Last year saw headline-grabbing information leakage incidents involving companies and organizations in Southeast Asia (SEA). The rising cases of data breaches were proven costly by the latest research from Kaspersky. IT business decision-makers from the region admitted to losing $1.10 million (Php 55M) on-average because of this virtual menace, just a tad short of the global financial impact of $1.41 million (Php70.50M) for enterprise companies.
Conducted last year, the annual study from the global cybersecurity company showed that aside from the monetary aftermath, victims also confirmed losing approximately $186 million (Php 9.3B) on business opportunities after an unfortunate attack involving their precious data.
Majority of the businesses in SEA who experienced a data breach (53%) also paid compensation to clients or customers, encountered problems with attracting new customers (51%), were subjected to penalties or fines (41%), and lost some business partners (30%).
In terms of the data involved, most incidents saw leakages of customer-related details such as personally identifiable information (53%), authentication credentials (33%), payment or credit card specifics (32%), account numbers (27%), and other personal particulars (26%). Personal employee information (30%) were also divulged accidentally as well as sensitive corporate data (23%) and corporate intellectual property (16%).
“It is important to know the damages a single data breach can incur to a company, not to shame the entities involved but to serve as a lesson for those who assume their networks are safe. These victims from our region were brave enough to admit the issues they were facing which resulted in such incident. Most of them lack knowledge and technical team plus the low level of security awareness among their workforce. They also confess that appropriate IT security solutions remain a missing piece for their enterprise networks,” explains Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Instead of crumbling, companies in SEA bounced back with positive changes after suffering a virtual drawback. Majority of the respondents (56%) put in place additional security policies and requirements, switched security vendor or service provider (53%), and improved authentication procedures for customers (49%).
Threat intelligence capabilities (62%) was also among the areas of technology enterprises invested into after a data breach, followed by incident response program (61%), network detection technologies (61%), and endpoint detection tools (44%).
“The best way to recover after a breach is to reassess your IT security environment and to identify the exploited loopholes. Know the tools and technologies you have, and then improve upon them. If your business is still on its baby steps, endpoint solutions should be your first layer of technical defence. Think that any malware needs an open door to enter your network. Cybercriminals are intelligent enough to research on your weak points, so be sure that your systems’ doors are intelligently guarded,” Yeo adds.
A data breach can have a devastating effect on an organization's reputation and financial bottom line. Kaspersky shares best practices to fend off one:
-
Employ training and activities which will educate employees about cybersecurity basics, for example, to not open or store files from unknown emails or websites as they could be harmful to the whole company.
-
Regularly remind staff how to deal with sensitive data, for example, to store only in trusted cloud services with authentication switched on, do not share it with untrusted third parties.
-
Enforce use of legitimate software, downloaded from official sources.
-
Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that can become a reason of a breach.
-
Use a dedicated endpoint product that demands minimum management allowing employees to do their main job but protects from malware, ransomware, account takeover, online fraud and scams such as Kaspersky Endpoint Security for Business. It also protects enterprises from malware and roll-backs malicious activities; helps to keep file servers protected and enforce password policy; protects payment details during online payments; and allows encryption to keep sensitive data protected on devices.