The average cost of a data breach in the ASEAN region climbed to more than three million dollars or over 171-million pesos this year based on a report by IBM Security.
We dive into the impact of Cyberattacks with IBM Cyber Security Asia Pacific's Chris Hockings joining us from Sydney, Australia.
Visit our website for more #NewsYouCanTrust: https://www.cnnphilippines.com/
Follow our social media pages:
• Facebook: https://www.facebook.com/CNNPhilippines
• Instagram: https://www.instagram.com/cnnphilippines/
• Twitter: https://twitter.com/cnnphilippines
We dive into the impact of Cyberattacks with IBM Cyber Security Asia Pacific's Chris Hockings joining us from Sydney, Australia.
Visit our website for more #NewsYouCanTrust: https://www.cnnphilippines.com/
Follow our social media pages:
• Facebook: https://www.facebook.com/CNNPhilippines
• Instagram: https://www.instagram.com/cnnphilippines/
• Twitter: https://twitter.com/cnnphilippines
Category
🗞
NewsTranscript
00:00 Well, the average costs of a data breach in the ASEAN region climbed to more than $3 million
00:05 or over 171 million pesos this year, based on a report by IBM Security.
00:11 We dive into the impact of cyber attacks with IBM Cyber Security Asia Pacific's Chris Hawkins
00:18 joining us now from Sydney, Australia.
00:20 Chris, great to have you with us.
00:22 Why are we seeing a rise in costly data breaches here in Southeast Asia?
00:28 Well, I think generally IT is becoming a lot more complex.
00:35 Infrastructure is being used that is not always inside an organization, but also includes
00:42 cloud environments.
00:43 And of course, in Southeast Asia, a growing and vibrant population and economy in so many
00:50 different countries with a lot of growth and emerging innovation.
00:55 You know, lots of people accessing these services.
00:58 So it's really the disconnect or the distance that I talk about between the IT that services
01:04 these people and the people and the devices that they use that just creates opportunity
01:10 for attackers to exploit weaknesses and for financial gain.
01:16 Indeed, exploiting the weaknesses in the hardware and the software.
01:21 But share with us, Chris, what is the methodology in gathering all this data?
01:29 So there's a couple of reports we do.
01:31 The X-Force report, which happened earlier this year, is based on quantitative information,
01:37 real world data that we collect.
01:39 This one is a survey.
01:42 So we actually go and talk to hundreds and hundreds of clients all around the world,
01:48 including in ASEAN.
01:49 And we ask them what the impact of cyber breaches has been over the past year from March to
01:55 March and not just the impact, the cause, some of the remediation factors that they've
02:01 applied in order to resolve these.
02:05 And ultimately, we can start to measure modern ways to reduce this overall cost of breaches.
02:12 And of course, this data and this number that you came up with, more than three million
02:16 dollars is close to 10 percent higher compared to the previous year.
02:21 But if you take a look at the cybersecurity teams of various organizations, don't they
02:28 get to detect these data breaches?
02:31 Are they aware?
02:32 Are they secure?
02:33 Are they protecting themselves from these data breaches, Chris?
02:38 Well, yeah, I think, first of all, the increase continues every year.
02:43 But in this year's finding, there's been some threads of hope.
02:49 There's lots of modern technology being used, particularly in the area of AI and analytics,
02:55 to help cyber teams more quickly detect and respond to these breaches.
03:01 So in the survey, approximately half of organizations that deployed AI and automation in their cybersecurity
03:08 programs were able to reduce the overall time by 100 days and also the cost by 1.25 million
03:14 dollars.
03:16 So we're bringing advanced technology through that's actually been quite effective in reducing
03:21 the overall cost of a data breach.
03:23 So if you look back in previous years, some of this technology has been emerging over
03:27 the last three or four years, but we're meeting a point now where there's a reality.
03:32 And so what I'd say about that is the inverse is that those companies, the other 50 percent
03:38 that haven't deployed this kind of technology, you can imagine that on average, if it's 10
03:42 percent, then these organizations are suffering much more expensive and difficult cyber breaches
03:47 to recover from.
03:48 All right.
03:49 What about the Philippines?
03:50 Where does the country rank in the ASEAN list in terms of costly data breaches?
03:56 And are the industries and companies here making the investment to avoid these costly
04:02 data breaches?
04:03 Well, I think the ASEAN region has different countries at different levels of maturity.
04:11 And I know the Philippines are starting to drive regulatory obligations around data identity
04:17 and threat management.
04:19 So what that tells me is that the government is aware that the infrastructure that consumers
04:25 rely upon, those critical infrastructure components, need to have some kind of compliance obligation
04:32 in order to up the investment in cybersecurity.
04:35 It's been my experience over the 25 years that whilst there's a lot of innovation in
04:41 security, most of the time organizations respond most quickly when they're being asked to meet
04:47 some kind of regulatory obligations.
04:50 So overall, I think that the maturity levels of the countries, Indonesia, Philippines,
04:57 et cetera, are emerging.
05:00 And with countries such as Singapore leading the way, can help to raise the maturity in
05:06 those nations as well.
05:08 Absolutely.
05:09 But do organizations in less developed ASEAN countries like the Philippines, Indonesia,
05:15 Thailand, involve law enforcement in investigating these data breaches or do they just keep it
05:22 within the company confines?
05:25 Well, I think one of the interesting statistics in the report was that organizations that
05:31 did involve law enforcement were able to reduce the overall cost and the time by almost half
05:38 a million dollars.
05:40 And so organizations that don't involve law enforcement do suffer additional costs.
05:45 In some countries, it's actually part of the regulatory framework to allow law enforcement
05:52 to come in and assist in the case of a cyber breach because they do have more resources
05:58 and many companies suffer breaches at different times.
06:02 So being able to call in the defense force or police to help to investigate, detect and
06:08 respond to these kinds of breaches is definitely one of the improvements that organizations
06:13 can make.
06:14 And it's proven in the data that we've produced both globally and also here in ASEAN.
06:18 Chris, thank you so much for sharing IBM's cyber breach report.
06:23 IBM Cybersecurity Asia Pacific's Chris Hawkins joining us from Sydney, Australia.