Indonesia Braces Against Phishing, Ransomware Surge and Alert Fatigue, Urging Swift Adoption of AI, and Automation for Security Operations

WhatsApp Image 2023-12-14 at 17.33.09

Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has revealed the outcomes of a new survey conducted by IDC on the state of Security Operations (SecOps) in the Asia-Pacific region. The survey, commissioned by Fortinet, provides valuable insights into the current SecOps landscape, emphasizing the role of Artificial Intelligence (AI) and automation. It explores various aspects, including prevalent security practices, attack frequency and impact, detection and response times, alert fatigue, the status, and impact of automation in SecOps workflows, and challenges related to skill development within the SecOps domain.

According to Rashish Pandey, Vice President, Marketing & Communications, Asia and ANZ, Fortinet, in the ever-evolving threat landscape, organizations grapple with a spectrum of cyber threats targeting their digital assets. Fortinet’s Security Operations Solutions, underpinned by advanced AI, not only addresses the pressing need for automation but provides a comprehensive strategy for incident detection and response.

“Our commitment to empowering organizations in navigating the dynamic cybersecurity terrain is showcased through innovative solutions. These include an impressive one-hour (less in most cases) average time to detect and contain threats, an 11-minute investigation and remediation average, a staggering 597% ROI, doubling of team productivity and a substantial $1.39 million reduction in expected breach costs.”

Phishing and Identity Theft are the most predominant cyber threat in Indonesia, with over 50% of organizations ranking them as their top concern. The top five threats include phishing, identity theft, ransomware, DDoS and DoS, and IOT-Based attacks, with the threat landscape varying by country. Ransomware incidents have doubled across Indonesia, with 62% of organizations reporting at least a 2X increase in 2023, compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, SQL Injection, and zero-day exploits. 92% of the respondents feel that Remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasizing the need to address human factors in cybersecurity. Only 50% of businesses have dedicated IT resources for security teams across Asia. This augments the challenges faced by organizations in strengthening their security measures. Hybrid work, AI, and IT/OT system convergence pose significant challenges. Cloud technology adoption emerges as a primary challenge, impacting organizational vulnerability to cyber threats.

Country Director for Indonesia, Edwin Lim said that in the ever-evolving cybersecurity landscape, 70.7% of organizations prioritize faster threat detection through automation. 

“At Fortinet, we recognize the imperative of swift detection and response as the cornerstone of an enhanced cybersecurity posture. Automation plays a crucial role in promptly identifying and responding to cyber threats, minimizing the window of vulnerability. Our customers’ experiences underscore this urgency, with a transformative reduction from an average of 21 days to just one hour for detection, driven by AI and advanced analytics. This signifies a fundamental step in fortifying cybersecurity defences, where time to detect and respond is paramount. Automation, in this context, emerges as the linchpin in navigating the challenges of today’s dynamic threat landscape”.

Approximately 2 out of 5 (42%) of the surveyed organizations across Indonesia express concerns about being underequipped for threat containment. This dissatisfaction highlights the critical need for enhancing cybersecurity capabilities to effectively counter evolving cyber threats. Alarmingly, three out of four organizations do not conduct regular risk assessments, exacerbating the challenge of timely threat detection.  More than 50% of surveyed enterprises experience an average of 221 incidents per day and 2 out of 5 enterprises grapple with over 500 incidents daily, leading to alert fatigue. The top two alerts faced are suspicious emails (phishing) and malware or virus detections, highlighting the imperative for targeted training on phishing awareness. Additionally, suspicious user behaviour, account lockouts and multiple failed login attempts contribute to alert fatigue. The challenge of false positives persists, with 70% of respondents noting that at least 25% of the alerts they receive are false positives with email security alerts/phishing, user account lockout alerts, and cloud security alerts being the top contributors. 82% of teams take more than 15 minutes to validate an alert, highlighting the need for automation.

86% of respondents across Indonesia find it challenging to keep their team’s skills updated with the rapidly changing threat landscape. Survey respondents prioritize the ability to automate (62%) as a key skill for Security Operations Centre (SOC) teams, highlighting the growing importance of automation in cybersecurity. This, along with the ability to multi-task and critical thinking, right set of certifications, underscores the evolving skill set needed in the face of dynamic cyber threats.

IDC conducted a survey with 550 IT leaders who make or influence security decisions for their organizations. Conducted between October and November 2023, the Asia-Pacific survey looked at organizations with a global headcount of 250–5,000+ employees. The study covers 11 markets: Australia, Hong Kong, India, Indonesia, Malaysia, New Zealand, Singapore, South Korea, Thailand, the Philippines, and Vietnam.