AI, economic boom make Philippines and Southeast Asia a cyber attack hotspot

MANILA – The Philippine economy is experiencing a period of rapid growth, fuelled by a booming e-commerce sector and increased consumption of digital products and services. However, this digital transformation has exposed the nation to a darker side of progress: a surge in cyberattacks.

In 2023 alone, some 13 million cyberattacks were recorded across Southeast Asia, with the Philippines suffering 1.69 million attacks on businesses, data from leading cybersecurity firm Kaspersky showed.

On average, Southeast Asia witnessed more than 36,000 attacks daily last year. The most prevalent form of attack was phishing.

Meanwhile, Kaspersky reportedly blocked a total of 300,000 ransomware attempts in Southeast Asia.

Beyond phishing, however, Kaspersky’s systems also blocked a staggering 26,164,698 web attacks and 22,731,157 local infection attempts in the Philippines last year, the company shared in March.

Yeo Siang Tiong, Kaspersky’s General Manager for Southeast Asia, warns that "phishing is a trusted technique for cybercriminals" due to its effectiveness. The rise of generative AI makes scams increasingly sophisticated and difficult to detect, the cybersecurity leader said.

Small and midsize businesses in the crosshairs

The threat of cyberattacks isn’t limited to large corporations. Kaspersky's data showed a 364% increase in malware attacks against small and midsize enterprise employees in Southeast Asia in Q1 of 2023.

The alarming spike underscores the vulnerability of smaller businesses, which often lack the resources and expertise to implement robust cybersecurity measures.

"As Advanced Persistent Threat actors are constantly evolving their tactics and searching for new weaknesses to exploit, businesses must prioritise the security of their systems," Yeo said.

Southeast Asia: A region under siege?

The Philippines isn’t alone in facing this digital onslaught, as the entire Southeast Asian region grapples with a rising tide of cyber threats.

In Indonesia and Malaysia, Kaspersky detected 97,465 and 124,105 phishing attempts respectively in 2023. Even tech-savvy Singapore wasn't immune, with 9,502 attempts recorded.

Overall, Indonesia suffered the most number of cyberattacks at nearly 5 million, followed by Vietnam at 2 million.

The financial sector has emerged as a primary target, with cybercriminals impersonating reputable banks, payment systems, and online shops. This trend has raised the alarm in many sectors and even individuals, given the region’s growing reliance on digital financial services.

The cyber threats faced by the Philippines and Southeast Asia reflect broader global trends. The rise of generative AI – while offering immense potential – has also empowered cybercriminals with new tools to craft sophisticated scams.

Additionally, the increasing interconnectedness of businesses and individuals has expanded the attack surface, making it easier for hackers to exploit vulnerabilities.

On a global scale, ransomware attacks have become increasingly prevalent, with cybercriminals demanding hefty ransoms to unlock encrypted data. The healthcare sector has been particularly hard hit, with hospitals and clinics facing disruptions to critical services.

Solutions and next steps to bolstering cybersecurity

The escalating number of cyber threats calls for urgent action from businesses across the Philippines and Southeast Asia. Companies must recognise that cybersecurity is not merely an IT issue but a core business risk that can potentially have an industry-wide impact.

The consequences of a successful cyberattack can be devastating, including financial losses, reputational damage, and even operational disruption.

Kaspersky recommends several strategies to enhance cybersecurity by investing in robust enterprise security solutions that include anti-phishing software and advanced anomaly detection capabilities.

Equally important is employee education since employees are often the weakest link in a company’s cybersecurity chain. Training employees and company officials to identify and report suspicious activity can significantly reduce the risk of a successful attack.

Businesses should consider partnering with cybersecurity experts to assess their vulnerabilities and develop tailored mitigation strategies.

"As most governments in the region build and boost their policies to foster their digital economy and infrastructure, it is urgent for local businesses to prioritize strengthening their cyber defenses against threats lurking online which can hamper their efforts to harness the benefits digitalisation brings about," Yeo said.

The fight against cybercrime is not one that businesses can win alone; it requires a concerted effort from governments, law enforcement agencies, the cybersecurity industry, businesses and their employees.

Southeast Asia’s economic growth is promising, but it must not come at the cost of cybersecurity. By taking proactive measures to protect themselves, businesses can ensure that their digital transformation is a success story, and not a cautionary tale.

Keen to find out more about how generative AI and other disruptive technologies are interacting with the world of work? #TechHRSG continues the conversation this July. Register now to be part of Asia’s Largest HR & WorkTech Conference!