Firms in APAC, Japan not ready vs online threats

Businesses in the Asia-Pacific region including Japan (APJ) are unprepared in deploying specialised protective technologies compared to other global regions, according to a new report from Akamai Technologies.

As a result, businesses in the region are facing challenges in preventing malicious scripts and account takeover attacks.

Akamai partnered with Foundry on the report which surveyed more than 300 global IT and security decision-makers.

Results showed the prevalence and effectiveness of specialised third-party solutions that combat the challenges of malicious bots, account takeover (ATO), third party scripts and audience hijacking.

“Malicious bots, scripts, and account takeover attacks are pervasive and will continue to pose ever greater challenges for businesses,” said Reuben Koh, director of Security Technology and Strategy at Akamai. 

“Adopting third-party specialised defenses not only help organisations to adapt, but also address the ever-changing attack techniques employed by cyber criminals,” said Koh. “This also allows organisations to achieve stronger effectiveness at mitigating these pervasive online threats, while reducing overall risk for the business.”

Findings also show that the account takeover threat environment is high in APJ, with 73% of businesses saying they have been attacked in the previous 12 months. 

Akamai said the high rate of attack is not surprising, as APJ has the lowest rate of deployment for solutions to tackle account takeover threats — 60% compared to 83% globally. 

Globally, the most frequently reported gains by those who deployed specialised account takeover defenses saw significant improvement were the ability to detect fraudulent or suspicious activity (44%); visibility into indicators of account compromise (41%); and the ability to detect fraudulent or suspicious logins (39%).

Also, only 67% of businesses in APJ are using specialised script protection solutions, well below the global average of 85%. This lack of protection comes amidst a high-threat environment – 78% of businesses here say they have been targeted by malicious scripts in the past 12 months. 

Threats posed by malicious third-party scripts have become highly significant, and the upcoming PCI DSS 4.0 regulation, which is a global standard that establishes a baseline of technical and operational standards for protecting account data, will also have specific requirements on the need to address these types of threats. 

Globally, 71% of those using third-party solutions saw a significant reduction in abusive script behaviors, with another 24% seeing a moderate reduction. 

Of those who saw significant improvement, the three most frequently reported gains were the ability to detect compromised first and third-party scripts (38%); the ability to prioritise events that require investigation (38%); and the ability to meet compliance requirements (38%).

Further, 64% of APJ experienced bot attacks in the previous 12 months (compared to 75% overall). Globally nearly all (97%) reported an improvement in their efforts to combat bots, with more than half (54%) of those using third-party solutions indicating their cybersecurity capabilities have improved significantly since deployment. 

Of those who saw significant improvement, the top three capabilities and gains most frequently mentioned were the ability to handle high heat events and surges in traffic (47%); an improvement in marketing effectiveness (42%); and the ability to balance security controls with performance optimisation (41%).

In addition, almost all (92%) APJ organisations are aware of audience hijacking, while 26% have been affected by it. Audience hijacking often leads to direct loss of revenue for online retailers, usually due to consumers taking their purchasing decisions elsewhere as they are being lured by lower prices or fraudulent advertising. 

Globally, those who had experienced audience hijacking said the top two effects on their businesses were increased cart abandonment (43%) and increased affiliate fraud (41%).