HCM CITY — Sixty seven per cent of businesses in Southeast Asia acknowledge that they are victims of ransomware attacks, with only 5 per cent having an internal or a third-party incident response team.

This was found by a recent study conducted by Global cyber security company Kaspersky, showing the need for detection and response capabilities in the region.

Conducted in April 2022, the study titled “How business executives perceive ransomware threat” surveyed 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific, 100 of which were from Southeast Asia.

According to the study, half of those who have admitted having their data maliciously encrypted by cyber criminals experienced ransomware attacks not once but several times. The remaining respondents (33 per cent) said they had experienced such incidents one time only.

The most common denominator among ransomware victims in the region is that almost all paid the ransom (82.1 per cent). In fact, 47.8 per cent of the surveyed executives confessed that they paid the ransom as soon as possible for immediate access to their business data, higher than the global average of 38.1 per cent.

Almost a quarter (23.9 per cent) tried to get their data back through back-ups or decryption but failed and paid ransom within two days while 10.4 per cent took a week before paying up.

When the ransomware victims were asked about the steps they would take should they face the same incident again, a majority (77 per cent) of the business leaders in the region confirmed that they would still pay the ransom, reflecting a worrying tendency for companies that have already been a victim of ransomware to pay up, encouraging cyber criminals to continue their attacks.

“It is concerning to see that only 17.9 per cent of businesses here in SEA that were victimised by ransomware did not budge on the cyber criminals’ demands. We stand firm that paying the ransom should not be a knee-jerk reaction for enterprises, said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.

“But, with more than half (67 per cent) of those we surveyed admitting that their organisations would not survive without business data if attacked, we understand the urgency and the desperation to get their data back as soon as possible, by all means,” Yeo said.

Kaspersky’s study also revealed a key puzzle piece – that a majority (94 per cent) of enterprises in the region will seek external help if attacked by ransomware. This is a tad higher than the global rate at 89.9 per cent.

Almost a quarter (20 per cent) will contact law enforcement, while 29 per cent will reach out to a third party cyber security incident investigation and response service provider.

Seo said, “with only 5 per cent of enterprise leaders confirming that they have internal incident response capabilities or they have the regular IT team or service provider to figure out a ransomware attack, it is clear that our enterprises here in SEA need help.

“We advocate for cross-border and public-and-private cooperation that will help governments and companies to combat threats like ransomware. However, such is not the only answer. Enterprises here should really look into acting on concrete steps to upskill or even to build their own security defence team with intelligence-led incident detection and response capabilities,” he added.

Kaspersky co-founded the global project called “No More Ransom Initiative” which has grown from four partners to 188 and has contributed 136 decryption tools covering 165 ransomware families.

Since its launch in 2016, it has helped more than 1.5 million people decrypt their devices all over the world. Nearly 30,000 ransomware victims from July last year to June of 2022 in Southeast Asia were also able to retrieve their data through this project. — VNS