Cybersecurity breaches remain a critical problem across the world and show no sign of abating. The latest report from US-based cybersecurity Trend Micro shows that 76% of respondents expect a breach in the next 12 months — a 10% decrease, but an indication of critical security gaps. Over one-third of organisations faced seven or more successful network attacks in the past 12 months — a 10% increase since previous results.
Globally, the most widespread threats include ransomware, phishing/social engineering, and denial of service (DoS) attacks. When it comes to IT infrastructure, organisations are most worried about mobile or remote employees, cloud computing and third-party applications. More US-based organisations said that cloud computing risks were more rampant.
The harmful consequences of an attack quickly add up. The respondents named stolen or damaged equipment, customer turnover, reputational damage, and litigation as key concerns. The costs of hiring cybersecurity consultants to address customer data leaks and regulatory measures add to the pressure.
“Organisations are facing demanding security challenges every day, from software vulnerabilities, data breaches, to ransomware attacks and more,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “The semi-annual survey has been a tremendous asset in evaluating the rapidly evolving cyber risk landscape to help organisations improve security readiness and serving as guidance in strategic planning.”
Unfortunately, companies continue to believe that their IT security functions are equipped to support security in the DevOps environment when it is not the case in reality. Some also stated in the research that Chief Information Security Officers (CISOs) have sufficient authority and resources to achieve a strong security posture. This clearly indicates that more resources must be diverted to people, processes, and technology globally to enhance preparedness and reduce overall risk levels.
The Trend Micro study is not the only one talking about the increasing cyber-attacks across the globe and every region in the last one year. A Forrester report released last week also observed that more than six organisations in the Asia-Pacific region have admitted at least one data breach in the past 12 months.
According to the Forrester report, in the Asia-Pacific region, the organisations took an average of 33 days to find and eradicate an attack and 11 days to recover from an attack — totalling 44 days, Breaches cost the region an average of $2.2 million in total per breach.
“In the past 12 months, organisations were breached an average of three times,” said Allie Mellen, an analyst with Forrester’s Security and Risk group.
Regions that hesitated to address challenges with business alignment were breached at a higher rate than those that addressed such challenges early on. Moreover, security decision-makers are more concerned about external attacks than any other attack vector, creating greater problems.
Globally, organisations took a median of 27 days to find an adversary and eradicate an attack and a median of 10 days to recover from a breach, totalling 37 days to find and recover from a breach. It also cost organisations a global mean of $2.4 million in total per breach, the report mentioned.
Another recent report published this month showed that in the first quarter of 2022, accounts of over 18 million users were breached worldwide. The research by Netherlands-based VPN firm Surfshark, also showed that Russia had the most breaches in the first quarter which, according to Surfshark, was likely because internet activist group Anonymous declared a cyberwar against the country as a response to its invasion of Ukraine.
While Russia, Poland, Hong Kong, and Taiwan are the top regions seeing a steady uptick in security leaks, India too remained one of the worst-hit in terms of leaked user IDs, credit card information, telephone numbers, email addresses and passwords.
“Data breaches of Indian users may have fallen 62% this quarter than the last, but the country still remains among the top five target nations for hackers,” the report said.
The study revealed that 6,75,000 Indian users were breached this quarter while 1.77 million users’ data was hacked in Q4 2021. Aleksandr Valentij, Chief Information Security Officer of Surfshark, said that these sensitive data are sold on the dark web to be later used in phishing attacks, ransomware, or even identity theft.
Meanwhile, India has taken several measures to protect sensitive user data, especially in banking and financial services. For instance, the Reserve Bank of India (RBI) now prohibits merchants from storing credit card data and mandates that they use card tokenisation, thereby allowing user information to be replaced by an encrypted code on the server.