Asia Pacific (APAC) organisations’ failure to prioritise cybersecurity is hindering their digital transformation journey, findings of an Asia Pacific study conducted by leading IT analyst firm Frost & Sullivan revealed. The findings were unveiled by Global cybersecurity leader, Forcepoint today.
The study finds that most APAC organisations (83 percent) don’t think about cybersecurity while embarking on digital transformation projects. Although majority of the organisations (72 percent) conduct regular breach assessment to protect themselves against cyberattacks, still 55 percent of them were at risk. The study reveals that Cloud is a key component of digital transformation (69 percent of respondents have adopted cloud) but most organisations think cybersecurity is the responsibility of their cloud service provider.
“It’s clear from this study that many APAC organisations are on the back foot when it comes to enterprise cybersecurity in the borderless organisation,” said Kenny Yeo, Industry Principal, APAC ICT, Frost & Sullivan. “Security leaders need to look beyond perimeter security, leverage automation, and have a better grasp of the psychology of both cybercriminals and their business users. Incorporating behaviour modelling into their IT security architecture is certainly a way to identify potential risks and fend off cyberattacks.”
Digital transformation hindered by cyber risks
The study reveals a big push among APAC organisations, with 95 percent of respondents having embarked on a digital transformation journey, adopting emerging technologies including cloud computing, mobility, Internet of things, and artificial intelligence/ machine learning. However, most organisations, 65 percent of respondents, acknowledged that they are seriously hampered in execution of digital transformation projects due to rising cyber attacks.
One of the key reasons for this is the less mature approach by business leaders to involve cybersecurity when designing digital transformation projects. Eighty-Three percent of the organizations did not consider cybersecurity until after their digital transformation projects had begun.
“Organisations today need to urgently to embrace “secure-by-design” into their digital transformation projects. Adopting a behaviour-centric security approach that focuses on understanding users’ behaviour on the network and within applications to identify behavioural anomalies can mitigate cyber attacks before they happen,” said Alvin Rodrigues, senior director and security strategist at Forcepoint Asia Pacific.
Serious misconceptions around security in the cloud
Cloud has become one of the key components which is leading digital transformation, with 69 percent of organisations adopting cloud. However, 54 percent of respondents perceive that their cloud service provider will take the full responsibility for security. Normally, security and compliance are a shared responsibility between an organisation and the cloud service provider. This serious misconception around responsibility of security in the cloud is resulting in a higher number of cyber attacks.
Existing cybersecurity measures are not proving enough for enterprises to protect against cyber incidents
The finding suggests that the majority of organisations have taken measures to protect themselves against cyber incidents, with 72 percent of them performing breach assessments at least once per quarter. Despite the readiness, 55 percent of organisations were at risk − either they have encountered a security incident before or they didn’t do any checks to assess if they have been breached.
- 35 percent of APAC organisations suffered at least one cybersecurity incident in the last 12 months.
- On a country level, Indian (69 percent) and Australian (63 percent) firms were found to be most at risk of cyber attacks.
Security blind spots in digital transformation
The study reveals the impact digital transformation is having on each organisation’s risk posture. As more digital technology is built into business like cloud and mobility, it is opening each organisation up to more threats. Data exfiltration, impersonation – both theft of digital identity and online brand impersonation − loss of intellectual property and malware infection emerged as the top security blind spots for organisations rolling out digital transformation. These five incidents, the study states, have high levels of business impact and long recovery times.