WHITE PAPER En Route to Strengthening Resilience in Asia-Pacific EVOLUTION CYBER CONTENTS Executive Summary 3 The shifting cyber threat landscape across Asia-Pacific 4 Recent cyber trends in Asia-Pacific 8 Key drivers of cyber challenges in Asia-Pacific 18 Asia-Pacifics evolving regulatory climate 20 How companies can build cyber resilience 22 A call to action 24 AUTHORS Jaclyn Yeo Senior Research Analyst MMC Asia Pacific Risk Center jaclyn.yeommc Rob van der Ende Vice President, Asia Pacific FireEye M-Trends 2017) Dwell Time The time between an attacker compromising a secured network and the breach being detectedWHITE PAPER 8 WHITE PAPER 8 Recent cyber trends in Asia-Pacific According to the global Marsh/Microsoft Global Cyber Risk Perception Survey 2017 administered between July and August 2017, cyber attacks with financial motivations were perceived as the top cyber threats for international corporations across industry sectors in APAC (39 percent). With extortion for financial gain the key goal of stealing insider information or confidential intellectual property, (see Figure 3), it is reasonable to expect that inventive cyber attack techniques will continue to emerge and evolve in the cyber risk landscape. Companies operating in APAC are also concerned about insider threats on the whole. Respondents ranked employees or contractors with malicious intent, human error, third-parties with access to the network systems, and operational errors as the next biggest threats (54 percent). 39% Financial motivation is perceived as the top threat for global corporations doing business in APAC 54% Insider threats - from errors to access - are the second biggest concern among companies operating in APAC Cyber attacks with financial motivations were perceived as the top cyber threat for global corporations across industry sectors in APAC. Q: With regard to a cyber attack that delivers destructive malware, which threat actor concerns you? Politically motivated threat Financially motivated threat Human error Employee or contractor with malicious intent Third party with authorized access to your IT resources Operational error 6% 10% 14% 15% 15% 39% (Source: APRC; dataset from Marsh/Microsoft Global Cyber Risk Perception Survey) Figure 3. Survey of corporations views on the top cyber threats when doing business across Asia-Pacific 9 CYBER EVOLUTION: EN ROUTE TO STRENGTHENING RESILIENCE IN ASIA-PACIFICOften, external threats result in the data breaches that grab news headlines. While these breaches are often costly, external threats can generally be addressed with traditional security measures, such as gap analysis, firewalls, device and endpoint encryption, and vulnerability and patch management. However, potential threats that originate from within the companies may often be more difficult to prevent, since they may unintentionally pose a threat to the internal network security. For example, some data breaches are due to human errors and are unintentional when someone falls for malicious phishing emails and clicks on infected links. Regardless of how data breaches occur, to mitigate insider, outsider, intentional and unintentional threat risks, a more holistic approach to cybersecurity is essential in this evolving cyber threat landscape. Globally, malicious external threats were the leading source of data breaches in the first half of 2017, as revealed by the latest breach level index. 6 Figure 4 illustrates some of the most noteworthy data breaches and cyber incidents in the APAC region since June 2016. 6Gemalto, 2017. Poor internet security practices take a toll Findings from the first half 2017 (Breach Level Index). 7CBS News, 2017. Cyberattack hit more than 100,000 groups in at least 150 countries, Europol says. 8Cybersecurity ventures, 2017. Cybercrime Report 2017 Edition. Global financial and economic loss estimates from the WannaCry attack that crippled systems across at least 150 countries 7range between hundreds of millions to $4 billion, making it one of the most damaging incidents involving so-called “ransomware,” in which data from infected computers is encrypted and a cryptocurrency ransom payment is demanded for decryption of the data. The attack is likely to make 2017 the worst year for ransomware scam victim organizations. Similar schemes have resulted in losses of up to $1 billion annually, 8according to market researcher Cybersecurity Ventures. They include lost productivity, the cost of conducting forensic investigations, and data restoration and recovery. While the potential losses from reduced productivity and efforts to mitigate the damage from WannaCry are markedly significant, the actual ransom collected is modest by comparison, totaling approximately $150,000. During the early stages of the attack, it was found that ransom payments did not result in a decryption key being provided, leaving most victims to rebuild and recover from backups or other sources rather than pay the ransom. Estimating the financial cost of Wannacry global ransomware WHITE PAPER 10 2017 notable breaches and cyber incidents in Asia-PacificPhishing attacks by external actors 9AUSTRALIA (JUN 2016) A large Australian firm suffered a significant breach from financially motivated cyber threat actors via phishing emails that targeted employees with access to financial systems. The attacker stole AU$1.2 million, but the actual total damage is estimated to be more than AU$2 million. Installed malware and data breach 10S. KOREA (JUL 2016) The South Korean government was demanded ransom (more than US$2 billion) after personal identifiable information was leaked due to illegally installed malware in a large online shopping site. DDoS and business interruption 11SINGAPORE (OCT 2016) Local telecommunications providers suffered a distributed denial-of-service (DDoS) attack on their domain name system, resulting in a service outage that disrupted internet connectivity amongst the 470,000 subscribers. Global ransomware - WannaCry 12CHINA (MAY 2017) More than 29,000 institutions were infected by the malware and 15% of universities' internet protocol addresses were attacked. Other critical information infrastructure affected were railway systems, hospitals, and govenment services. Global ransomware - Petya 13AUSTRALIA (JUN 2017) Several Australian businesses, including courier companies, transportation systems, and legal firms, were hit by a vicious global ransomware attack that demanded $300 14in Bitcoin for each incident breach. 9M-Trends 2017, Page 40. APAC Notable Breaches, June 2016. 10M-Trends, Page 40. APAC Notable Breaches, July 2017. 11Channel News Asia, 2016. DDoS attack on StarHub first of its kind on Singapore's Telco. 12AP News, May 2017. The Latest: 29,000 Chinese institutions hit by cyberattack. 13ABC News, 2017. Petya cyber attack: Ransonware virus hits computer servers across globe, Australian office affected. 14Straits Times, 2017. Cyberattack reachs Asia and Australia as new targets hit by ransomware demand. 11 CYBER EVOLUTION: EN ROUTE TO STRENGTHENING RESILIENCE IN ASIA-PACIFIC (Source: APRC) Figure 4. Notable Breaches in APAC from 2016 to 2017