapt to the pandemic compared to EMEA (88%) and the US (96%).
- As a result of additional spending, APAC organizations have modernized their security tools (80%), provided security training or work-from-home training (65%), or increased the rollout of Cloud technologies as employees moved to remote-working (75%).
- Three in four APAC respondents ‘agreed’ that economic recession leads to increased cybercriminal activity leveraged against their organization
- 73% of APAC respondents said that the pandemic has proven to be a catalyst for long-awaited approvals on security upgrades
- As a result of these investments, 4 in 5 respondents in the APAC region had a more positive outlook on their organization’s overarching security strategy and architecture over the next 12 months
Said Michael Sentonas, Chief Technology Officer, CrowdStrike: “Now more than ever, organizations are finding ways to rapidly undergo digital transformation to bring their security to the cloud to keep pace with modern-day threats and secure their ‘work from anywhere’ operations, and remaining diligent in their incident detection, response and remediation practices.”