All organizations are at risk from a variety of players, like hackers, criminals, insiders with a grievance, and even nation-states. Whether an organization is a small business or a massive corporation the threat exists, and measures should be taken to improve the security of enterprise networks. Measures taken to defend against these threats have slowly progressed from simple anti-virus software to integrated defenses against the threats which have grown exponentially; so that now companies face sophisticated malware and zero-day threats. The growing economic power of Asian countries has increased the threats that now face the region so that it has become essential for Asian businesses to take Endpoint security far more seriously than in the past.
Why is Endpoint Security important?
Endpoint security systems are designed to detect potential threats quickly, analyze them, and then block the threat. Containing potential threats as they become real threats is an essential strategy.
Endpoint security systems are important because:
1. In the current business environment, data is often the most valuable asset possessed by a company.
2. The whole business could be put at risk if data is stolen or lost.
3. The sheer volume of Endpoints that exist these days, and the various types of endpoints make security far tougher than ever before.
4. Remote working has compounded the difficulty of maintaining Endpoint security.
5. Criminals and hackers are becoming far more sophisticated in their methodology.
6. The business reputation of any enterprise can be destroyed by significant data losses
7. The cost of data breaches can be significant and threaten the viability of a business.
And what if you take no action?
When companies fail to adequately protect their data, the consequences can be difficult to overcome.
According to the Allianz Risk Barometer 2020 cyber incidents and data breaches have now been ranked as the most significant business risk globally. This threat has risen from the fifteenth position to the first in just seven years.
When cyber incidents occur, they are becoming more damaging. Just five years ago the average ransomware attack on a large company would have cost tens of thousands of dollars. Now they can cost millions according to Allianz Global Corporate and Specialty. Within ASEAN the average cost of a data breach is $2.62 million.
According to Asia Pacific Risk Centre Asian organizations are 80% more likely to be chosen as targets by hackers due to the weakness in regional structures.
If we take the Philippines as an example. In a survey conducted among large companies, a massive 42% of them reported that they were hit by ransomware in 2020. Just one year earlier, the same survey showed 30% of companies had been hit, which shows the huge growth in cybersecurity attacks.
76% of the attacks resulted in data being locked (encrypted) until criminal demands were met (the global average is just 54%).
Case example 1: SingHealth Cyber Attack
The attack on SingHealth in Singapore was Singapore’s worst-ever cyber-attack. The private details of over 1.5 million patients, including members of the government, were stolen.
Somewhere between June 27th and 4th July 2018 about 1,5 million patients who visited SingHealth facilities had their personal details copied. The records were not tampered with.
4th July 2018 Integrated Health Information Systems noticed unusual activity in one of SingHealth’s databases. They took immediate action to secure the servers and block further access.
10th July 2018 Investigations by the Ministry of Health and the Cyber Security Agency confirm a cyber-attack has taken place.
12th July 2018 The police get involved and commence an investigation.
20th July 2018 SingHealth begins notifying patients to notify them their data had been accessed.
It appears that just one SingHealth workstation had been infected with malware and that allowed hackers to access the whole database. The data stolen included NRIC Numbers, addresses, gender, race, and dates of birth. The hackers also stole about 160,000 outpatient prescriptions.
This was a serious breach of privacy and had political ramifications. The fact that the potential details of the members of the government have potential security risks for the state.
Case example 2: ACER Ransomware Attack
Taiwan-based ACER was issued with the largest ever Ransomware demand on 18th March 2021 for $50 million. The hackers demanded that their demands were paid in CryptoCurrency. ACER was reluctant to talk about the attack and issued a statement that said that companies like ACER were constantly under attack and we have reported recent events to law enforcement bodies in various countries. They declined to say whether they paid the ransom.
Taking Cybersecurity Shortcuts
Recent research has shown that workers continue to take actions that put their company’s digital security at risk. Even though they understand the dangers, for some reason they continue to be reckless. The survey showed that:
1. 35% of them had saved passwords in their browser during the previous 12 months. (Australia and New Zealand 43%, Singapore and Malaysia 36%, India 39%, and Japan 28%)
2. 32% of them used the same password on several websites.
3. 23% of them connected a personal device to a corporate network.
Shortcuts such as these can allow threats into corporate networks which can cost companies $millions. Despite this only 44% of corporate computer users have received cybersecurity training, with smaller businesses even less likely to have invested in training.
Summary
In this article on Endpoint security, we have explained what Endpoint security is. We then went on to explain the changes in the landscape and how cybersecurity is a bigger threat than ever before. Statistics also show that this is a particular problem for Asian businesses.
Having established the facts we took a look at a couple of real-life examples of what can happen and has happened in Singapore and Taiwan. We also saw how in the Philippines there is a massive problem with 42% of companies getting attacked. These stories have appeared in newspapers and on TV, yet still, employees take needless risks with data security and employers are not investing in educating them.
Get in touch with us for a free consultation
FunctionEight is based in Singapore, Hong Kong, and the Philippines. We would love to offer you a free consultation so we can help you improve your security.