Cyber attacks more than double since COVID-19, PwC Thailand says

Cyber attacks have more than doubled since the COVID-19 outbreak as businesses switched to online platforms, according to PwC Thailand.

 

Businesses in Thailand should consider cyber insurance policies and investments in cybersecurity to limit potential damage, it said.

 

Phansak Sethsathira, a risk consulting partner for PwC Thailand, said that businesses became more vulnerable to online criminals and fraudsters as employees began working from home during the pandemic.

 

Full-time remote work has prompted many companies to accelerate plans to digitise their operations as they look to improve efficiency and customer service.

 

“Today, organisations around the world are facing an increasing number of cyber threats because online usage is being ramped up as businesses adopt remote working and switch to online platforms in the New Normal,” Phansak said.

 

“All of these factors create a higher risk of cyber attacks for businesses, but especially those without a strong cybersecurity system,” he said.

 

His views support the key findings of the PwC report Cyber-ready — today and for tomorrow, which polled 322 technology executives of US-based companies in April. Some 64% of respondents expect a jump in reportable ransomware and software supply chain incidents in the second half of this year.

 

According to the PwC survey Global Digital Trust Insights 2021, 96% of organisations are now focusing on cybersecurity strategy changes to meet the risks of an increasingly digital workplace.

 

More cyber attacks to come

 

Phansak said that most attacks are carried out through cloud service channels using malware or ransomware to disrupt core business operations. This type of attack is expected to continue in the years to come.

 

Cyber attacks are often initiated to control a part of an organisation’s system for malicious purposes, such as taking over an employee or third-party service provider’s computer. The cyber attacker then proceeds to infiltrate other internal computer systems before ultimately stealing important information.

 

Based on PwC’s cyber investigation experience, attackers tend to subtly infiltrate corporate networks six to 18 months before they begin attacking. This is to explore and familiarise themselves with the structure of the network, computer system and personnel data, including account change procedures and user credentials. 

 

After that, they impersonate employees and send emails to trick people into transferring funds to the attacker’s account. This type of cyber attack is known as a business email compromise (BEC).

 

According to the FBI’s Internet Crime Report 2020, BEC attacks are one of the most prolific and dangerous methods currently employed in the US, with more than USD1.8bn (approximately THB54bn) in damages reported in 2020.

 

Using advanced technologies and the Cybersecurity Operation Centre cannot completely guarantee safety because even well-prepared and resourced organisations and government agencies are now the targets of professional cyber attacks, Phansak added.

 

But responding to cyber threats is about more than just prevention and anticipation. There needs to be a proactive assessment and review process to find and deter potential attacks and limit or suppress the damage caused by them.

 

The three ways to combat cyber threats:

1) Assess your organisation’s cybersecurity.

2) Enhance your ability to proactively detect cyber threats.

3) Verify cyber threats to find the cause and determine any prevention methods.

 

Phansak said that the impact of cyber attacks is not limited to financial consequences, which can include investigative costs, customer compensation and damages for violating the law. They also impinge on corporate reputation, potential top management migration and – worst of all – a business’s value.

Using cyber insurance to transfer risks

 

Cyber insurance is gaining popularity for businesses all over the world, including in Thailand, as it helps manage cyber risks more effectively, Phansak said.

 

Cyber insurance transfers risks to other organisations. It also helps businesses better analyse and assess the safety of their operational systems and internal management. Many Thai insurance companies are tapping into this market as the demand for cyber insurance grows, he explained.

 

However, it’s crucial for insurance companies who want to enter this market to work with experts on the audit, assessment and analysis of cybersecurity risks that meet international standards. Their investigations must also be effective and reliable as this will build trust with policy holders, co-insurers and between the insurance companies themselves.

 

“Businesses that value and invest in advanced technology infrastructure will effectively combat cyber threats. So, business leaders must understand their organisation’s cyber risk appetite, know how to build trust and put cybersecurity strategies in place. 

 

“Having a good cyber risk management approach is the key for businesses to mitigate potential damage from cyber threats and achieve sustainable growth,” Phansak said.