Fortinet, the global provider of broad, integrated and automated cybersecurity solutions, has revealed additional findings from its Global Enterprise Security Survey.
According to the research, 48% of IT decision makers (ITDMs) at 250+ employee organisations around Asia Pacific (APAC) are confident of their cybersecurity posture, despite 86% of organisations being breached in the past two years. In addition, 82% believe they are doing better than their peers with regards to cybersecurity, while only 6% believe they are lagging behind.
Respondents revealed that 33% of breaches experienced in the last two years were the result of social engineering, ransomware and email phishing. In 2018, 73% of APAC businesses are planning programmes to educate employees in IT security, reflecting a growing awareness that breaches are caused by carelessness and ignorance as much as maliciousness.
Another top concern for organisations is protecting access to the network. Under half (44%) of APAC ITDMs feel confident that they have full visibility and control of all devices with network access. A similar number - 45% - of APAC ITDMs feel confident that they have full visibility of the access level of all third parties who frequently have access to networks, while 52% of APAC ITDMs feel confident that they have full visibility and control of all employees. This lack of confidence in network visibility suggests that this is an area that should be treated as a top concern for organisations. Yet, basic security measures like network segmentation are only being planned by 26% of APAC businesses in 2018. Without network segmentation, malware entering a network will often be left to spread.
When asked about what they would have done differently over their career in security, 46% of APAC ITDMs wish they had invested more in employee security awareness training to prevent a security breach. Educating users can lessen the chance that they become victims of an intrusion attempt.
In 80% of breach incidents, in the first instance the APAC board blames the IT department – either a specific individual (34%) or the department as a whole (47%). Employees outside the IT department get blamed in 30% of breach incidents, even though they are often recognised as the weakest link. The IT department can no longer be the only one responsible when it comes to a breach. Bring your own device (BYOD) trends and the Internet of Things (IoT), the use of cloud-based applications, and shadow IT, all extend the security responsibility to the broader organisation − and employees.
In 2017, ITDMs investments ranked the following as their No. 1 investment:
· 35% - New security solutions and services
· 27% - Upgrading security solutions
· 21% - Implementing security policies and process
· 9% - Employee training
· 4% - Auditing and assessment
Continued technological investment allows businesses to keep pace with malicious attacks and prepare for them by implementing a comprehensive security solution. Investments in new and upgraded security solutions will continue in 2018, but 27% of APAC respondents also reveal that investments towards employee training will become one of the top three investment priorities.
Patrice Perche, Senior Executive VP, worldwide sales and support at Fortinet said, “ITDMs continue to prioritise the maintenance and upgrade of their cybersecurity solutions in an attempt to combat today’s cybersecurity adversaries. Although important, other security best practices within their broader cyber and technology strategy are still missed opportunities. In particular, the urgency to prioritise security hygiene, educate with broader awareness, or implement security approaches that leverage automation, integration, and strategic segmentation, is critical to defend against the highly damaging Internet attacks possible in our near future.”
In October, Fortinet shared that:
Board members are not treating cybersecurity as a top priority
According to the research, 48% of IT decision makers (ITDMs) at 250+ employee organisations around Asia Pacific (APAC) are confident of their cybersecurity posture, despite 86% of organisations being breached in the past two years. In addition, 82% believe they are doing better than their peers with regards to cybersecurity, while only 6% believe they are lagging behind.
Respondents revealed that 33% of breaches experienced in the last two years were the result of social engineering, ransomware and email phishing. In 2018, 73% of APAC businesses are planning programmes to educate employees in IT security, reflecting a growing awareness that breaches are caused by carelessness and ignorance as much as maliciousness.
Another top concern for organisations is protecting access to the network. Under half (44%) of APAC ITDMs feel confident that they have full visibility and control of all devices with network access. A similar number - 45% - of APAC ITDMs feel confident that they have full visibility of the access level of all third parties who frequently have access to networks, while 52% of APAC ITDMs feel confident that they have full visibility and control of all employees. This lack of confidence in network visibility suggests that this is an area that should be treated as a top concern for organisations. Yet, basic security measures like network segmentation are only being planned by 26% of APAC businesses in 2018. Without network segmentation, malware entering a network will often be left to spread.
When asked about what they would have done differently over their career in security, 46% of APAC ITDMs wish they had invested more in employee security awareness training to prevent a security breach. Educating users can lessen the chance that they become victims of an intrusion attempt.
In 80% of breach incidents, in the first instance the APAC board blames the IT department – either a specific individual (34%) or the department as a whole (47%). Employees outside the IT department get blamed in 30% of breach incidents, even though they are often recognised as the weakest link. The IT department can no longer be the only one responsible when it comes to a breach. Bring your own device (BYOD) trends and the Internet of Things (IoT), the use of cloud-based applications, and shadow IT, all extend the security responsibility to the broader organisation − and employees.
In 2017, ITDMs investments ranked the following as their No. 1 investment:
· 35% - New security solutions and services
· 27% - Upgrading security solutions
· 21% - Implementing security policies and process
· 9% - Employee training
· 4% - Auditing and assessment
Continued technological investment allows businesses to keep pace with malicious attacks and prepare for them by implementing a comprehensive security solution. Investments in new and upgraded security solutions will continue in 2018, but 27% of APAC respondents also reveal that investments towards employee training will become one of the top three investment priorities.
Patrice Perche, Senior Executive VP, worldwide sales and support at Fortinet said, “ITDMs continue to prioritise the maintenance and upgrade of their cybersecurity solutions in an attempt to combat today’s cybersecurity adversaries. Although important, other security best practices within their broader cyber and technology strategy are still missed opportunities. In particular, the urgency to prioritise security hygiene, educate with broader awareness, or implement security approaches that leverage automation, integration, and strategic segmentation, is critical to defend against the highly damaging Internet attacks possible in our near future.”
In October, Fortinet shared that:
Board members are not treating cybersecurity as a top priority
· ITDMs feel strongly that cybersecurity should become a top management priority with 79% of the respondents saying that the board should actually put IT security under greater scrutiny.
· Forty-four percent of ITDMs in APAC believe that IT security is still not a top priority discussion for the board. This has not affected affect budgets nevertheless since 64% of enterprises stated that they spend over 10% of their IT budget on security, which is a high investment.
· Nearly three quarters (73%) of the surveyed respondents said their IT security budget has increased from the previous year.
Three key drivers for cybersecurity are becoming a top priority
· Rise in security breaches and global cyberattacks: The scale and profile of global cyberattacks is bringing security to the attention of the board. Security is no longer just an IT department discussion.
· Increased pressure from regulators: Another important driver of board awareness is the proliferation of regulation, 37% of APAC respondents reported. With major fines threatening the bottom line, such as the impending GDPR compliance for European data, the board now has a mandate to take interest.
· Transition to the cloud as a catalyst for security priorities: As organisations look at migrating to the cloud as part of their digital transformation, 80% of IT security decision makers in APAC believe that cloud security is becoming a growing priority. Eight in 10 respondents also affirm that cloud security – along with the investment in security to support it – is becoming a key priority for the board. As a result, half of those surveyed (55%) are planning investment in cloud security in the next 12 months.
Explore:
Sign up for weekly FortiGuard intel briefs
Join the open beta of Fortinet’s FortiGuard Threat Intelligence Service
*The 2017 Fortinet Global Enterprise Security Survey was undertaken on behalf of Fortinet by independent market research company Loudhouse to examine changing attitudes towards security in business in July/August 2017. The global survey of IT decision makers with responsibility/visibility of IT security received 1,801 anonymised respondents across 16 countries (US, Canada, France, UK, Germany, Spain, Italy, Middle East, South Africa, Poland, Korea, Australia, Singapore, India, Hong Kong, Indonesia). Respondents to the online questionnaire were not aware of the purpose or sponsor of the report.
No comments:
Post a Comment