KUCHING: Every two in three businesses in Southeast Asia (SEA) is a ransomware victim, a Kaspersky study finds, and only five per cent of the C-suite have confirmed the presence of an internal or a third-party incident response team,
Ever since the infamous Wannacry attack, ransomware has become something of a buzzword within the corporate world, with large attacks on enterprises appearing in headlines month after month.
Businesses in SEA is well within the radar of these cybercriminals with three in five (67 per cent) confirming that they have been victims, according to the latest research by Kaspersky.
Global cybersecurity company, Kaspersky, surveyed 900 respondents across North America, South America, Africa, Russia, Europe and Asia-Pacific, 100 of which were from SEA.
Conducted in April 2022, the research titled “How business executives perceive ransomware threat” gathered the answers from those in senior non-IT management (such as chief executive officers, vice presidents and director level) and business owners or partners at companies with 50 to 1,000 employees.
Half of those (34 per cent) who have admitted having their data maliciously encrypted by cybercriminals experienced ransomware attacks not once but several times.
The remaining respondents (33 per cent) said they have experienced such incidents one-time only.
The most common denominator among ransomware victims in the region is that almost all paid the ransom (82.1 per cent).
In fact, 47.8 per cent of the surveyed executives confessed that they paid the ransom as soon as possible for immediate access to their business data, two digits higher than the global average of 38.1 per cent.
Almost a quarter (23.9 per cent) did try to get their data back through back-ups or decryption but failed and paid ransom within two days while 10.4 per cent took a week of effort before paying up.
When the ransomware victims were asked of the steps they will conduct should they face the same incident, majority (77 per cent) of the business leaders in SEA confirmed that they will still pay the ransom showing a worrying tendency for companies that have already been a victim of ransomware to pay up, encouraging cybercriminals to continue their attacks.
“It is concerning to see that only 17.9 per cent of businesses here in SEA victimised by ransomware did not budge on the cybercriminals’ demands,” Kaspersky’s general manager for Southeast Asia Yeo Siang Tiong commented.
“We stand firm that paying the ransom should not be a kneejerk reaction for enterprises.
“But, with more than half (67 per cent) of those we surveyed admitting that their organisations would not survive without business data if attacked, we understand the urgency and the desperation to get their data back as soon as possible, by all means.”
Kaspersky’s study also revealed a key puzzle piece – that majority (94 per cent) of enterprises in SEA will seek external help if attacked by ransomware.
This is a tad higher than the global rate at 89.9 per cent.
Almost a quarter (20 per cent) of which will contact the law enforcement, while 29 per cent will reach out to a third party cybersecurity incident investigation and response service provider like Kaspersky.
The remaining percent will contact both of these external organisations to know how to respond to a ransomware attack.
“With only five per cent of enterprise leaders confirming that they have internal incident response capabilities or they have the regular IT team or service provider to figure out a ransomware attack, it is clear that our enterprises here in SEA need help.
“We advocate for cross-border and public-and-private cooperation that will help governments and companies to combat threats like ransomware. However, such is not the only answer.
“Enterprises here should really look into acting on concrete steps to upskill or even to build their own security defence team with intelligence-led incident detection and response capabilities.”
Global cybersecurity company Kaspersky co-founded the global project called “No More Ransom Initiative” which has grown from four partners to 188 and has contributed 136 decryption tools covering 165 ransomware families.
Since its launch in 2016, it has helped more than 1.5 million people decrypt their devices all over the world.
Nearly 30,000 ransomware victims from July last year to June end of 2022 in SEA were also able to retrieve their data through this project.
The project is done by Kaspersky along with National High Tech Crime Unit of the Dutch National Police, Europol’s European Cybercrime Centre, and other partners.
If you become a victim, never pay the ransom. It won’t guarantee you get your data back but will encourage criminals to continue their business.
Instead, report the incident to your local law enforcement agency and get help from incident response experts such as Kaspersky.