- More than one in five (23%) organisations in Asia Pacific have experienced downtime of 24 hours or more after their most severe cybersecurity breach compared to just 4% globally
- More than one in five (23%) companies saw a financial impact of US$2.5 million or more from their most significant breach in the past year
Organisations in Asia Pacific are facing longer downtimes and higher financial costs from cybersecurity breaches compared to the global average, according to Cisco's 2019 Asia Pacific CISO Benchmark Study*. CISO stands for chief information security officer.
According to the study, 23% of companies in Asia Pacific experienced a downtime of 24 hours or more after their most severe breach in the past one year, compared to just 4% globally. The Asia Pacific number is more than double the number from 2018, when 9% of organisations in the region suffered downtime of 24 hours or more.
Longer downtimes often result in higher financial costs. This was evident across the region as 23% of companies said their most significant breach in the past year cost them US$2.5 million dollars or more, compared to 15% globally.
The study, based on close to 2,000 security professionals from across the region, highlights that security practitioners in Asia Pacific are being kept busier than their global counterparts.
Globally, 35% of respondents reported receiving more than 10,000 threat alerts a day. In Asia Pacific, that figure is even higher at 46%. The real challenge lies in what comes after the alert is received, says Cisco. Typically, a portion of the alerts are investigated, with a smaller proportion of those found to be a genuine risk, followed by some which are eventually remediated.
According to the study, we are falling behind. Companies in Asia Pacific investigated 44% of the threats, down from 56% percent in 2018. Of the threats that were investigated and found to be genuine, only 38% percent were remediated. In 2018, more than half (53%) were addressed.
Stephen Dane, MD of Cybersecurity, Asia Pacific, Japan and Greater China, Cisco, said: “As digital maturity and adoption increases across the Asia Pacific region, we will see more users and devices come online. While this means greater opportunity for businesses, it also means that the attack surface will increase exponentially, exposing businesses to more threats and cyber risks. Security can no longer be an afterthought; it needs to be the underlying foundation behind the success of any digitalisation effort.”
Cyberattacks are evolving rapidly. Hackers are no longer just targeting IT infrastructure, but have started to attack operational infrastructure, intensifying the challenge for companies. In Asia Pacific, 25% of respondents have already experienced an attack on their operational infrastructure (versus 21% globally), and 73% expect this trend to increase in the next year (versus 64% globally).
The study also highlights that solutions from multiple vendors is adding to the complexity for security professionals. Four in 10 (41%) companies in Asia Pacific are using more than 10 vendors, compared to 39% globally. Six percent are actually using more than 50 vendors, compared to 3% globally.
When asked how challenging it is to manage a multivendor environment, 88% admitted that it was "somewhat" or "very challenging" to orchestrate multiple vendor alerts. This is in line with the global trend. Close to eight in 10 (79%) of respondents across the world highlighted this as an issue.
“Complexity due to a multivendor environment and the increased sophistication of businesses with OT networks and multicloud adoption continue to challenge security practitioners in Asia Pacific.
"As organisations look to reduce the impact of a cybersecurity breach, they need a simplified and systematic approach to security in which solutions act as a team, and learn, listen and respond as a coordinated unit,” said Dane. OT stands for operational technology.
Ben Munroe,
Director of Product Marketing
at Cisco, said that security companies tend to shop for a new product
when they are faced with new regulations or new types of attacks. This
leads to the 'swivel chair problem', where the security team has to
monitor many different screens with different information. "They're
constantly moving between these different platforms," he noted.
Dane noted that with the information overload, businesses are not able
to actually act on the intelligence quickly enough to get a positive
outcome.
"The efficiency piece isn't there but the investment in the technology
is so that's causing more problems than it's helping," he said.
Another
challenge is the lack of human resources. "(People) talk like it's a
problem that can be solved with people but now there are 3.5 million
vacancies. We
have to build solutions in a different way. (People) are not sitting
around waiting for a job somewhere," Munroe said.
“One way for organisations to simplify security is by considering a zero trust approach which looks at security in three key areas - workforce, workload and workplace. Doing so enables organisations to protect users and their devices against stolen credentials, phishing and other identity-based attacks, manage multicloud environments and contain lateral movement across the network," added Jeff Reed, Senior VP, Product, Security Business Group, Cisco.
A zero trust approach is one where users are allowed access to their company's information or technology only after authentication, which each transaction requiring fresh authentication. Users are also given only enough access to do their jobs, and no more. The approach is operationalised under:
Workforce
Protect users and their devices against stolen credentials, phishing and other identity attacks
Workload
Manage multicloud environments and contain lateral movement across the network. Lateral movement describes is a hacking technique similar to a burglar physically getting into a building and then looking for keys and passwords to get into other rooms. A cybercriminal would basically try to gain access to any resources encountered after a cyberbreach so as to gain more and more control over a company's data, network and other infrastructure.
Workplace
Gain insights into users and devices, identify threats and maintain control over all network connections.
Other key regional trends that emerged from the study include:
- The top three barriers for adopting advanced security technologies in Asia Pacific are budget constraints (35%), lack of trained personnel (29%) and lack of knowledge about advanced security processes and technology (29%).
- Some organisations don’t know how many vendors or products exist in their environment
Security teams are facing active adversaries who are well-funded and endlessly patient, and other perennial challenges that never seem to go away, like keeping an accurate inventory of users, applications, and devices.
- Cybersecurity fatigue levels have risen significantly from 2018
Cybersecurity fatigue is defined as defenders giving up trying to stay ahead of malicious threats and actors. According to Cisco, this is a sign that security teams have become overwhelmed by the amount of security alerts they receive, and are mired in constantly putting out fires, instead of proactively building an effective security strategy.
Explore:
Read Anticipating the Unknowns: 2019 Asia Pacific CISO Benchmark Study Regional Overview (PDF)
*Surveying almost 2,000 security leaders across 11 countries in Asia Pacific, from organisations of 100–499 employees to large enterprises and the public sector, Cisco gathered data in four areas where security decision-makers carry out their charges:
• Cybersecurity culture
• Security alerts and the impact of data breaches
• Cybersecurity trends: cloud and operational technology threats
• The defenders’ approach on managing vendors
No comments:
Post a Comment