Cyber security of Asia claimed to be worst in the world

Cyber Crime

A major investigation by an American security company has claimed that Asian companies have inadequate defences against cyber attacks, and hackers are 80 per cent more likely to target Asia than other areas.

The year-long report from US firm Mandiant stated that the median time for a cyber attack to be discovered was 520 days after a breach. To put this into comparison, the global average is 146 days, representing a difference of 374 days.

This is highly concerning because the longer a hack goes unnoticed or unreported, the more severe the consequences may be, even going so far as to put a country’s national security at risk.

In each attack, 3.7Gb of data was stolen on average, equating to tens of thousands of documents potentially. Perhaps more worryingly, the majority of such incidents were not disclosed with the public because breach disclosure laws in Asia are lacking.

There has been a global security report produced by Mandiant each year for the last six years, although this had been the first report focused solely on Asia. The researchers produced the report following a year of investigations, which saw an average 22,000 machines analysed.

Grady Summers is the CTO of FireEye, the parent company of Mandiant. Speaking to the BBC, he said: “We knew responses to cyber-incidents here in Asia often lag those elsewhere, but we didn’t know it was by this much.

He criticised the capability of Asian organisations to defend properly against attacks, because the companies “frequently lack basic response processes and plans, threat intelligence, technology and expertise. They’re not doing enough. But they’re starting to wake up to the reality of the threats.

“In the US, we were going through this realisation 10 years ago, so we have a head start.”

As part of its investigation, Mandiant received permission from one organisation to hack into its network, to test its vulnerabilities. Mr Summers said: “Within three days we had the keys to the kingdom. If an expert group of hackers can do the same in three days, imagine what they can do in 520 days.”