It’s becoming crucial to have strong third-party risk management and good cyber hygiene, both to build immunity against these threats and to build customer, employee and stakeholder trust, it said.
Vilaiporn Taweelappontong, Lead Consulting Partner and Financial Services Leader for PwC Thailand, said that the most common cyber threat in 2022 will be ransomware attack. During a ransomware attack, data is ransomed or stolen with encryption or a user’s access to files is locked, and payment is demanded for their return.
“We’re seeing a lot of ransomware attacks these days, and it’s likely that we’ll see more and more of them in the future, especially in financial institutions and hospitals.
“In the past, the most common cyber threats were malware, viruses, Trojans and other programmes used to attack and access sensitive information,” Vilaiporn said.
Although third-party cyber risks are among executives’ most current concerns, most still lack a thorough understanding of their business relationships and vendor or supplier networks. This makes it difficult to control and prevent data leakage, she said.
“Third-party cyber risks are now a top agenda item, and it’s been discussed how organisations should deal with them.
“This is a complex issue as it involves third-parties, business partners, outsources, contractors, service providers, as well as others who work and share information within the same ecosystems. An organisation may have good security system management, but from the many cases we’ve seen, it’s hard for them to fully control their third parties,” Vilaiporn said.
This trend is in line with the findings of the PwC 2022 Global Digital Trust Insights Survey. It surveyed 3,600 CEOs and other C-suite executives globally and found that 60% of them didn’t have a thorough enough understanding of their data breach risks while 20% had little to no understanding.
Vilaiporn also referred to a recent case in Thailand in which there was a series of unusual payments through credit and debit cards.
“Although such disasters have happened many times before, prompt detection and prevention aren’t always possible because the business ecosystem has become more connected. There are more login and authentication methods, such as through Facebook, Google and other platforms, and this makes root cause analysis and data security system management more difficult.
“However, this recent case has created more awareness for both service providers and account holders,” Vilaiporn explained.
Apart from third-party cyber risks, Vilaiporn pointed out that organisations must deal with emerging threats by putting systematic cybersecurity management in place.
This includes managing any shortage of cybersecurity talent, driving the businesses to keep up with the digital world with a focus on security, and moving fast to adopt new technologies to keep up with competitors. These will be the top three challenges for Thai organisations to build trust in their digital security, she said.
Cyber threats to rise over 2022
Some 60% of the C-suite respondents anticipate an increase in cybercrime in 2022, the PwC report showed.
While 56% of respondents say their organisations expect a rise in breaches via their software supply chains, only 34% have formally assessed their enterprises’ exposure to this risk.
Similarly, 58% expect a jump in attacks on their cloud services, but only 37% profess to have an understanding of the cloud risks.
The report introduced “four Ps” to help executives realise their organisations’ full cyber potential:
1. Principle. Articulate an explicit, unambiguous foundational principle, coming from the CEO, to establish security and privacy as a business imperative.
2. People. Hire the right leaders and let CISO and security teams connect with business teams.
3. Prioritisation. Use data and intelligence to continually measure your risks because the risks will change as your digital ambitions rise.
4. Perception. Uncover blind spots in your relationships and supply chains because you can’t secure what you can’t see.
Making the right investment
“Organisations are becoming increasingly aware of data security and privacy issues, but they're still hesitant about where and how much to invest in technology.
“Many executives struggle with analysing and identifying the right investment amount that fits their business size and environment. This can range from Cloud adoption, API connection, third-party cyber risk management and upskilling their cyber talents,” Vilaiporn said.
Thai organisations need to study more to understand their business, its threat landscape, quantitative analysis and security hygiene.
This understanding provides the foundation for cybersecurity, but many organisations still leave this neglected, she concluded.
Published : October 28, 2021
By : THE NATION