In a worrying sign of complacency, more than 80% of Asia-Pacific organisations did not consider cyber security until after their digital transformation projects had begun, a new survey has found.
And for those that conducted regular breach assessments to guard against cyber attacks, 55% of them were still at risk.
“It is clear from this study that many APAC organisations are on the back foot when it comes to enterprise cyber security in the borderless organisation,” said Kenny Yeo, industry principal at Frost & Sullivan Asia-Pacific, the analyst firm that conducted the study on behalf of Forcepoint.
“Security leaders need to look beyond perimeter security, leverage automation and have a better grasp of the psychology of both cyber criminals and their business users,” Yeo added. “Incorporating behaviour modelling into their IT security architecture is certainly a way to identify potential risks and fend off cyber attacks.”
This lackadaisical attitude towards cyber security comes amid widespread digital transformation initiatives across APAC, with 95% supporting such initiatives through the use of public cloud services, mobility applications, the internet of things and artificial intelligence.
However, 65% of respondents to the survey acknowledged that they were seriously hampered in executing digital transformation projects due to rising cyber attacks.
A top Forcepoint executive said one of the key reasons for this is the less mature approach taken by business leaders to involve cyber security when designing digital transformation projects.
“Organisations today need to urgently to embrace ‘secure by design’ into their digital transformation projects,” said Alvin Rodrigues, senior director and security strategist at Forcepoint Asia-Pacific.
“Adopting a behaviour-centric security approach that focuses on understanding users’ behaviour on the network and within applications to identify behavioural anomalies can mitigate cyber attacks before they happen.”
The study also revealed that 69% of organisations have adopted cloud services, but 54% believe cyber security is the responsibility of their cloud service provider, going against the adage that cyber security is a shared responsibility.
Forcepoint noted that this “serious misconception around responsibility of security in the cloud is resulting in a higher number of cyber attacks”.
Read more about cyber security in APAC
- A security expert has called for businesses to manage the risks of adopting new technologies and improve their cyber hygiene, rather than see AI as a panacea for their security woes.
- Even as Southeast Asia works towards coordinating cyber security strategies, more needs to be done to establish cyber norms.
- Healthcare organisations in the Asia-Pacific region could lose an average of $23.3m to cyber attacks, including losses from productivity and customer churn, a study finds.
- Australia’s privacy watchdog recorded over 800 cases of data breaches, nearly one year into the country’s mandatory data breach notification regime.
For many organisations, these attacks have led to data exfiltration, impersonation, loss of intellectual property and malware infections – the top security blind spots for organisations rolling out digital transformation initiatives.
Across the APAC region, 35% of organisations reported at least one cyber security incident in the last 12 months. Organisations in India (69%) and Australia (63%) were found to be most susceptible to cyber attacks.
Frost & Sullivan polled 400 organisations across key industries in Asia-Pacific in its study, with 100 respondents each from Australia, Hong Kong, India and Singapore. Some 53% of the respondents, mainly C-level executives and senior IT and security leaders, were from large enterprises.