Nearly 70% of information security leaders in the APAC region believe a major attack affecting critical infrastructure across multiple countries will happen in the next two years, a survey reveals
Most information security training leaders in the Asia-Pacific (APAC) region believe that a major, successful cyber attack on critical infrastructure in their country, or multiple countries, is imminent.
According to the survey conducted ahead of information security trainingresearchers of Black Hat Asia in Singapore, 52% of nearly 100 respondents either “strongly agree” that such an attack would happen in their own country in the next two years.
An even greater proportion (67%) believed that an attack affecting critical infrastructure across multiple Asian countries will happen in the same period.
As in Black Hat surveys conducted in the US and Europe, information security training professionals in the study were concerned that recent incidents in their region might indicate that a major breach of critical infrastructure is forthcoming.
Past attacks in the Middle East and Asia had spanned damage to industrial control systems, data theft for surveillance purposes, and hacking of computers used to support critical infrastructure in Asian countries.
APT37, the North Korean cyber espionage group, for example, had already expanded its operations beyond the Korean peninsula to include Japan, Vietnam and the Middle East.
Another campaign, reported by information security researchers at Nyotron, was focused on stealing data from industrial control systems in the Middle East for the purpose of conducting surveillance.
The gloomy threat landscape had led 23% of respondents to believe that cyber espionage by large nation states poses the greatest threat to APAC’s critical infrastructure, followed by potential attacks by organized crime groups (21%).
Information security training managers in APAC were also more concerned about sophisticated attacks aimed at their organizations than any other threat, followed by social engineering exploits and polymorphic malware that evades signature-based defenses.
The Black Hat Asia survey also threw up some surprises. For example, only 19% identified ransomware and other forms of online extortion as a top current concern in two years despite heightened publicity around the topic, but the 38% of respondents pointed to the rapid increase in the use of ransomware as the top threat in the past year.
Like their counterparts in the US and Europe, APAC cyber security leaders were not confident of their ability to deal with looming threats. More than half of them said they were either a little under budget or severely hampered in their ability to fight threats because of a lack of funds.
The shortage of information security training staff had also made it harder to fend off current threats as reported by 58% of respondents. Out of those, 17% admitted they were completely underwater; 3% said they had no staff; and 38% said they could use a little additional help.
The skills shortage was the most worrying finding for the information security training professionals. According to the survey, over half of cyber security professionals in the region said they were either actively looking for a new job or open to it.
Across the region, nearly 40% said users who violated security policies or fell prey to phishing and social engineering scams had kept them up at night. Compliance with privacy rules such as the Asia Pacific Economic Cooperation (APEC) Privacy Framework was also one of the top items in their security budgets and daily activity lists.