• About
  • Subscribe
  • Contact
Friday, May 9, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Management Leadership Finance Governance, Risk and Compliance

No excuse for unpreparedness as ransomware continues to plague APAC

Mark Nutt by Mark Nutt
August 25, 2023
Photo by Brett Jordan: https://www.pexels.com/photo/close-up-shot-of-scrabble-tiles-on-a-white-surface-8728900/

Photo by Brett Jordan: https://www.pexels.com/photo/close-up-shot-of-scrabble-tiles-on-a-white-surface-8728900/

Ransomware was in the headlines worldwide last year as cyberattacks hit a broad swathe of businesses and organisations, maliciously causing financial damage and disruption. According to the Cybersecurity Agency of Singapore (CSA), ransomware remains a major issue both in Singapore and globally, with cybersecurity vendors reporting a 13% increase in ransomware incidents worldwide in 2022.

A ransomware cyberattack can put a stranglehold on operations and have not only financial institutions and businesses but also healthcare institutions and power companies, threatening people's lives and national security.

As of November 2022, the FBI and other federal agencies have warned that one type of ransomware alone had been used to extort about $100 million from over 1,300 companies worldwide.

It has also been reported that organisations in the Asia-Pacific region are prime targets of cyber criminals, with their ransomware pay rate being higher than the average at 18.9%. 

Criminals are finding new ways to hold businesses hostage to their ransomware demands. Sophisticated new methods have evolved from phishing and may include social engineering and exploiting vulnerabilities in flexible working arrangements such as the use of multiple devices and home IoT networks.

Criminal developers have followed the Software as a Service trend to offer ransomware as a service (RaaS) on the dark web. With payments in cryptocurrencies, RaaS is proving a successful business model for developers and making it very easy for criminals without the coding skills to mount an attack themselves. 

Across the Asia Pacific region, high-profile attacks put privacy laws on the national political agenda. In Australia, private health insurer Medibank is facing a class action lawsuit after personal data from millions of customers was released on the dark web.

In Singapore, the Law Society has been ordered to plug security gaps after a ransomware attack compromised the information of more than 160,000 members, including personal details such as their full name, residential address, date of birth and NRIC number.

More legislation is coming

As malicious cyber activities and ransomware attacks continue to pose an increased threat, the Singapore government introduced new reforms to its data protection laws under the Personal Data Protection Act (PDPA) in October 2022.

The financial penalty cap for breaches under the PDPA has increased from S$1 million to 10% of the organisation’s annual turnover in Singapore for organisations with annual local turnover exceeding S$10 million, whichever is higher.

Across APAC markets, legislation varies, but privacy regulations everywhere are being revisited and the pace is accelerating. The EU's General Data Protection Regulation (GDPR) considered the most demanding privacy law is influencing the development of data protection in Asia.

Gartner predicts that 75% of the world's population will have their personal information/personal data covered under modern privacy regulations by the end of 2024.

Still not a priority

Many customers are ambivalent about data security; they expect the personalisation of online and digitalised services, but they also demand their data should be secure and private.

Meanwhile, despite the potential for financial losses and fines, alongside irreversible damage to customer trust and brand reputation, it appears companies are also not taking the risk and compliance implications seriously.

A recent survey of CISOs in Australia and New Zealand by Veritas revealed "a damning landscape of unpreparedness". Although 84% of CISOs interviewed said they expect moderate to significant disruption following a ransomware attack, only 13% have complete confidence in their organisation’s backup strategy.

Furthermore, only 17% say they have a strong security culture at all levels of business, and 21% are not confident their team could orchestrate recovery. It is similar across the Asia Pacific and Japan region, with a staggering 95% of organisations acknowledging they need to improve their ability to track their entire data footprint and just 11% saying their organisations are backing up data continuously.  

It is also worrying that a majority of IT teams often do not even know how many cloud services their companies are using. The average enterprise organisation uses at least three cloud service providers which explains why maintaining visibility across the whole technology stack is both complex and challenging for IT teams.

Now is the time to strengthen data protection

Being held to a financial ransom for stolen or corrupted datasets is not the only threat the cybersecurity team faces when dealing with a ransomware attack.

As part of these attacks, malware or viruses are often also deliberately initiated by bad actors. Depending on the type of attack and the effectiveness of cyber security measures already in place, these actions will cause outages leading directly to loss of business and critical data corruption.

Such cyber-attacks cause significant reputational damage as well as loss of supply-side confidence. This has the knock-on effect of additional and hefty financial costs to businesses, especially if data containing consumer details is breached.

Although ransomware techniques and approaches are continually evolving, they are not invincible if cybersecurity evolves constantly too. There are clear steps organisations can take to reduce the likelihood of being a target and an attack impacting operations.

An organisation's cyber defences are only as strong as the weakest link, so IT teams can no longer avoid ransomware attacks by endpoint security alone; they need a multi-layered strategy.

Hence, the first step is having complete visibility of where their data resides across the multi-cloud environment. To maintain legislative compliance and reduce business risk, organisations also need to know what types of data are where across their environments, ensure that accessibility to the data is correctly managed, and what that data is being used for.

In the face of the ever-evolving cybersecurity landscape, there are still many threats to effective data management.  These multiply exponentially when using multiple public cloud services. 

While major cloud service providers do offer very high degrees of resilience in the availability of their cloud platforms, all application data orchestration and compliance are still the responsibility of the customer. A platform approach, that delivers data protection and application resiliency, with consideration of data compliance and governance, is still required.

By adopting an autonomous cloud data management platform, which combines automation with advanced AI, organisations can detect deviations in data access patterns and lock down accounts that might be used to run any ransomware/malware.

By analysing changes in backup attributes using AI/ML to provide support for muti-cloud or on-premises environments, organisations are always alerted to any possible ransomware intrusions before they can cause reputational or business impact.

While backup and recovery should always be the last line of defence against ransomware attacks, it must also be a primary element of any comprehensive, threat detection, data recovery and cybersecurity strategy.

For instance, the National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, recommends developing a cybersecurity framework that enables organisations to establish a comprehensive, structured methodology around five key functions — identify, protect, detect, respond, and recover.

This kind of long-term framework strategy as part of a long-term relationship with a trusted partner is a sensible approach to reducing the risk of exposure and mitigating risk.

Related:  Half of zero trust adopters will fail to realise its benefits
Tags: cybersecurityVeritas
Mark Nutt

Mark Nutt

Mark Nutt is the Senior Vice President for International Sales at Veritas. In this role, he is responsible for the sales organisation and the functional leadership of the business across the continents of Europe, Asia, Africa and Australia. With more than 30 years in the IT industry, Mark is recognised as a strong leader with a track record for building high-performance teams and a reputation for innovation, transformation and delivering results. Mark’s focus on both the growth of the business and the development of his team has seen him restructure Veritas’ field operations across the International region to drive increased sales and success. Prior to his current role, Mark led Veritas’ EMEA team, where he spearheaded a series of strategic initiatives to transform for growth. With expertise spanning both direct and indirect sales, Mark was previously Veritas’ Global Channel SVP, where he extended the successful practices that he’d developed whilst running Symantec’s EMEA channel organisations. Before joining Symantec, Mark was the General Manager of Morse Technology PLC. As the leader of the largest group within the business, Mark was a major contributor to the company’s recovery between 2006-2009 and was a part of the leadership team recognised with the PLC Turnaround Of The Year Award. Mark joined Morse after 13 years at HP, which had culminated in him taking responsibility for developing and managing its direct software channel in the UK and Ireland.

No Result
View All Result

Recent Posts

  • Study finds almost half of businesses bank on AI-enabled cybersecurity for EDR and XDR
  • AI drives cloud market growth in Q1
  • ARTHALAND chooses OutSystems to advance real estate sustainability
  • Experts warn against AI-powered deepfake impersonation scams
  • Dropbox updates universal search and knowledge management product

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe