This is why South East Asian businesses are suffering more cyber attacks

Businesses in the ASEAN region are some of the least prepared to deal with cyber threats. This is in part because they have not felt the need, since in the past the ASEAN region was less targeted than others. But that’s been changing for several years now, and threats are rising throughout the region. In fact, in 2019 the Philippines entered the top 10 target countries for cyberattacks worldwide, and McAfee has found that Thailand is the 7th most-targeted country for COVID-19-related attacks, tied with Saudi Arabia and the UK. Lack of preparation for cyberattacks could exacerbate the region’s current economic challenges.

In December 2019, phishing emails sent malware to a third-party company working with the Singaporean government, which led to personal data (full names, NRIC numbers, contact numbers, email addresses, and residential addresses) of 2400 members of the Singapore Armed Forces (SAF) and the Ministry of Defense was exposed and may have leaked. That same month, a server for a company that provides healthcare training to the SAF was infected with ransomware, and the data of 120,000 people including 98,000 in the SAF was encrypted, though fortunately it was not copied.

Indonesia has faced 15 percent growth in malware attacks each year, but its most notorious case was in 2017, when two of the country’s biggest hospitals suffered from the WannaCry malware, which locked their IT systems, patient medication records, and billing. The healthcare industry is one of the most prone to attacks, due to its massive store of patient data, as well as being the most crucial in the fight against the novel Coronavirus.

In January 2019, the email servers of the massive Philippine-based pawn shop and remittance company Cebuana Lhuillier were breached, causing the data of about 900,000 clients to be compromised, including dates of birth, addresses, and sources of income.

In March and April 2019, the GandCrab ransomware spread widely around Vietnam via documents attached to emails pretending to be sent from the Ministry of Public Security. It locked down the data of so many Vietnamese companies that the Vietnam Computer Emergency Response Team (VNCERT) issued a high alert. Those whose devices were locked were instructed to pay $400-$1000 in cryptocurrency to restore them, though there was no guarantee that the data would be returned.

In 2017, AT Kearney estimated that the ASEAN region needed to spend $171 billion on cybersecurity by 2025. Instead, that year it spent only around $1.9 billion. AT Kearney estimates that this failure to prepare could cost the region’s top 1000 companies about $750 billion.

According to digital security firm Kaspersky, over half of businesses in Southeast Asia that experienced a data breach (the majority of which result from attacks) paid compensation to clients or customers. A similar percent had difficulty finding new customers (51%), while 41% had to pay penalties or fines and 30% lost business partners.

Even greater than the immediate costs are the long-term ones: loss of customers, decreased confidence from potential investors, and threats to global supply chains. For this reason, malware attacks often go unreported by companies and ransomware fees are quietly paid, which hinders everyone’s ability to protect against future attacks.

If ASEAN businesses want to reverse the trend and protect themselves from malware, they will have to dramatically change their current practices. A new ebook from BSA | The Software Alliance can help. Download “Covid-19 and Cyber Threats in Southeast Asia” below.