Faced with likelihood of ransomware attacks, businesses still choosing to pay up

Most businesses across four Asia-Pacific nations have had to fend off phishing and ransomware attacks, with those infected in Australia the most willing to give in to ransomware demands. 

Those Down Under also are most likely to experience such attacks, with 92% having experienced phishing incidents and 90% reporting business email compromise attacks. Another 86% and 80% have had to deal with ransomware and supply chain attacks, according to Proofpoint’s State of the Phish report. The study polled 2,000 employees and 200 security professionals in Singapore, South Korea, Japan, and Australia. 

Respondents in Singapore saw the next highest number of attacks, with 85% having to deal with phishing incidents and 78% reporting ransomware attacks. Another 72% experienced business email compromise, with 46% suffering direct financial losses. Another 68% reported supply chain attacks. 

But while Singapore, at 68%, reported the highest number of ransomware infections, their peers in Australia–58% of whom were infected–were more likely to cave to ransom demands when breached. Some 90% Down Under admitted to paying up at least once, compared to 71% in Singapore and 63% in South Korea. Just 18% of businesses in Japan paid at least one ransom–the lowest across the board, where the global average was 64%. 

According to the report, Japanese laws prohibit local companies from handing over money to organised crime, which may be deemed to include cybercrime. Proofpoint added that Japanese respondents were least likely to report a successful phishing attack, at 64%, compared to the global average of 84%. The security vendor theorised that this might be due to cybercriminals’ lack of fluency in the local language, making it easier for Japanese employees to identify poorly worded phishing lures. 

“Around the world, English is the language most used in phishing attacks, so businesses that don’t conduct activities in English may receive some protection,” the report noted. However, it highlighted that it might be less culturally acceptable in some countries to acknowledge they suffered a security breach, resulting in under-reporting. 

In South Korea, amongst the 72% that experienced ransomware attacks, 48% eventually were infected. 

And of the 96% in Australia that had cyber insurance, 83% said their insurer paid the ransom either fully or partially. Some 90% in Singapore reported having cyber insurance, 95% of which had insurers that paid the ransom either fully or partially. 

Some 82% in South Korea and 78% in Japan also had cyber insurance, with 74% and 72%, respectively, saying their insurers covered the ransom payment either fully or partially. 

Globally, 76% of organisations experienced ransomware attempts, with 64% eventually infected. Amongst those that had a cyber insurance policy for ransomware attacks, 82% of insurers stepped up to pay the ransom either in full or partially. 

“While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery and adversary-in-the-middle (AitM) phishing proxies that bypass multi-factor authentication,” said Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy. “These techniques have been used in targeted attacks for years, but 2022 saw them deployed at scale. We have also seen a marked increase in sophisticated, multi-touch phishing campaigns, engaging in longer conversations across multiple personas. Whether it’s a nation state-aligned group or a business email compromise actor, there are plenty of adversaries willing to play the long game.”

The security vendor advocated the importance of employee training and building up security awareness, especially as phishing attempts are increasingly sophisticated. 

“The awareness gaps and lax security behaviours demonstrated by employees create substantial risk for organisations and their data,” said Jennifer Cheng, Proofpoint’s Asia-Pacific Japan director of cybersecurity strategy. “While email remains the favoured attack method for cybercriminals, we’ve also seen them become more creative–using techniques much less familiar such as smishing and vishing. Since the human element continues to play a crucial role in safeguarding companies, there is clear value in building a culture of security that spans the entire organisation.” 

RELATED COVERAGE

READ MORE HERE