According to the 2022 IBM Security X-Force Threat Intelligence Index, Asia is now the #1 most targeted region for cyberattacks – representing 26% of attacks analysed in 2021.
The data reveals a significant regional shift compared to the past decade of the report, where North America and Europe have historically ranked as most-targeted.
This trend signals a growing need for security investments amongst Asian organizations, particularly those in financial services and manufacturing, which were the most-targeted industries in the region.
The Index unveiled the following insights regarding the threat landscape in Asia:
- Financial services and manufacturing were the top attacked industries in Asia, representing nearly 60% of attacks studied.
- Japan, Australia and India were the most-attacked countries in the region.
- Top Attack Types: Server access attacks (20%) and ransomware (11%), Data theft (10%) were the top attack types observed in Asia.
- Initial Infection Methods: Vulnerability exploitation and phishing tied for the top infection vector at Asian organizations in 2021, each representing 43% of attacks observed in the region.
- Ransomware groups: REvil made up 33% of ransomware attacks analyzed, and Bitlocker, Nefilim, MedusaLocker and RagnarLocker were significant players as well
“Today, not only the CISO but the entire company needs to be prepared for cyberattacks,” said Aileen Judan-Jiao, President and Country General Manager of IBM Philippines.
“Leaders and cross functional teams like HR, marketing and financial operations need to experience and practice a cyber exercise, because how organizations respond during the critical moments of an attack can make all the difference in the amount of time and money lost in a response”
Carlos Santos, vice president for Corporate Services and Chief Information Officer of JG Summit Holdings said, “With the ongoing digital transformation, the emergence of IoT and devices and more employees working from home hence being more exposed to the attacks, security awareness and culture across organizations must be in place.
“We need to ensure the best security approach and policies are updated across the conglomerate.
“Employees are the first line of defence, and we need them to experience the attacks and their impacts, educating them what they are exposing themselves to and what can be the consequences of the incidents,” he adds.”