Sophos recently unveiled The Tech Research Asia (TRA) report, which says that organisations in APJ face a series of cybersecurity shortcomings in the areas of education, company culture, skills, budgeting and operational management.
There are greater challenges in overcoming shortcomings in the area of security training, company culture, budgeting, operational management and skilling. The research is based on evidence of 900 decision makers from cyber and information security in Australia, India, Japan, Malaysia, the Philippines and Singapore Australia, India, Japan, and Malaysia.
Key Security realties in APJ :
To improve efficiency and effectiveness of cybersecurity, investments are required. Otherwise organisations will continue to slip into a downward spiral of chasing quick-fixes for new threats. Companies will experience sub-optimal results for spending and struggle to be proactive, rather repeatedly having to react to incidents and breaches.
The following research results are presented in three sub-sectors (The Security Setup, The Security Journey and The Future of Security).
From the first segment it is evident that perceived security maturity remains low, with less than one third of respondents self-reporting that they are at the top “optimised” maturity level (where processes are monitored and are frequently improved and tailored to the unique needs of the organisation).
The data suggests that India, Australia and Singapore have higher levels of security maturity (combined data points of ‘quantitative’ and ‘optimising’ scores) relative to Japan, Malaysia and the Philippines. The survey reported that those organisations had a cybersecurity team in place that could properly detect, investigate and respond to threats, 59% of Indian companies and 47% of those in Australia stated ‘no’. This is a clear case of perceptions being somewhat different to reality, with the contrast suggesting that maturity levels can be highly subjective unless properly quantified and regularly tested.
The graph below further states the survey opinion of respondents for further help that is required leading to security maturity for e.g. budgets being too low, recruiting skills is difficult, and staying up to date is a challenge. These factors that contribute to security maturity and indicate much more work is required to improve overall security posture.
It is further clear from the data that organisational structure and non-technical issues are felt across APJ and may be contributing to a low level of maturity. The ‘dual-hat’ organisational approach to leading cybersecurity, where a CIO or CTO also assumes CISO authority, emerged in the roundtable discussions as a pragmatic and option for many organisations.
(Image Courtesy: www.csoonline.com)