In Southeast Asia, businesses face a growing spectrum of web, or internet-born threats as they navigate an increasingly digital economy. The region’s rapid digitalisation has made it both a hub for growth and a target for cybercriminals.

In the first half of 2024, Kaspersky has detected and blocked over 26 million web threats from its security solutions for businesses in the region, averaging 146,944 web attacks every day.

Companies and organisations in Malaysia faced 19,615,255 web-based threats in the first six months of the year, placing the nation at the top of the rank among SEA countries. Indonesia trailed behind in second spot with 3,204,294.

Web-based threats, or online threats, are a category of cybersecurity risks that may cause an undesirable event or action via the internet. Web threats are made possible by end-user vulnerabilities, web service developers/operators, or web services themselves. Regardless of intent or cause, the consequences of a web threat may damage both individuals and organisations.

Vietnam and Thailand are sitting lower in the regional rank, with total web attacks of 1,445,452 and 1,057,732, while 846,837 threats were recorded in the Philippines and 574,292 in Singapore. 

“As businesses and governments in the region continue to embrace digitalisation to drive economic growth, their increased reliance on digital platforms broadens their attack surface. This leads to more opportunities for cybercriminals to exploit vulnerabilities in unprotected systems, which can cause disruptions to supply chains, financial institutions, and critical infrastructure such as healthcare and energy. Such incidents can damage productivity, lead to financial losses, and erode trust in digital systems,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. 

While governments are increasingly focusing on mandatory regulations and laws to protect data and enforce accountability for cybersecurity incidents, it is important that local businesses too must continue keeping round-the-clock vigilance, prioritising and strengthening their cybersecurity posture. 

“Cybercriminals in the region are becoming more sophisticated, utilising AI-driven attacks and other tools and techniques Businesses must invest in robust cybersecurity tools like endpoint protection, firewalls, and real-time event monitoring and management. Regular security assessment and audits must be conducted to identify weaknesses and address vulnerabilities,” Yeo remarks.

Kaspersky recommends the following to businesses to bolster their cybersecurity protection:

1. Always keep software updated on all the devices to prevent attackers from exploiting vulnerabilities and infiltrating organisation’s network. 

2. Back up data regularly and ensuring they can be accessed quickly when needed or in an emergency.

3. Assess and audit your supply chain and managed services access to your environment. Kaspersky offers  compromise assessment services.

4. Monitor access and activity by having visibility over the network to spot any unusual activity, and controlling user access to as-need, and as-required basis to minimise risks of unauthorised access and data leak. 

5. Set up a security operation centre (SOC) using an SIEM (security information and event management) tool like Kaspersky Unified Monitoring and Analysis Platform, a unified console for monitoring and analysing information security incidents, and solutions such as Kaspersky Next XDR Expert, a robust cybersecurity solution that defends against sophisticated cyberthreats.

6. Use the latest Threat Intelligence information to have an in-depth visibility into cyberthreats targeting your organisation and provide your InfoSec professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their TTPs.

7. Educate employees and improve their cybersecurity literacy through tools such as Kaspersky Automated Security Awareness Platform – Employees should be aware of the risks of cybersecurity threats and how to protect themselves and organisation from them.

8. Employ Kaspersky Professional Services to optimise the workload of your heavily challenged IT department. Kaspersky experts assess the state of your current IT security, then deploy and configure Kaspersky software quickly and properly to ensure hassle-free ongoing performance.

9. If your company does not have a dedicated IT security function and only has generalist IT admins who may lack the specialist skills required for expert-level detection and response solutions, consider subscribing to a managed service such as Kaspersky MDR. This would instantly boost your security capabilities by an order of magnitude, while allowing you to focus on building in-house expertise.

10. For protection of very small businesses, use solutions intended to help you manage your cybersecurity even without having an IT administrator on board. Kaspersky Small Office Security provides you with hands-off security due to ‘install and forget’ protection and saves the budget which is crucial, particularly in the early stages of business development.