APAC Companies Severely Underreport Ransomware Attacks
- By CDOTrends editors
- May 16, 2022
As ransomware attacks continue to increase in frequency and severity, companies in the Asia Pacific region are struggling to keep up. The ExtraHop 2022 Cyber Confidence Index-Asia Pacific shows that 83% of companies in the APAC region were breached by ransomware at least once in the past five years. Still, only 32% of them publicly disclosed that an incident occurred.
The new research, conducted by StollzNow Research and covering Australia, Singapore, and Japan, examines current security procedures' effectiveness and the truth of the ransomware epidemic.
The study highlights that Asia Pacific companies that have fallen victim to a ransomware attack may be infected and reinfected at least once a year. This may help explain why management in the region is opposed to transparency and disclosure of events. They think that history will repeat itself.
Around 20% of companies refuse to share information about ransomware attacks for fear of tarnishing their reputation, even though not disclosing an attack can cause even more damage. This may also indicate that the number of ransomware attacks in the region is much higher than what is being reported.
Instead, IT decision-makers (ITDMs) in the region continue to resort to age-old practices, such as point solutions and perimeter defenses, which are no longer adequate.
The study found that only 39% of IT decision-makers (ITDMs) have a high degree of confidence in their company's ability to prevent or mitigate cybersecurity threats.
Many ITDMs surveyed believe that their company’s security practices are lax, with an equal percentage conveying low confidence. The study also found that continued reliance on legacy technology is a significant obstacle to achieving better security outcomes.
"Corporate leaders and security teams disagree on disclosure. Only 32% of companies are public and transparent about ransomware attacks; 48% let some people know but keep it as private as possible, and 20% tell no one. This is largely against the wishes of IT security personnel, of whom 66% feel it would be better to be transparent and public about ransomware attacks," the study further notes.
"Security leaders in the Asia Pacific are facing a challenge. They're in disagreement with executives around disclosure; they're getting increased budgets, but it doesn't feel like enough, and there is worry around legal obligations. These leaders need to focus on their risk tolerance for their IP, data, and customer data and arm their teams with the tools and network intelligence that can help them defend their most critical assets. This survey reinforces the challenge organizations face in preventing attacks. Let's arm defenders with the tools and forensics needed to prevent an intrusion from becoming a full-blown breach," " said Jeff Costlow, the chief information security officer at ExtraHop.