In the first half of 2024, Kaspersky detected and blocked over 26 million web threats from its security solutions for businesses in the region, averaging 146,944 web attacks every single day.

Companies and organisations in Malaysia faced 19,615,255 web-based threats in the first six months of the year, placing the nation at the top of the ranks of SEA countries. Indonesia trailed behind in second spot with 3,204,294.

Web-based threats, or online threats, are a category of cybersecurity risks that may cause an undesirable event or action via the internet. Web threats are made possible by end-user vulnerabilities, web service developers/operators, or web services. Regardless of intent or cause, the consequences of a web threat may damage both individuals and organisations.

Việt Nam and Thailand are sitting lower in the regional rankings, with total web attacks of 1,445,452 and 1,057,732 respectively, while 846,837 threats were recorded in the Philippines and 574,292 in Singapore.

“As businesses and governments in the region continue to embrace digitalisation to drive economic growth, their increased reliance on digital platforms broadens their attack surface. This leads to more opportunities for cybercriminals to exploit vulnerabilities in unprotected systems, which can cause disruptions to supply chains, financial institutions and critical infrastructure such as healthcare and energy. Such incidents can damage productivity, lead to financial losses and erode trust in digital systems,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

While governments are increasingly focusing on mandatory regulations and laws to protect data and enforce accountability for cybersecurity incidents, it is important that local businesses too must continue keeping round-the-clock vigilance, prioritising and strengthening their cybersecurity posture.

“Cybercriminals in the region are becoming more sophisticated, using AI-driven attacks and other tools and techniques. Businesses must invest in robust cybersecurity tools like endpoint protection, firewalls and real-time event monitoring and management. Regular security assessment and audits must be conducted to identify weaknesses and address vulnerabilities,” Yeo said.

Kaspersky recommends the following to help businesses to bolster their cybersecurity protection:

1.  Always keep software updated, on all devices, to prevent attackers from exploiting vulnerabilities and infiltrating your organisation’s network 

2.  Back up data regularly, ensuring they can be accessed quickly when needed or in an emergency

3.  Assess and audit your supply chain and managed services access to your environment

4. Monitor access and activity by having visibility over the network to spot any unusual activity and controlling user access to minimise risks of unauthorised access and data leaks

5.  Set up a security operation centre (SOC) using an SIEM (security information and event management)

6.  Use the latest Threat Intelligence information to have an in-depth visibility into cyberthreats targeting your organisation and provide your InfoSec professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their TTPs

7.  Enhance employee cybersecurity awareness to help them understand how to protect themselves and the organisation from threats

8.  Employ Kaspersky Professional Services to optimise the workload of your heavily challenged IT department

9.  Seek help from the experts if your company does not have a dedicated IT security function and only has generalist IT adminstrators, who may lack the specialist skills required for expert-level detection and response solutions

10.  For the protection of very small businesses, use solutions intended to help you manage your cybersecurity even without having an IT administrator on board.