The increase in cyber threats prompted businesses across the Asia Pacific and Japan (APJ), according to the latest survey “The Future of Cybersecurity in the Asia Pacific and Japan,” conducted by Tech Research Asia (TRA) and commissioned by cybersecurity firm Sophos.

The report saw that APJ organizations have identified threat hunting as a critical consideration for strengthening cybersecurity defenses. Most organizations (90%) undertook threat hunting to bolster their cybersecurity capabilities in 2021; of those that did, 85% stated the approach is critical to their company’s overall cybersecurity capabilities.

Organizations in the Philippines set aside up to 13% of technology budgets for cybersecurity in 2022 compared to 11% on average across APJ, which is an increase from 8.6% the previous year.

Sophos X-Ops links firm’s three units to bolster cybersecurity response
Sophos reports rise in ransomware attacks vs education institutions

“Even with the additional investment, organizations need to ensure they are not overstating their maturity levels and implementing threat hunting solutions, leading to complacency,” said Aaron Bugal, global solutions engineer at Sophos. “With increased maturity and investment, one would think successful cyberattacks would decline. However, they continue to wreak havoc.

Rise in cyber attacks

Bugal said 72% of APJ organizations were hit by ransomware in 2021, up from 39% in 2020, quoting Sophos’ State of Ransomware Report. In the Philippines, up to 69% of organizations reported being attacked last year, with 58% experiencing encrypted data as a result, costing them as much as $1.34 million on average to rectify the impact on their business. With this in mind, organizations must review their cyber strategies regularly and address the gaps.”

This is becoming increasingly important considering Sophos has seen an uptick in the number of instances where organizations are being attacked multiple times – sometimes simultaneously.

“Organizations must be active in combatting cyberattacks, with threat hunting functioning as an always-on activity and not a once or twice a year exercise,” Bugal said. “Organizations must constantly be on the front foot to identify and thwart attacks, and regular and consistent threat hunting is key to this; failure to do so means organizations will remain vulnerable.”

Passive attitude toward cybersecurity

(Forty-five percent) 45% of companies surveyed haven’t changed their information or cybersecurity approach in the last 12 months, indicating a passive attitude to cybersecurity — something that must be addressed as a priority. The driving factor behind a change in strategy is an attack or breach, leading to an “attack, change, attack, change” cycle, a trend observed since 2019. In fact, half (49%) of the respondents are planning to make changes in the next six months due to experiencing an attack, highlighting the current reactive approach organizations take to managing their security.

“Cybersecurity strategies must move with — or even faster than — the threat landscape, and, sadly, that’s not happening at the moment. By updating cybersecurity strategies after a successful attack, organizations will always remain in a reactive state and continue to be easy targets for attacks. Organizations that need help can outsource all or part of their threat hunting procedures to experts who monitor systems 24/7 and have access to telemetry and artificial intelligence for faster detection and response capabilities,” said Bugal.

The survey includes a major quantitative survey where a total of 900 responses were captured across Australia, India, Japan, Malaysia, Philippines, and Singapore.