You Can Lose Billions with Unsolved Cybersecurity Threats | A Microsoft Study on Cybersecurity Attacks

The thing here is Cybersecurity Threatens to cost organizations in the Philippines US$3.5 billion in economic losses. With recent issues of a certain restaurant's online delivery service deemed not secure, and our information quite out there in the open, it is obvious that it is not just our identity on the line but our financial security as well, as a person and as a country.

Businesses are finally listening and trying to strengthen their cybersecurity measures, but this recent study made by Microsoft reveals a lot of underlying issues and as well, how companies can strive to solve them.

The Microsoft and Frost & Sullivan Study reveals that:

• A large-sized organization in the Philippines can possibly incur an economic loss of US$7.5 million, more than 200 times the average economic loss for a mid-sized organization

• Cybersecurity attacks have led to job losses in seven in ten (72%) organizations over the last year

• Cybersecurity concerns delay Digital Transformation plans

• Organizations are increasingly leveraging Artificial Intelligence to enhance their cybersecurity strategy

The study, titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World”, aims to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches in the region and identify the gaps in organizations’ cybersecurity strategies. The study involved a survey of 1,300 business and IT decision makers ranging from mid-sized organizations (250 to 499 employees) to large-sized organizations (less than 500 employees).

The study reveals that more than half of the organizations surveyed in the Philippines have either experienced a cybersecurity incident (18%) or are not sure if they had one as they have not performed proper forensics or data breach assessment (34%).

“As companies embrace the opportunities presented by cloud and mobile computing to connect
with customers and optimize operations, they take on new risks,” said Hans Bayaborda, Managing
Director, Microsoft Philippines. “With traditional IT boundaries disappearing the adversaries now
have many new targets to attack. Companies face the risk of significant financial loss, damage to
customer satisfaction and market reputation — as has been made all too clear by recent high-
profile breaches.”

The talks were headed by these professionals from Microsoft, Mr. Hans Bayaborda , Managing Director of Microsoft Philippines, Ms Mary Jo Schrade, Assistant general counsel, Microsoft Digital Crimes Unit, Mr. Lito S. Averia Jr, President of the Philippine Computer Emergency Response team and Atty. Raul COrtez, Corporate, External and Legal affairs lead.

What we need to know: 

• The study revealed that: A large-sized organization in the Philippines can possibly incur an economic loss of US$7.5 million, more than 200 times higher than the average economic loss for a mid-sized organization (US$35,000)

• and Cybersecurity attacks have resulted in job losses across different functions in seven in ten (72%) organizations that have experienced an incident over the last 12 months.

To calculate the cost of cybercrime, Frost & Sullivan has created an economic loss model based
on macro-economic data and insights shared by the survey respondents. The three possible types of losses are as follows:

• Direct: Financial losses associated with a cybersecurity incident - this includes loss of productivity, fines, remediation cost, etc;
• Indirect: The opportunity cost to the organization such as customer churn due to reputation loss; and
• Induced: The impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.

“Although the direct losses from cybersecurity breaches are most visible, they are but just the tip of
the iceberg,” said Edison Yu, Vice President and Asia Pacific Head of Enterprise for Frost &
Sullivan. “There are many other hidden losses that we have to consider from both the indirect and
induced perspectives, and the economic loss for organizations suffering from cybersecurity attacks
can be often underestimated.”

In addition to financial losses, cybersecurity incidents are also undermining the Philippines organizations’ ability to capture future opportunities in today’s digital economy, with more than half (57%) respondents stating that their enterprise has put off digital transformation efforts due to the fear of cyber-risks.


For organizations in the Philippines that have encountered cybersecurity incidents, data exfiltration and data corruption are the biggest concern as they have the highest impact with the slowest recovery time.

Besides external threats, the research also revealed key gaps in organizations’ cybersecurity
approach to protect their digital estate:

• Security an afterthought: Only 44% of organizations consider cybersecurity before the start of a digital transformation project. Majority of respondents (56%) either think about cybersecurity only after they start on the project or do not consider it at all. This limits their ability to conceptualize and deliver a “secure-by-design” project, potentially leading to insecure products going out into the market;
• Creating a Complex Environment: Negating the popular belief that deploying a large portfolio of cybersecurity solutions will render stronger protection, the survey revealed that 17% of respondents with more than 50 cybersecurity solutions could recover from cyberattacks within an hour. In contrast, more than twice as many respondents (38%) with fewer than 10 cybersecurity solutions responded that they can recover from cyberattacks within an hour; and
• Lacking cybersecurity strategy: While more and more organizations are considering digital transformation to gain competitive advantage, the study has shown that 46% of respondents see cybersecurity strategy only as a means to safeguard the organization against cyberattacks rather than a strategic business enabler. A mere 25% of organizations see cybersecurity strategy as a digital transformation enabler.

“The ever-changing threat environment is challenging, but there are ways to be more effective
using the right blend of modern technology, strategy, and expertise,” added Hans. “Microsoft is
empowering businesses in the Philippines to take advantage of digital transformation by enabling
them to embrace the technology that’s available to them, securely through its secure platform of
products and services, combined with unique intelligence and broad industry partnerships.”

 Artifical Intelligence (AI) is the Next Frontier in Cybersecurity Defense

AI is becoming a potent opponent against cyberattacks as it can detect and act on threat vectors based on data insights. The study reveals that more than almost four in five (79%) organizations in the Philippines have either adopted or are looking to adopt an AI approach towards boosting cybersecurity.

Simply put,  an AI-driven cybersecurity architecture will be more efficient as it is equipped with predictive abilities to allow organizations to fix or strengthen their security posture before problems emerge. It will also grant companies with the capabilities to accomplish tasks, such as identifying
cyberattacks, removal of persistent threats and fixing bugs, faster than any human could, making it an increasingly vital element of any organizations’ cybersecurity strategy.

AI is but one of the many things that organizations can adapt and incorporate to their cybersecurity posture. For a cybersecurity practice to be successful however, you will still always need to consider People, Process and Technology, and how these can contribute to the overall security posture of the organization.

Adding to that, here are some recommended practices that organizations and companies can consider to improve their defense when it comes to cybersecurity threats:

• Position cybersecurity as a digital transformation enabler: Disconnect between cybersecurity practices and digital transformation effort creates a lot of frustration for the employees. Cybersecurity is a requirement for digital transformation to guide and keep the company safe through its journey. Conversely, digital transformation presents an opportunity for cybersecurity practices to abandon aging practices to embrace new methods of addressing today’s risks;
• Over 90% of cyber incidents can be averted by maintaining the most basic best practices. Maintaining strong passwords, conditional use of multi-factor authentication against suspicious authentications, keeping device operating systems, software and anti-malware protection up-to-date and genuine can rapidly raise the bar against cyberattacks. This should include not just tool-sets but also training and policies to support a stronger fundamental;
• Reduce the number of tools and the complexity of your security operations to allow your operators to hone their proficiency with the available tools. Prioritizing best-of-suite tools is a great way to maximize your risk coverage without the risk of introducing too many tools and complexity to the environment. This is especially true if tools within the suite are well-integrated to take advantage of their counterparts;
• Assessment, review and continuous compliance: The organization should be in a continuous state of compliance. Assessments and reviews should be conducted regularly to test for potential gaps that may occur as the organization is rapidly transforming and address these gaps. The board should keep tab on not just compliance to industry regulations but also how the organization is progressing against security best practices; and
• Leverage AI and automation to increase capabilities and capacity: With security capabilities in short supply, organizations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI has shown a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions. Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automationand AI can free up cybersecurity talents to focus on higher-level activities.

For more information please visit: https://news.microsoft.com/apac/features/cybersecurity-in-asia/ ‎

To better understand the cyberthreats happening globally and in Asia Pacific, please download the
Microsoft Security Intelligence Report Volume 23 here: https://info.microsoft.com/ww-landing-
Security-Intelligence-Report-Vol-23-Landing-Page-eBook.html

***

About the “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” Study
This study involved a survey conducted with 1,300 respondents from 13 markets - Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand. All respondents are business and IT decision-makers involved in shaping their organizations’ cybersecurity strategies. 44% of them being business decision-makers, including CEOs, COOs and Directors, while 56% are IT decision-makers, including CIOs, CISO and IT Directors. 29% of participants are from mid-sized organizations (250 to 499 staff); and 71%
are from large-sized organizations (more than 500 staff).
About Microsoft
Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.