Story image

Asia Pacific feeling financial brunt of breaches - but it's not all bad news

11 Mar 2019

Asia Pacific firms are feeling the financial impact from cyber breaches more than any other region in the world, according to new insights from Cisco’s 2019 CISO Benchmark Study.  

Last week at Cisco Live Melbourne, the company released new Asia Pacific statistics from the global report. The new insights show that 17% of companies across Australia, China, India, and Japan have felt the financial impact of more than US$5 million from their most severe breach in the last year. This is more than twice the global average of 8%.

Australia and Japan have been most impacted by the financial impact – 47% of Australian respondents and 12% of Japan respondents reported costs greater than US$5 million.

At Cisco Live, Cisco’s vice president of global security sales John Maynard, and director of cybersecurity Steve Moros explained that CISOs are now acknowledging the adage of ‘it’s not about if there’s a breach, but when’.

What’s keeping CISOs up at night? “There is a perennial, sophisticated changing adversary that’s collaborating. The attack surface is increasing exponentially as more devices connect to the network,” Moros and Maynard say.

But it’s not all bad news. The report shows that 39% of Asia Pacific organisations were able to contain the cost of a breach to less than US$500,000.

CISOs are also changing the way their business measures up to key security metrics. In a breach process, there are three main factors: Time to detect, time to patch, and time to remediate.

Now time to remediate is the main metric of measuring security effectiveness but it’s also the most difficult metric, explain Moros and Maynard.

The report adds that 48% of Asia Pacific respondents use time to remediate as the key metric, up from 36% in 2018.

Organisations are still struggling to consolidate alerts across multiple vendors and solutions in their security environment.

In Asia Pacific, 17% of respondents have more than 20 vendors in their environment – compared to 14% globally. However, more than half (54%) have fewer than 10 vendors in their environment.

Moros and Maynard explain that vendor fragmentation is having an impact on security preparedness.

The report shows that 93% of respondents in Asia Pacific said it was somewhat or very challenging to orchestrate cybersecurity alerts from multiple vendor products.

“Companies have traditionally approached building their security capabilities in a piecemeal manner by adopting solutions to address specific challenges at the time,” comments Cisco APJC director of global security sales organisation, Stephen Dane. 

“While this may help patch individual vulnerabilities, it creates a bigger issue as having more point solutions that don’t work together increases their security effectiveness gap.”

He adds that cybercriminals work together – so defenders also need to take a similar collaborative approach. Intelligence sharing is one way of doing that. 

“The first step in that direction is to have strategic approach to building a comprehensive security environment and ensuring that the solutions are integrated and can work together to defend against potential attacks,” he explains.

Moros and Maynard add that Cisco actively collaborates with vendors and intelligence teams. Cisco Talos, the company’s own threat intelligence group, publishes vulnerability information, advisories, and also offers cybersecurity products.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
Adura launches new SOC and MSP in Singapore
The new SOC focuses on the needs of businesses to gain insight into their organization’s security posture and increase their ability to react promptly.