Today FireEye released the Southeast Asia Cyber Threat Landscape report, which details the targeted attacks against our customers across the region, and compares them to the broader picture in Asia and globally.
What stands out for me is the disparity between breaches reported in the public and the sheer volume of targeted attacks we see in the region. When you compare the lower number of targeted attacks in the U.S. with the higher level of publicly disclosed breaches there, it becomes clear that breach disclosure in the U.S. makes targeted attacks there less successful and more costly. In Asia the converse is true: targeted attacks work, the attackers probably won’t be caught in the act, and if they are caught, other organizations remain easy victims because the details of the attack aren’t disclosed.
Like climate change, we need collective action to tackle this problem. Disclosing breaches is not a sign of weakness – it is a sign of strength. It shows that you can find the attackers. It shows that you can arm your country and your businesses to respond to new threats. And it increases the costs of attacks for both criminal- and nation-state-attack groups.
The silence of victims only allows the attackers to pursue other victims. Now, more than ever, organizations should feel empowered to come forward when they are breached – to take the power from the attackers and give it back to the defenders.