A new survey by CDNetworks and AOPG Insights has revealed that a considerable number of businesses in Southeast Asia are ill-prepared for the increasing complexity of cybersecurity threats.
The “State of Cloud Security: Are Businesses Addressing Key Vulnerabilities in 2024?” survey highlighted significant gaps in both awareness and protection against cyberattacks.
The survey found that 20% of respondents reported experiencing a cyberattack within the last year, while 40% were uncertain if they had been targeted.
These findings indicate potential vulnerabilities within organisations, including insufficient cybersecurity measures and inadequate monitoring systems.
The report also underscored several pressing threats that could disrupt operations and damage businesses, including Distributed Denial-of-Service (DDoS) attacks, automated bot attacks, ransomware, SQL injection, and cross-site scripting.
Additionally, the survey pointed to the OWASP Top 10, a list of critical security risks for web applications, which includes issues such as broken access control, cryptographic failures, and insecure design.
As cyber threats become more sophisticated, businesses in the region are increasingly prioritising cybersecurity, with 51% of respondents identifying it as a critical concern.
Common defensive measures include the use of DDoS protection (72%), cloud-based Web Application Firewalls (70%), and API protection (55%).
CDNetworks advocates for a defence-in-depth approach, which involves multiple layers of security controls to safeguard cloud environments from a wide range of cyber threats.
Yien Wu, head of sales, SSEA at CDNetworks, said the survey’s findings indicate that the cybersecurity landscape in Southeast Asia is fraught with challenges that many businesses are not fully equipped to handle. Therefore, it is important for organisations to adopt a robust, multi-layered security strategy.
“At CDNetworks, we advocate for a defence-in-depth approach, ensuring that every layer of your cloud environment is fortified against potential attacks. Now more than ever, businesses must prioritise comprehensive security measures to safeguard their operations and maintain trust with their customers,” he said.
In the financial services sector, QBE’s recent white paper, “Cyber Threats to the Financial Services Industry,” authored by global threat intelligence specialist Jack Tolliday, outlined similar concerns.
The report found that ransomware and other extortion-based attacks continue to pose significant risks, with the financial services industry ranking as the fourth most targeted sector globally in 2023.
Ransomware-as-a-Service (RaaS) has been particularly troubling, enabling cybercriminals to exploit vulnerabilities in widely used software and phishing attacks.
In 2023, the financial services sector reported 346 ransomware incidents, making it one of the most targeted industries, especially in regions like Singapore and Malaysia.
The QBE report also highlighted the growing complexity of cyber threats, including the rapid exploitation of zero-day vulnerabilities and the increasing risk of supply chain attacks. Phishing and credential theft remain prevalent, with attackers constantly evolving their techniques to bypass security measures.