Story image

LogRhythm report casts damning eye on enterprise security tactics

26 Apr 17

LogRhythm’s latest cyber resiliency report casts a damning look into the state of Asia Pacific organisations in Hong Kong, Australia, Singapore and Malaysia.

Organisations may be taking too much for granted, as the report found that 80% are confident their data has not been compromised, yet only 44.5% proactively conduct cyber risk assessments. 50% of organisations also believe their data will not be compromised in the next 12 months.

“It is encouraging to hear that Asia-Pacific enterprises are confident about their resiliency against cyberthreats. However, these enterprises must ensure that their sense of confidence is not misplaced by proactively conducting cyber risk assessment within their organisation,” comments Bill Taylor-Mountford, LogRhythm’s VP of Asia Pacific and Japan.

The survey found that more than 55% do not conduct a risk assessment study - or will only conduct one after a breach or suspected breach has occurred.

“A risk assessment study will help organisations accurately understand where they are placed in the security maturity model. This is by far, the best way to measure an organisation’s cyber resilience. The survey revealed that organisations in the region, are rather more complacent – performing risk assessment test only after a breach,” Taylor-Mountford says.

The statistics also show that 16% of Australian enterprises do not have an action plan in place for data breaches - the highest out of the four countries. This suggests a reactive rather than a proactive approach, LogRhythm states.

What is causing Asia-Pacific organisations to neglect their security? The results found that the main barriers are budgetary constraints and a sheer lack of experience dealing with breaches. 

However, respondents said they are likely to outsource if they need 24/7 protection. Hong Kong rates highest in the outsourcing ranks, while Australian, Singaporean and Malaysian respondents are more likely to manage it in-house.

Frost & Sullivan industry principal analyst Charles Lim says that organisations cannot remain reactive to cyber threats.

“A passive stance and legacy threat detection software do not suffice if we want to win the war against cybercrime. To do this effectively, more enterprises need to shift from a reactive model focusing on perimeter defense tools to a holistic approach combining security intelligence, analytics and human expertise. This is therefore no longer a choice, but a necessity,” Lim says.

The Asia-Pacific cybersecurity market is set to reach US$30.39 billion by 2020, according to research firm ASD.

LogRhythm believes that intelligence and analytics tools, in combination with more complex threats, means threat mitigation must be managed with proficiency.

“Forward-thinking organisations are more proactive in the way they see cyber-attacks. While they know that a resilient enterprise is not one that won’t be breached, they are always ready, and able to quickly detect and respond to any potential breach. It is because of this mindset that they will less likely suffer from any material business impact even if they were breached,” Taylor-Mountford concludes.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).