According to a report by US security company Mandiant, Asian businesses are the most poorly defended in the world against cybersecurity attacks.


The yearlong study identified the fact that cybersecurity breaches, on average took almost three times as long to be discovered compared to the global average. While businesses in the US, for example, generally detect a cybersecurity breach within 4 months, in Asia it can take as long as 17 months to become aware their company has been hacked.

Mandiant also reported that Asia finds itself in the unwanted position of being almost 80% more likely to be targeted by hackers than any other region in the world.

“In 2015, we continued to see heightened levels of cyber threat activity across APAC…We surmise that this is likely fuelled by regional geopolitical tensions, relatively immature network defences and response capabilities, and a rich source of financial data, intellectual property, and military and state secrets.”

According to Mandiant, many Asian firms are vulnerable to cyber-attacks because they are still spending disproportionate amount of money on first line defence, such as firewalls, but literally invest nothing in second and third line defence. The Mandiant report surmises that many Asian companies are unable to defend their own internal networks because they lack basic response plans, expertise, and any contingency planning.

Mandiant also notes that the vast majority of organisations studied in the report were still only relying on antivirus software to detect malware or hacker intrusions.

Rob van der Ende, vice president for Mandiant Consulting, Asia Pacific and Japan at FireEye, said:

“Unfortunately being unprepared for a breach is business as usual in Asia Pacific, and the region’s governments and boards need to address this further.”

A large part of the problem, however, seems to come from other regional players. There are numerous, well known, collectives of hackers working and residing in the Asia Pacific area, all seemingly more than willing to exploit the lax security of legitimate businesses in their own backyard.