Cybersecurity maturity is generally lacking among organisations around the world, according to findings of the Dimension Data Executive Guide to the 2019 Global Threat Intelligence Report by NTT Security. The report stated that on average, global cybersecurity maturity rating stands at a worrying 1.45 out of 5 – a score determined by an organisation’s holistic approach to cybersecurity from a process, metrics and strategic perspective.
Nevertheless, the report also found that cybersecurity posture isn’t always aligned to risk. This was indicated by the fact that in every region, the most “cyber mature” sectors, particularly finance and technology, were also the most attacked in 2018.
The findings, and more, were shared and discussed at Dimension Data’s roundtable session titled ”2019 Call to Action: Dealing with Destructive Cyber Crime” spearheaded by Mark Thomas, VP of Cybersecurity, Dimension Data Global, in KL this morning.
Sandy Woo, Director of Solution Sales, Dimension Data Malaysia, started the event talking about the acquisition of Dimension Data and integration into the bigger NTT ecosystem of 28 companies, 40,000 worldwide employees and a combined revenue of $11 billion to strengthen its mission to “enable a connected future” in an evolving digital world.
Back to the Global Threat Intelligence Report, Mark explained that after scouring trillions of logs and billions of attacks, the most common types of attack were revealed to be web attacks (doubling since 2017 and accounting for 32% of attacks in 2018), followed by reconnaissance (16%), service-specific attacks (13%) and brute-force attacks (12%). The study also found a steady rise in criminal activities involving cryptojacking (replacing ransomware from previous years), credential theft, while the number of new vulnerabilities discovered was also at an all-time high (up 12.5% from 2017).
In a world that’s constantly changing, he added that we’re seeing an increasing amount of data protection and privacy regulations introduced all over the world has resulted in a more complex compliance landscape. One positive outcome is that in order to meet stricter regulatory compliance, organisations will have little choice but to put cybersecurity firmly on the boardroom agenda and hopefully gain the attention and buy-in of top-level executives to invest in improving their security posture.
Speaking about the business and professional services sector, he said, “Although it comes in at number three of the most targeted sectors, they’re not actually engaged with us at a strategic level, and therefore that opens up their infrastructure to a world of vulnerabilities and risk exposure.”
While it’s typically assumed that the Asia Pacific (APAC) region might be less mature than other regions in terms of cybersecurity readiness, the report found that it’s actually at the global average, outpacing the Americas and Europe. He noted that the technology and finance sectors, although also highly targeted in this region, is better off (in terms of security maturity and readiness) than in many other places.
What’s worrying is that for the APAC region, Mark pointed out that the education sector is more at risk than anywhere else in the world. This is because compared to the global average, its relatively low security maturity despite a constant barrage of attacks will place it at a much greater risk.
Mark emphasised that security is not just the sole responsibility of the IT department, nor is it just about technology since around 70% of attacks are occurring due to the people and process part of the cybersecurity equation. “Security is everybody’s responsibility. It’s about having secure by design. You have to think about security as something that’s attached to every process. And lastly, security has to be holistic.”
“The key here is about getting visibility into your own estate, understanding the gaps and controls that you have so that you can figure out where you need to be and how you can improve your security posture to meet the changing threat landscape,” he continued.
The event ended with a couple of panel discussions – involving security experts from Dimension Data, CyberSecurity Malaysia, Cisco, Recorded Future, and F5 – to provide insights about the most prevalent cyber attacks and share mitigation tips that would help organisations bolster their cybersecurity defences and resilience.
While the discussion touched on a lot of advanced approaches, methods and techniques to prevent cyber attacks and breaches, such as zero trust, artificial intelligence and global threat intelligence, the panellists all agreed that first and foremost, businesses have to focus on strengthening their security foundations. And that includes adequately protecting endpoint devices, ensuring systems are properly patched and updated regularly, staff training, having up-to-date policies and controls, etc.