According to the Sophos report The Future of Cybersecurity in Asia Pacific and Japan – Culture, Efficiency, Awareness, based on 100 business decision makers reveals that the success of an organisation’s cybersecurity investment lies on the role of corporate culture and employee education more than just buying technology.
68 percent of business decision makers across Malaysia, believe lack of security expertise is a challenge for their organisation, while 72 percent struggle to recruit skilled talents. Thus, it is common nowadays the IT staff is tasked with security decisions in addition to their other responsibilities.
There is also a cultural issues on attitude and behavior, impacting corporate cybersecurity. In fact, 92 percent of Malaysian organisations believe that in the next 24 months, the challenge will be to improve cybersecurity awareness and education among employees and leadership.
Gavin Struthers, regional vice president for Asia Pacific and Japan, Sophos, says, “This research highlights the everyday struggles of organisations across APJ. Huge gaps exist in finding security expertise and in staying up to date with technology, and this represents a massive opportunity for the channel. To stay relevant, channel partners are encouraged to become more cybersecurity savvy while also passing on the expertise they learn from their trusted security vendors to their customers. Educating customers about best practices, about people and process, is just as important as leveraging innovative technologies to improve their organisation’s security posture.”
Drivers of change
More than 59 percent of organisations anticipate their use of external security partners to rise over the next 12 months. Organisations are increasing their number of partners in a bid to manage phishing, malware and ransomware threats, which were all highlighted as growing concerns by survey respondents.
However, 68 percent of Malaysian organisations are satisfied with their main security providers. According to the survey, most organisations will only consider new cybersecurity solutions or strategies after serious attacks or breaches, or to better support adoption of new technologies, products or services after a cybersecurity incident.
The role of the IT channel
Currently, Malaysian organisations engage vendors for point solutions in traditional outsourcing/licensing contracts. However, in the next 24 months, they predict they will have to engage vendors and service providers on multi-year contracts for holistic solutions and licensing contracts as the IT channel will have a wider role to play in businesses.
Furthermore, there is a growing requirement for the channel to do more. 37 percent of the respondents want partners to demonstrate that they understand their business, and a another 39 percent are looking for partners to provide comprehensive end-to-end support.
“Security is hard. We all know it. Sophos’ survey highlights the constant challenge presented by the evolving security landscape and never-ending search for skills and best practices to help organisations overcome these threats. What does it really mean to ‘be secure’? Ultimately, security is about managing risk. To do that effectively, IT managers must be able to identify key areas where their team’s actions will have an outsized impact on protecting their organisation, employees and the data their company has been entrusted with,” said Chester Wisniewski, principal research scientist, Sophos.