SandpiperSandpiperSandpiperSandpiper
  • Expertise
  • People
  • Careers
  • News & Insights
  • Contact
  • Events
Consumer Expectations Index 2022 for Asia Pacific
Consumer Expectations Index 2022 for Asia Pacific
Public Affairs Tracker:  Key Takeaways from 20th Party Congress of the Communist Party of China
Public Affairs Tracker: Key Takeaways from 20th Party Congress of the Communist Party of China

Cybersecurity: Prevention is Better than Cure

Categories
  • Corporate Communications
  • Crisis and Issues Communications Management
  • Public Relations
  • Technology
Tags
  • cybersecurity
  • reputation management
Cybersecurity: Prevention is Better than Cure
News & insights

Cybersecurity: Prevention is Better than Cure

October 2022

Cybersecurity: Prevention is Better than Cure

By Laveen Prakasan, Senior Account Manager, Singapore. Laveen is a specialist in media relations, crisis management, and content development, particularly in the Financial Services, Technology, and Consumer Brands.


Cybercrime is expected to cost the global economy USD10.5 trillion annually by 2025[1]. With increasingly sophisticated attacks ranging from ransomware to malware and social engineering to denial-of-service events. It’s estimated that a single, successful cybersecurity attack costs an average of USD4.35 million[2]. This is a steep figure, but it’s even worse when you consider that 83% of organisations say that they are hit by attacks more than once a year[3]. The losses could really start to add up, so bolstering your cyber resilience is vital.

Cybercrime is big business, and it’s not just criminals who are getting involved. State-sponsored cybercrime and cyber warfare are now a fact of life and current geopolitical tensions mean that we will see more of this in the future. It’s well-known that Russia has used malware and phishing attacks in the Ukraine, both before and after the start of the war in February. Of course, the confrontation between China and the US over semiconductor chips also continues to simmer, complicating the overall cyber-environment.

The pandemic has also brought new challenges for corporate cybersecurity with the evolution of hybrid work. Employees are using mobile phones and home Wi-Fi networks to connect to company servers and to transmit confidential data. While companies need to be flexible and agile as to where their employees work, this brings significant risks.

Image courtesy of IBM Security Cost of a Data Breach Report 2022

The biggest cybersecurity pain points

The volume and complexity of threats can be overwhelming. The two most common attacks are ransomware, which made up around 35% of volumes in 2021 and data theft at 10% of attacks[4]. In Q2 2022, the top ransomware industry targets were healthcare, professional services, and financial services.[5] While almost half of ransomware attacks occur in the US, Singapore saw over a million attacks in Q2 this year[6], while Hong Kong saw over 750,000 attacks every month in Q2 2021[7]. Most of these attacks were enabled by a social engineering technique called phishing – where individuals are tricked into handing over sensitive information such as passwords.

Corporates need the right talent to ensure their cybersecurity is solid, but qualified individuals can be hard to find. Demand for cybersecurity services is growing rapidly and traditional corporates are vying with Big Tech and start-ups for the best talent. Companies need to offer top-notch benefits and salary to beat out the competition. The lack of talent is exacerbated in Asia Pacific, particularly in some of the smaller markets. At the same time cybersecurity software which needs to be continually updated, comes at significant cost.

How to be cyber resilient?

Within this overwhelming landscape, where do you start with a cybersecurity risk assessment? And how can we be prepared when we do experience an attack? It might surprise you to find that a comprehensive internal and external communications plan is a key weapon in our battle against cybercrime. It’s perhaps less surprising when you consider that 95% of cybersecurity issues are down to human error[8], with phishing being the main culprit.

A robust internal communications and education plan can really pay off in terms of a reduction in losses due to cybercrime. Compared to the cost of qualified cybersecurity experts and up-to-date software, the ROI on educating your employees around the risks is enormous. You need to start by helping your employees to understand the risks and to recognise social engineering attacks. These can include baiting – a technique that piques your curiosity, scareware – in which you are threatened if you don’t share sensitive information, pretexting – where someone impersonates a colleague or a person in authority, phishing – often sends you to a malicious website that looks legitimate, or spear phishing – a more targeted attack on an individual or corporation. Your employees should also know how to secure their connections to your company’s cloud or servers. Thinking carefully about your internal communications templates and frameworks can really pay off.

Communications help build cyber resilience

  • Regularly assess and communicate risks
  • Invest in internal communication and education
  • Put in place a robust crisis communications plan

If the worst does happen and you are hit by a cyberattack, you need a robust crisis management plan which establishes a standard operating procedure for your firm. A cyberattack not only has monetary implications, but reputational ones. It can really dent your customers’ trust in your organisation if their details are stolen, or you are unable to provide vital services. Some companies may even find that there are legal and even reputational consequences if their cybersecurity is not robust enough.

Your crisis plan needs to encompass all your stakeholders including employees, customers, regulators, law enforcement and of course media. Ensure you know your regulatory and legal obligations. You need an up-to-date list of all key contacts in your crisis management team, and this must be cross-functional, likely including IT, Legal, Customer Teams, Communications and Government or Regulatory Affairs, as well as your senior leaders. You should plan to issue statements to both employees and the press as soon as possible detailing what happened and what you are doing to remedy the issue.

Make sure you have complete clarity around your crisis plan, that it’s up-to-date, and that you conduct red teaming regularly. Along with regulatory and legal issues, you will likely need to be prepared for significant reputational management to rebuild trust with your customers. Be prepared to be straightforward with your stakeholders and communicate with openness, honesty, and empathy.

What does the future hold

Cybercrime will continue to become more complex and more frequent as technology advances. Cybercriminals will act quickly to exploit loopholes and will continue to innovate to find even more nefarious ways to access your corporate systems. While you cannot prevent criminals from trying to access your systems and data, you can significantly reduce the chances that they will be successful. You will give yourself the best chance if you strengthen your cyber resilience with a comprehensive cybersecurity framework that focuses on the right cybersecurity expertise, the right systems and software, and a comprehensive communications framework.

  • [1] https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/
  • [2] https://www.ibm.com/security/data-breach
  • [3] https://www.ibm.com/security/data-breach
  • [4] https://www.accenture.com/_acnmedia/PDF-158/Accenture-2021-Cyber-Threat-Intelligence-Report.pdf
  • [5] https://www.kroll.com/en/insights/publications/cyber/q2-2022-threat-landscape-ransomware-healthcare-hit
  • [6] https://sbr.com.sg/information-technology/news/cyber-threats-in-sg-rise-176-mom-in-q2
  • [7] https://hongkongbusiness.hk/information-technology/news/over-750000-ransomware-attacks-hk-firms-monthly
  • [8] https://www.weforum.org/agenda/2020/12/cyber-risk-cyber-security-education

Related news & insights

SG cyber resilience plan
Cyber scams - how to win back trust
Reputation Capital Research Report


Share

BEIJING
Suite 1105, Full Tower,
No. 9 Middle East 3rd Ring Road,
Chaoyang District, Beijing, PRC

北京市朝阳区东三环中路9号
富尔大厦1105室

+ 86 10 8591 0056
beijing@sandpipercomms.com

HONG KONG
21/F, The Workst@tion,
43 Lyndhurst Terrace, Central,
Hong Kong

香港中環擺花街43號
The Workst@tion 21樓

+852 3114 6339
hongkong@sandpipercomms.com

NEW ZEALAND
The Hive 2/200,
Market Street North, Hawkes Bay,
New Zealand

+64 21084 40939
newzealand@sandpipercomms.com

SHANGHAI
No 1229 Century Avenue, 6/F, Tower 1.
Century Metropolis.
Pudong New District. Shanghai. 200122

世纪大道1229号, 世纪大都会6层,
浦东新区, 上海市, 上海市, 200122

+86 15507577095
shanghai@sandpipercomms.com

SINGAPORE
#21-02, Prudential Tower, 30 Cecil Street,
Raffles Place, Singapore, 049712

+65 6592 2883
singapore@sandpipercomms.com

SYDNEY
Gateway Tower,
36/1 Macquarie Place, Sydney
NSW 2000, Australia

+612 9098 4321
sydney@sandpipercomms.com

OUR AFFILIATE NETWORK
Bangkok
Berlin
Brusels
Dubai
Frankfurt
Hanoi
Ho Chi Minh City
Jakarta
Kuala Lumpur
London
Manila
Mumbai
New York
Paris
San Francisco
Seoul
Taipei
Tokyo
Yangon
Zurich
logo

OUR AFFILIATE NETWORK
Bangkok Berlin Brussels Dubai Frankfurt Hanoi Ho Chi Minh City Jakarta Kuala Lumpur London  
Manila Mumbai New York Paris San Francisco Seoul Taipei Tokyo Yangon Zurich

Copyright © Sandpiper Terms of Use Privacy Policy