Last winter, ThreatMetrix released its ThreatMetrix Cybercrime Report: Q3 2015. It made for uncomfortable reading. Analyzing the landscape for this quarter alone, it found that there had been more 90 million attempted cyberattacks across all industries. This was a 20% increase over the previous quarter.
This, its authors said, is a result of “growing sophistication of cybercriminals and the amount of customer data available for interception”. So, what does this mean? That everyone is a target. As ESET’s Trends 2016 paper stated: “Security is no longer just a problem for a few individuals but rather a problem involving more and more people.”
While it’s certainly a global issue, in this feature we have decided to focus on some of the countries that make up the Asia and the Pacific Region (APAC), and shed light on how much people actually know about cybercrime and cybersecurity in this part of the world and how they behave. The data has come from multiple surveys carried out by ESET in 2015 and 2016.
Understanding cybersecurity
In general, Australia and New Zealand (ANZ) have the strongest understanding of cybersecurity best practices, followed by Japan.
For example, ESET’s Australia and New Zealand Cyber Savviness report 2016 found that 94% of respondents appreciate the importance of bespoke passwords for different accounts, while 84% realize the value of using two-factor authentication where it is available.
Meanwhile, ESET’s Japan Cyber Savviness Report 2016 has noted that four out of five respondents were able to answer basic cybersecurity questions correctly. And, interestingly, this is consistent across all age groups.
Elsewhere in Asia, the current state of play is less favorable. According to ESET’s Asia Cyber Savviness Report 2015, across Malaysia, Singapore, India, Thailand, Hong Kong and Indonesia, basic cybersecurity knowledge and understanding is lacking.
Among these specific countries, Malaysia has the highest comparable level of understanding – underpinned by the fact that they are the most concerned nation about cybersecurity – while Indonesia is the least cyber-savvy country (again, it’s unsurprising to learn that it’s the least worried country).
"Only 32% of respondents in Vietnam said that they make an effort to stay safe.
The situation in Vietnam, however, is of the most concern. ESET’s Vietnam Cyber Savviness Report 2015 found that there is a notable cybersecurity knowledge gap in the country “which could be putting users at risk”. Only 32% of respondents said that they make an effort to stay safe.
Risky behavior
Needless to say, when it comes to risky behavior, Vietnam stands apart as one of the worst offending countries in APAC. ESET found that there are huge shortcomings when it comes to cybersecurity. And it’s pervasive.
For example, 71% of users in the country will connect to unsecured Wi-Fi; 70% opt for easy-to-remember passwords; and 66% fail to change their passwords regularly.
While certainly more pronounced in Vietnam, the last two examples of risky behavior are by no means unique. For example, in Japan, while exposure to online risks is generally low, poor password management was identified as an area of weakness.
ESET’s survey showed that 65% of respondents keep the same passwords for a prolonged period of time, while 42% use the same password for different accounts.
Top risky online behaviors in Japan
Top risky online behaviors in Vietnam
Passwords are clearly a problem area across the board. In ANZ, despite awareness over password best practice being exceptionally high (94% are aware of the importance of using different passwords for different accounts), password management is still a “major weakness”.
Curiously, this is most pronounced outside of work – attitudes to cybersecurity are less robust when people are at home. For example, while only 18% of respondents use passwords based on their favorite word/name/personal detail at work, the number close to doubles (35%) at home.
Top cybersecurity worries
The final section of this feature turns to the concerns people have across APAC. Throughout Asia, most countries reported online banking (70%) and shopping (62%) as the main cause of unease when it came to cybercrime.
In ANZ however, only 36% of respondents said they were concerned about online banking, suggesting that presently many are satisfied with their own cybersecurity efforts, as well as that of the institutions they bank with.
That said, personal internet and mobile banking is still seen as a sensitive area, with 48% of people confirming this as their number one concern in the future. This is followed by online shopping (31%) and using social networks (31%).
Similar to ANZ, respondents in Vietnam were found to be less worried about “the theft of online banking information” (35%). Instead, the theft of personal information (53%) was the number one concern. Further, despite Vietnam ranking the worst when it comes to cyber-savviness, 87% were still concerned about cybercrime in general.
As you can see, there are clear trends across all countries, namely “cyberthreats for services that involve direct transactions”. Cybercriminals are all too aware of this, hence the upswing in criminal activity, like ransomware, where the focus is monetary gain.
As a recent report from BT and KPMG noted, “ruthless and efficient” gangs are approaching their criminal activities in an entrepreneurial way: “Criminal groups who mount a constant assault on legitimate businesses are not simply members of an amorphous underworld.
“They are, in fact, operated as rational hard-nosed businesses, with their own clearly defined business models and money making scams.”
APAC cybersecurity needs attention
It’s clear that when it comes to APAC cybersecurity, while there is a lot to be positive about, the overall picture is that there is a lot of work needed to boost people’s understanding of this growing threat and how to keep safe.
This is easier said than done, as ESET’s multiple polls have found. In Asia as a whole, for example, “despite having some of the strongest adoption rates for connected technologies of anywhere else in the world,” when it comes to online security, there are plenty of steps to take before the region catches up with the rest of the world.
Regardless, getting onboard the ‘cyber-savvy train’ is a must for APAC. The threat isn’t going to go away - in fact, arguably, it is going to get worse. Actively staying safe will help in the fight against cybercrime.
