APAC businesses face cyber onslaught

Businesses in the Asia-Pacific (APAC) region are facing a barrage of cyber attacks, averaging a staggering 2,600 threats per week, significantly higher than the global average of 1,750, according to Check Point’s latest quarterly threat intelligence report.

Governments, healthcare, financial services, manufacturing, education, and research sectors are primary targets, with attacks increasingly powered by artificial intelligence (AI).

“Attackers are already taking advantage of AI,” said Ruma Balasubramanian, president of Check Point Software Technologies in Asia-Pacific and Japan. “The technology is being used to produce more realistic phishing messages, as well as deepfake video calls good enough in one case earlier this year to convince a finance worker into transferring $25m to fraudsters.”

Balasubramanian, who recently joined Check Point from Google Cloud, highlighted the growing sophistication of these attacks, calling for organisations to adopt a proactive, preventative approach to cyber security amid the rise of AI.

“While attackers are already taking advantage of AI, the industry is only starting to understand how AI can help assess and protect against these threats,” Balasubramanian said, adding that Check Point’s own ThreatCloud AI uses more than 50 AI engines to analyse threat data collected over 30 years, aiming to detect and block emerging threats.

Beyond AI-driven attacks, several other critical concerns are plaguing the region. Ransomware as a service, readily available to anyone with malicious intent, is posing a significant threat. Supply chain attacks, where malware is injected into open-source code, are also on the rise, potentially compromising numerous organisations simultaneously. Furthermore, the inadvertent leakage of sensitive information by employees using public AI chatbots is a new and evolving risk.

These escalating threats are unfolding against a backdrop of a severe cyber security skills shortage, with Asia alone requiring an estimated 2.1 million additional security professionals, leaving many organisations in the region vulnerable.

While Balasubramanian advocated for comprehensive protection encompassing endpoints, networks, datacentres and cloud infrastructure, doing so has led to complexity, with about 75% of large organisations and governments relying on more than 50 cyber security vendors.

“Many CISOs [chief information security officers] are looking for at least some consolidation,” Balasubramanian said, “but the question then is, ‘Which vendors make the most sense?’” Evaluating the impact of removing any specific security product can be very challenging as CISOs grapple with ensuring continuous protection, she added.

Effective cyber security transcends technology, requiring a collaborative approach involving CEOs, chief information officers and all employees. Balasubramanian cited a Singapore company that successfully improved its phishing defence through simulated phishing campaigns and by publicly identifying employees who fell for the scams. She cautioned, however, that such tactics are culturally sensitive and may not be appropriate in all environments.

Addressing legacy hardware and software vulnerabilities is also crucial, with legacy infrastructure more susceptible to being exploited by threat actors. Check Point recommends combining network segmentation, micro-segmentation, and firewalls with intrusion prevention systems to protect vulnerable legacy systems.

Balasubramanian emphasised the critical role of a cyber resilience plan, highlighting the sophistication of Australian boards in this area, potentially influenced by Australia's mature cyber security regulations. “Australian federal and state regulations are unique across APAC,” she said. “Australian regulators have got this right. Where other countries are grappling with these issues, Australia really stands out as a model.”

She recommended that boards prioritise several key areas, including establishing and regularly testing incident response plans, understanding reporting obligations, and having a dedicated response team or third-party provider. This should be accompanied by a comprehensive risk assessment that considers processes, handoffs and technology.

The company offers a range of services to assist organisations in bolstering their cyber resilience, from risk assessments and architecture reviews to security awareness training and managed detection and response. Its platform approach, integrating various security functions, resonates with customers, according to Balasubramanian.

Ultimately, addressing the complex cyber security landscape requires a multi-faceted approach, combining advanced technology, comprehensive planning, robust regulatory frameworks, and a culture of security awareness.

“Implementing a security action plan is a significant investment,” Balasubramanian concluded. “As a starting point, I would suggest that the approach be built on the premise of not just securing the perimeter against outside threats, but also in reducing the damage a threat actor or insider threat could cause, once an organisation has been breached.”