The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) study revealed over half (54 percent) organisations in Southeast Asia (SEA) have not exercised regular patching and software update installations.
The study was obtained after interviewing a total of 5,266 IT business decision-makers across 31 countries in June 2020, 375 of which are from Southeast Asia/ The study was carried to identify their security level, type of threat and cost to bear when recovering from breach attacks.
The recent Kaspersky report, ‘How businesses can minimise the cost of a data breach’ showed that 38 percent of SMBs (small and medium businesses) and a 48 percent of enterprises from SEA are still working with unpatched operation systems. In addition, 33 percent of SMBs and 43 percent of enterprises from the region are still guilty of using out-of-date software.
Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky mentioned that organisations must take a serious note on working towards installing the latest software version, updates, and regular patching to prevent the data breach and risk of exploitation.
“It may seem costly for companies to renew their software or opt for their legal versions especially at this time of an unprecedented crisis. It is, however, an investment that can save you money in the long- run. In fact, our research showed that enterprises using obsolete or unpatched systems will pay US$437,000 more in case of a data breach, a 126 percent increase compared with the projected cost of US$354,000 for those companies without such outdated technologies,” he added.
Additionally, SMBs in SEA can also save the attack costs by nine percent if they use updated and legal software, with US$94,000 being the toll of a single data breach against a small-to-medium-sized organisation with obsolete operating systems.
Almost half (49 percent) of both SMBs and enterprises from the region also admitted to experiencing cyberattacks because of unpatched vulnerabilities in the software applications and devices they use. This is nine percent more than the global average of 40 percent.
In identifying the reason to remain guilty and refusal to work with new software and devices, 57 percent employees said it was made an exception for them. Meanwhile, 52 percent respondent claimed their in-house apps that cannot run on new devices or operating systems. 45 percent of companies believe that they belong to C-level staff and exclude them from update plan.
Lastly, companies that have a lack of resources to update all at once are recorded at 17 percent.
Understanding the current cash flow dilemma of companies in SEA, Kaspersky offers savings for its latest Kaspersky Endpoint Detection and Response Optimum (KEDRO) solution for new and existing customers valid on 10-999 nodes across the region until March 31.
Kaspersky also suggests the following measures to save money and minimise the risk of data breaches resulted from software vulnerabilities:
1. Ensure the organisation is using the latest version of its chosen operating systems and applications, with auto-update features enabled so that the software is always up to date.
2. If it is not possible to update software then organisations are advised to address this attack vector through smart separation of vulnerable nodes from the rest of the network, along with other measures.
3. Enable the vulnerability assessment and patch management feature in an endpoint protection solution. This can automatically eliminate vulnerabilities in infrastructure software, proactively patch them and download essential software updates.
4. It is important to boost security awareness and practical cybersecurity skills for IT managers, as they are at the frontline of IT infrastructure updates. A dedicated Security for IT Online training course can help.
5. For critical IT or operational technology systems, it is important to always be protected regardless of any available software updates. This means they should only enable activity that is predetermined by the purpose of the systems. KasperskyOS supports this concept of cyber- immunity and can be used to build IT systems that are secure by design.