During a partners and media conference held in Kuala Lumpur this week, Forcepoint unveiled the findings of an Asia Pacific (APAC) study conducted by IT analyst firm Frost & Sullivan, revealing that Asia Pacific (APAC) organisations’ failure to prioritise cybersecurity is hindering their digital transformation journey.
The survey of C-level executives and senior IT and security decision-makers from enterprises as well as SMEs found that a large majority of APAC organisations (83%) do not place emphasis on cybersecurity while embarking on digital transformation projects. Even though most of the organisations (72%) do conduct regular breach assessments in order to protect themselves against cyber attacks, over half (55%) of them were still at risk.
“It’s clear from this study that many APAC organisations are on the back foot when it comes to enterprise cybersecurity in the borderless organisation,” said Kenny Yeo, Industry Principal, APAC ICT, Frost & Sullivan. “Security leaders need to look beyond perimeter security, leverage automation, and have a better grasp of the psychology of both cybercriminals and their business users. Incorporating behaviour modelling into their IT security architecture is certainly a way to identify potential risks and fend off cyber attacks.”
Digital transformation hindered by cyber risks
The study reveals that 95% of APAC organisations have embarked on a digital transformation journey of some kind, adopting emerging technologies including cloud computing, mobility, internet of things, artificial intelligence and machine learning. Nevertheless, most of the respondents (65%) acknowledged that the execution of their digital transformation projects is severely hampered due to escalating cyber attacks.
This can be attributed to the less mature approach by business leaders when it comes to involving cybersecurity when designing digital transformation projects. The study found that 83% of the organisations surveyed did not consider cybersecurity until after their digital transformation projects had begun.
“Organisations today need to urgently to embrace “secure-by-design” into their digital transformation projects. Adopting a behaviour-centric security approach that focuses on understanding users’ behaviour on the network and within applications to identify behavioural anomalies can mitigate cyber attacks before they happen,” said Alvin Rodrigues, senior director and security strategist at Forcepoint Asia Pacific.
Serious misconceptions around security in the cloud
Unsurprisingly, cloud has become one of the key components which are leading digital transformation initiatives, with 69% of organisations adopting cloud. However, 54% of respondents mistakenly perceive that their cloud service provider will take full responsibility for security and compliance when it should be a shared responsibility between an organisation and the cloud service provider. This serious misconception around security responsibility in the cloud is resulting in a higher number of cyber attacks.
Existing cybersecurity measures are not proving enough for enterprises to protect against cyber incidents
While the majority of organisations have taken measures to protect themselves against cyber incidents, with 72% of them performing breach assessments at least once per quarter, the study found that 55% of them were at risk − either they had encountered a security incident before or they didn’t do any checks to assess if they have been breached.
Security blind spots in digital transformation
Lastly, the study reveals the impact digital transformation is having on each organisation’s risk posture. As more digital technologies, such as cloud and mobility, are built into business, it is opening each organisation up to more threats. Data exfiltration, impersonation – both theft of digital identity and online brand impersonation − loss of intellectual property and malware infection emerged as the top security blind spots for organisations rolling out digital transformation. These five incidents, the study states, have high levels of business impact and long recovery times.