Story image

LogRhythm report casts damning eye on enterprise security tactics

26 Apr 2017

LogRhythm’s latest cyber resiliency report casts a damning look into the state of Asia Pacific organisations in Hong Kong, Australia, Singapore and Malaysia.

Organisations may be taking too much for granted, as the report found that 80% are confident their data has not been compromised, yet only 44.5% proactively conduct cyber risk assessments. 50% of organisations also believe their data will not be compromised in the next 12 months.

“It is encouraging to hear that Asia-Pacific enterprises are confident about their resiliency against cyberthreats. However, these enterprises must ensure that their sense of confidence is not misplaced by proactively conducting cyber risk assessment within their organisation,” comments Bill Taylor-Mountford, LogRhythm’s VP of Asia Pacific and Japan.

The survey found that more than 55% do not conduct a risk assessment study - or will only conduct one after a breach or suspected breach has occurred.

“A risk assessment study will help organisations accurately understand where they are placed in the security maturity model. This is by far, the best way to measure an organisation’s cyber resilience. The survey revealed that organisations in the region, are rather more complacent – performing risk assessment test only after a breach,” Taylor-Mountford says.

The statistics also show that 16% of Australian enterprises do not have an action plan in place for data breaches - the highest out of the four countries. This suggests a reactive rather than a proactive approach, LogRhythm states.

What is causing Asia-Pacific organisations to neglect their security? The results found that the main barriers are budgetary constraints and a sheer lack of experience dealing with breaches. 

However, respondents said they are likely to outsource if they need 24/7 protection. Hong Kong rates highest in the outsourcing ranks, while Australian, Singaporean and Malaysian respondents are more likely to manage it in-house.

Frost & Sullivan industry principal analyst Charles Lim says that organisations cannot remain reactive to cyber threats.

“A passive stance and legacy threat detection software do not suffice if we want to win the war against cybercrime. To do this effectively, more enterprises need to shift from a reactive model focusing on perimeter defense tools to a holistic approach combining security intelligence, analytics and human expertise. This is therefore no longer a choice, but a necessity,” Lim says.

The Asia-Pacific cybersecurity market is set to reach US$30.39 billion by 2020, according to research firm ASD.

LogRhythm believes that intelligence and analytics tools, in combination with more complex threats, means threat mitigation must be managed with proficiency.

“Forward-thinking organisations are more proactive in the way they see cyber-attacks. While they know that a resilient enterprise is not one that won’t be breached, they are always ready, and able to quickly detect and respond to any potential breach. It is because of this mindset that they will less likely suffer from any material business impact even if they were breached,” Taylor-Mountford concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.