LogRhythm's latest cyber resiliency report casts a damning look into the state of Asia Pacific organisations in Hong Kong, Australia, Singapore and Malaysia.
Organisations may be taking too much for granted, as the report found that 80% are confident their data has not been compromised, yet only 44.5% proactively conduct cyber risk assessments. 50% of organisations also believe their data will not be compromised in the next 12 months.
“It is encouraging to hear that Asia-Pacific enterprises are confident about their resiliency against cyberthreats. However, these enterprises must ensure that their sense of confidence is not misplaced by proactively conducting cyber risk assessment within their organisation,” comments Bill Taylor-Mountford, LogRhythm's VP of Asia Pacific and Japan.
The survey found that more than 55% do not conduct a risk assessment study - or will only conduct one after a breach or suspected breach has occurred.
“A risk assessment study will help organisations accurately understand where they are placed in the security maturity model. This is by far, the best way to measure an organisation's cyber resilience. The survey revealed that organisations in the region, are rather more complacent – performing risk assessment test only after a breach,” Taylor-Mountford says.
The statistics also show that 16% of Australian enterprises do not have an action plan in place for data breaches - the highest out of the four countries. This suggests a reactive rather than a proactive approach, LogRhythm states.
What is causing Asia-Pacific organisations to neglect their security? The results found that the main barriers are budgetary constraints and a sheer lack of experience dealing with breaches.
However, respondents said they are likely to outsource if they need 24/7 protection. Hong Kong rates highest in the outsourcing ranks, while Australian, Singaporean and Malaysian respondents are more likely to manage it in-house.
Frost - Sullivan industry principal analyst Charles Lim says that organisations cannot remain reactive to cyber threats.
“A passive stance and legacy threat detection software do not suffice if we want to win the war against cybercrime. To do this effectively, more enterprises need to shift from a reactive model focusing on perimeter defense tools to a holistic approach combining security intelligence, analytics and human expertise. This is therefore no longer a choice, but a necessity,” Lim says.
The Asia-Pacific cybersecurity market is set to reach US$30.39 billion by 2020, according to research firm ASD.
LogRhythm believes that intelligence and analytics tools, in combination with more complex threats, means threat mitigation must be managed with proficiency.
“Forward-thinking organisations are more proactive in the way they see cyber-attacks. While they know that a resilient enterprise is not one that won't be breached, they are always ready, and able to quickly detect and respond to any potential breach. It is because of this mindset that they will less likely suffer from any material business impact even if they were breached,” Taylor-Mountford concludes.