For almost every organization within the APJ region, the past four months have seen a fundamental shift in how they work, how employees interact with each other, and how they protect themselves against the sophistication of new and developing cybersecurity threats. Many organizations have adapted to these new and unexpected challenges effectively, as the alternative was to fail to survive.
But, with uncertainty ahead, both the challenges and the need to respond are likely to increase. In countries that had seemed to successfully suppress COVID-19, such as Australia and Hong Kong, new spikes are once again confining employees to their homes, putting the tentative economic recovery at risk — and bringing new cybersecurity challenges.
CrowdStrike continues to monitor the growing threats organizations face from both eCriminals and nation-state actors, and the new avenues of attack opened up by the evolving nature of remote and hybrid work.
To help keep our finger on the pulse of how business leaders are responding, we commissioned the CrowdStrike® Asia Pacific and Japan (APJ) State of Cybersecurity report in June 2020. This research surveyed more than 2,000 business leaders in Australia, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, Philippines, Singapore and Thailand on threats, opportunities and investment — and what post-COVID-19 business recovery could look like.
Pace of Change Results in Security Gaps in the Wake of COVID-19
Cybersecurity has long been highlighted as a priority for organizations, and it has become increasingly important during COVID-19. Threat actors have eagerly taken advantage of the public’s hunger for information about the pandemic, launching attacks using COVID-19 lures.
CrowdStrike has observed an increase of over 330% in eCrime activity since the start of the year compared to the same period last year, and the warning from Australia’s Prime Minister, Scott Morrison, of “sophisticated attacks from a state-based actor” underscores the threat.
However, with business leaders under pressure to adapt quickly across a range of issues, the CrowdStrike survey shows a relative lack of action on cybersecurity. Almost four in ten business leaders report they haven’t changed security programs as a result of COVID-19, leaving many organizations, their partners and their customers vulnerable to increasingly sophisticated attacks.
Given this risk, the ability to respond effectively is vital. However, 26% of business leaders responded that they either don’t have a cybersecurity emergency response plan or don’t know if there is one in place, and among those respondents who knew they had a cybersecurity emergency response plan, 27% haven’t changed that plan as a result of COVID-19. The potential for organizations finding themselves inadequately protected and ill-prepared for this “new normal” is clear.
Organizations have faced immense and numerous challenges since lockdowns began earlier this year. As attention turns toward the new normal in many areas of the world, cybersecurity must move to the top of the agenda and be prioritized by the C-suite and board to avoid additional risk to business success.
Change in Business Models Poses New Risks
The report indicates that many organizations have experienced digital transformation at an unprecedented pace and scale across business segments and operations, as they have quickly moved to mass remote-working arrangements during COVID-19 in order to survive. In fact, 44% of business leaders surveyed said the pandemic accelerated their move to cloud solutions, while 82% said COVID-19 changed the way they interact or deliver products and services to customers.
These results indicate a strong shift that is driving investment from on-premises security solutions to next-generation, cloud-native solutions as organizations look to secure today’s distributed workforce.
CrowdStrike first warned of the risk supply chains posed in opening up new avenues of attack for threat actors in 2017, and the threat has continued since then. With the pandemic closing borders and changing the way many businesses operate, the targeting of software supply chains became an inevitable consequence. In fact, 70% of leaders flagged the supply chain as a potential cyber threat, demonstrating awareness is high and offering hope for action.
Achieving CrowdStrike’s 1-10-60 rule (detecting an intrusion within one minute, investigating it within 10 minutes, and isolating or remediating the problem within 60 minutes) relies on having clear knowledge and visibility over an organization’s IT infrastructure. Making certain this is the case when business models have changed quickly and dramatically will be vital to ensuring a secure cyber future.
Looking Ahead Toward COVID-19 Recovery Expectations
Whether through effective management of the COVID-19 pandemic, or simply due to economic necessity, organizations are now leaving behind the period of immediate crisis and looking toward an uncertain future and the new normal of work. This outlook is reflected in an intention to put additional resources behind the recent shift to technology, with 65% of the surveyed business leaders expecting technology budgets to increase.
Remote or hybrid working will be part of future work environments. Indeed, 82% of the business leaders surveyed thought their employees would keep working from home or move to a hybrid model, with more than two-thirds (67%) believing their organization should invest more in building a remote work environment to enable organizational success.
While many organizations have adapted well to the cybersecurity challenges of remote workers — who are not only in their homes but also in cafes and other working spaces — 51% of respondents are still concerned that remote working in the next six months will put them personally at higher risk of a cyberattack, while 65% feel their companies would be at a higher risk of attack. This may explain why the highest number (74%) of respondents who believe there should be more investment in remote working list cybersecurity as a priority for additional investment in the months ahead.
Remote work is not the only cybersecurity challenge leaders expect to face in the coming months — 47% say they will face budget limitations and 41% are concerned about additional training costs over the next 18 months.
Leave a Reply