PETALING JAYA: Businesses in Southeast Asia face a growing spectrum of web or internet-born threats as they navigate an increasingly digital economy.
The region's rapid digitalisation has made it both a hub for growth and a target for cybercriminals.
In the first half of 2024, Kaspersky has detected and blocked more than 26 million web threats from its security solutions for businesses in the region, averaging 146,944 web attacks every day.
Companies and organisations in Malaysia faced 19,615,255 web-based threats in the first six months of the year, placing the nation at the top of the ranks among Southeast Asian countries. Indonesia trailed in second spot with 3,204,294.
Web-based threats, or online threats, are a category of cybersecurity risks that may cause an undesirable event or action via the internet. Web threats are made possible by end-user vulnerabilities, web service developers/operators, or web services themselves. Regardless of intent or cause, the consequences of a web threat may damage both individuals and organisations.
Vietnam and Thailand are sitting lower in the regional ranks, with total web attacks of 1,445,452 and 1,057,732, respectively, while 846,837 threats were recorded in the Philippines and 574,292 in Singapore.
“As businesses and governments in the region continue to embrace digitalisation to drive economic growth, their increased reliance on digital platforms broadens their attack surface. This leads to more opportunities for cybercriminals to exploit vulnerabilities in unprotected systems, which can cause disruptions to supply chains, financial institutions, and critical infrastructure such as healthcare and energy. Such incidents can damage productivity, lead to financial losses, and erode trust in digital systems,” said Kaspersky general manager for Southeast Asia, Yeo Siang Tiong.
While governments are increasingly focusing on mandatory regulations and laws to protect data and enforce accountability for cybersecurity incidents, it is important that local businesses too must continue keeping round-the-clock vigilance, prioritising and strengthening their cybersecurity posture.
“Cybercriminals in the region are becoming more sophisticated, utilising AI-driven attacks and other tools and techniques Businesses must invest in robust cybersecurity tools like endpoint protection, firewalls, and real-time event monitoring and management. Regular security assessment and audits must be conducted to identify weaknesses and address vulnerabilities,” Yeo said.
Kaspersky recommends the following to businesses to bolster their cybersecurity protection:
➤ Always keep software updated on all the devices to prevent attackers from exploiting vulnerabilities and infiltrating organisation’s network.
➤ Back up data regularly and ensuring they can be accessed quickly when needed or in an emergency.
➤ Assess and audit your supply chain and managed services access to your environment.
➤ Monitor access and activity by having visibility over the network to spot any unusual activity, and controlling user access to as-need, and as-required basis to minimise risks of unauthorised access and data leak.
➤ Set up a security operation centre using a security information and event management tool.
➤ Use the latest threat intelligence information system to have an in-depth visibility into cyberthreats targeting your organisation and provide your information security professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their tactics, techniques and procedure.
➤ Educate employees and improve their cybersecurity literacy. Employees should be aware of the risks of cybersecurity threats and how to protect themselves and organisation from them.
➤ Employ solutions to optimise the workload of your heavily challenged IT department.
➤ If your company does not have a dedicated IT security function and only has generalist IT administrators who may lack the specialised skills required for expert-level detection and response solutions, consider subscribing to a managed service.
➤ For protection of very small businesses, use solutions intended to help you manage your cybersecurity even without having an IT administrator on board.
