Security professionals predict major data breach across Asia in next two years

SINGAPORE - A majority of information security professionals in Asia expect to see major, cross-border compromises in enterprise networks and critical infrastructure in the next year or two, and most do not feel confident in their ability to defend against these impending threats.

These concerns and more are outlined in Black Hat Asia’s first research report, Cybersecurity Risk in Asia, compiled from a survey of nearly 100 current and former attendees at Black Hat Asia, a conference providing insights on critical information security issues pertaining to Asian cyber defences and vulnerabilities.

The results closely mirror  the responses of Black Hat attendees in the United States and Europe – raising further concern for cybersecurity on a global level.

Nearly 70% of those surveyed expect an attack impacting critical infrastructure across multiple Asian countries will happen within the next two years.

They are concerned that recent incidents in their region may indicate that a major breach of critical infrastructure is forthcoming.

Past attacks in the Middle East and Asia have spanned damage to industrial control systems, data theft for surveillance purposes, and hacking of computers used to support critical infrastructure in Asian countries. 

In recent years, Asia has seen both continuing mass, opportunistic attacks via malware and attacks that are highly targetted and focused on specific objectives, such as data theft or extortion via ransomware.

These trends and more are the reason almost 60% of respondents cited targeted attacks as their biggest concern – specifically, malicious actors in Russia, China, and North Korea.

More than 30% of respondents believe the primary reason cybersecurity strategies fail in Asia is because of a shortage of skilled professionals.

 This skills shortage, coupled with a lack of budget, makes for a dangerous combination that leaves many Asian security organisations under confident in their ability to defend their own organisations’ critical data from cyber-attack.

The report also calls out that security professionals in Asia are more willing to job-hop than their counterparts in the United States and Europe, but they express a similar frustration in gaining the attention of upper management on top security priorities. More than 50% of Asian cybersecurity professionals say they are either actively looking for a new job or open to it.

Among weaknesses keeping information security professionals up at night, nearly 40% believe end users who violate security policy or fall prey to phishing and social engineering scams are what’s leaving their organisations most vulnerable to compromise.

Professionals also cite spending as an issue, with nearly 30% stating that compliance-related spending consumes the greatest portion of security spending. These concerns are cited even with the implementation of the APEC Privacy Framework, which requires companies in the 27 countries that form the APEC region to adhere to certain privacy guidelines.

Some 30% of respondents view the framework as having created more work for them, but 14% say it hasn't done anything to improve privacy.

blackhat.com/latestintel/03122018-cyber-risk-in-asia.html   (ATI).