A few years ago, Cathay Pacific suffered a lapse in data security, affecting the personal information of an estimated 9.4 million people. Along with the questions it raised around the effectiveness of cybersecurity for all companies, a top international law firm noted another effect: an uptick in interest in collective redress, a type of representative action resembling a class action lawsuit.
Two years later, cybersecurity would once again step into the spotlight as risk shot up, in step with millions of people around the world shifting to remote work during the global pandemic. Multiple Asia-based offices of international insurance giant AXA, the Singapore-based arm of Japan-based insurance company Tokio Marine Group, and several military groups throughout Southeast Asia have become just a few of the targets of ransomware attacks within the past year.
Designed to spread through a network, ransomware is malicious software that infects a computer and restricts access to crucial user data for a ransom. The cost of a ransomware attack can amount to nearly US$2 million per incident and have a global economic impact of over US$20 billion. Ransomware attacks rose by 93% last year.
As citizens become increasingly acquainted with the value of their data, any negligence, misuse or lack of adequate protection has moved into the spotlight of possible issues for company boards across APJ. With class action and consumer group-led lawsuits on the rise, the responsibility to protect against ransomware and other cyberattacks that threaten user data and privacy has become more critical than ever for businesses.
The other reason that data and privacy have arisen as such crucial topics is timing. A recent Trend Micro survey found Asia Pacific to be the second-most vulnerable region in the world to cyberattacks, after North America. Ransomware attacks ranked in the top five cyber threats in the region, while confidence in company preparedness lagged: a staggering 86% of survey respondents believed they would be breached in the next 12 months.
In the wake of this information, business leaders should sit up and take notice: data breaches are no longer an issue that exists within a company itself – they sit at the board level as well. Moving forward, business leaders should expect increasing momentum toward ensuring the right cybersecurity measures are in place.
Here are three things to keep in focus when implementing security measures.
1. Emphasise the importance of cybersecurity training for all
Ransomware has the ability to spread through a system like wildfire, but it needs an entry point, such as an infected email, email attachment, or application. No matter their role, any member of an organisation has the ability to lead the ransomware into the system.
Thorough, regular, up-to-date trainings on best cybersecurity practices are the best preventative measure to keeping systems and profits safe, so make sure the company’s cybersecurity plan affords it the resources it needs.
2. Keep anti-virus and malware software updated
Up-to-date anti-virus and malware software can help catch and eliminate the most common ransomware payloads. Like any software, it needs frequent updates, but if used correctly, it can keep your business’ systems clean with minimal downtime and interruptions.
3. Have a secure backup ready
If protections happen to fail and a business finds itself dealing with a ransomware attack, one can gain access to a system again by restoring it from a secure and reliable backup, saving the business from downtime, data loss and an often-expensive ransom. Veeam’s ransomware protection, for example, can restore a business’ data and system while adhering to compliance standards, with real time updates and alerts. Before restoring the system, the backup scans files for malware and provides flexible storage options for a range of files.
Ransomware attacks are much more a possibility than they used to be, but they don’t have to cost the business significant portions of its profits. With the right cybersecurity infrastructure and training in place, companies can sufficiently prepare and defend themselves against these breaches moving forward.