A new Black Hat study say nearly 60% of Asia-based cybersecurity professionals fear malicious attacks on the horizon from Russia, China and North Korea
A majority of information security professionals in Asia expect to see major, cross-border compromises in enterprise networks and critical infrastructure in the next year or two, and most do not feel confident in their ability to defend against these impending threats.
These concerns and more are outlined in Black Hat Asia’s first-ever research report, Cybersecurity Risk in Asia. The report, compiled from a survey of nearly 100 current and former attendees at Black Hat Asia, provides insights on critical information security issues pertaining to Asian cyber defenses and vulnerabilities. The results closely mirror the responses of Black Hat attendees in the United States and Europe – raising further concern for cybersecurity on a global level.
Critical Infrastructure Risks Attacks by 2020
Nearly 70% of those surveyed expect an attack impacting critical infrastructure across multiple Asian countries will happen within the next two years. As in Black Hat surveys conducted in the USA and Europe, security professionals in the Black Hat Asia study are concerned that recent incidents in their region may indicate that a major breach of critical infrastructure is forthcoming. Past attacks in the Middle East and Asia have spanned damage to industrial control systems, data theft for surveillance purposes, and hacking of computers used to support critical infrastructure in Asian countries.
What InfoSec Professionals Fear
In recent years, Asia has seen not only continued mass, opportunistic attacks via malware, but also attacks that are highly targeted and focused on specific objectives such as data theft or extortion via ransomware. These trends and more are the reason almost 60% of respondents cited targeted attacks as their biggest concern – specifically, malicious actors in Russia, China, and North Korea.
Lack of People, Resources Is Central Problem
When asked, more than 30% believe the primary reason cybersecurity strategies fail in Asia is because of a shortage of skilled professionals. This skills shortage, coupled with a lack of budget, makes for a dangerous combination that leaves many Asian security organizations under confident in their ability to defend their own organizations’ critical data from cyber-attack.
The report also calls out that security professionals in Asia are more willing to job-hop than their counterparts in the United States and Europe, but they express a similar frustration in gaining the attention of upper management on top security priorities. More than 50% of Asian cybersecurity professionals say they are either actively looking for a new job or open to it.
Weaknesses in Security
Among weaknesses keeping information security professionals up at night, nearly 40% believe end users who violate security policy or fall prey to phishing and social engineering scams are what’s leaving their organizations most vulnerable to compromise. Professionals also cite spending as an issue, with nearly 30% stating that compliance-related spending consumes the greatest portion of security spending.
These concerns are cited even with the implementation of the APEC Privacy Framework, which requires companies in the 27 countries that form the Asia Pacific Economic Cooperation region to adhere to certain privacy guidelines. 30% of respondents view the framework as having created more work for them, but 14% say it hasn’t done anything to improve privacy.
Black Hat is one of the most well-known and established conference of cybersecurity researchers and enterprise information security professionals. Tapping into its expert community, Black Hat gained insights from professionals in Asia ranging from CEOs, CSOs, CIOs and other members of the C-suite, directors of information technology and information security, network admins and security staff.