Web attacks vs firms in SE Asia surged by 45%

Image courtesy of Kaspersky

Cybercriminals that target companies in Southeast Asia (SEA) had been busy in 2022 as Kaspersky monitored a 45% jump in web threats blocked last year.

Web-based threats, or online threats, refers to attempts to download malicious objects from a malicious/infected website. 

Malicious websites are deliberately created by malicious users. Infected sites include those with user-contributed content (such as forums), as well as compromised legitimate resources.

Web threats are made possible by end-user vulnerabilities, web service developers/operators, or web services themselves. 

Regardless of intent or cause, the consequences of a web threat may damage both individuals and organisations.

According to Kaspersky, 10,200,817 web attacks were prevented from infecting businesses in Southeast Asia during the peak of the pandemic in 2020. 

The number dipped slightly in 2021 at 9, 180,344 and spiked yet again in 2022 at 13,381,164.

Singapore logged the highest year-on-year jump in terms of web threats targeting businesses last year, showing a 329% spike after Kaspersky’s business solutions blocked a total of 889,093 web attacks last year. In 2021, there was a total of only 207,175 incidents.

The uptick was also observed across the Southeast Asian countries – Malaysia (197%), Thailand (63%), Indonesia (46%), and the Philippines (29%).

Only Vietnam witnessed a slight dip (-12%) after recording only 2,485,168 web threat incidents last year as compared to 2,822,591 in 2021.

Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, noted that 2022 was a period of reopening for most businesses in Southeast Asia and, unfortunately, likewise for cybercriminals. 

“The Vietnam government has continuously pushed to beef up the cybersecurity defenses of the nation and the country’s local companies and it is encouraging to see that the efforts are translating into concrete results,” said Yeo.

He added that the greater Southeast Asia region, however, needs more help in building their capabilities to protect their companies against cyberattacks. 

“As 2023 will be the first year of fully re-opened borders and markets, we encourage companies here to allocate budget and resources to strengthen their defenses against the increasing attacks against their networks,” said Yeo.

He said that while the IT security talent gap remains an issue, outsourcing expert and comprehensive solutions offer efficiencies that can fill in this missing piece.

Most threats are successful due to two main weaknesses — human error and technical error.

Full protection from web threats means organisations will need to find ways to cover these weak points. As these web threats were targeted against enterprises, this means these are just the starting points of more complex cyberattacks.