Story image

Managing cyber risk top priority, but challenges remain

11 May 2016

Managing cyber risk is a top priority for businesses in the Asia Pacific region, yet vulnerability management strategies lag behind, according to new research from Tenable Network Security.

The regional survey of information security professionals found that 80% of companies attacked in 2015 lacked sufficient vulnerability management capabilities.

Conducted by Forrester Consulting on behalf of Tenable, the survey evaluated perceived challenges, drivers and benefits of various vulnerability management strategies and investments based on responses from information security professionals.

Ron Gula, Tenable Network Security CEO, says, “Some of the pain points identified by the respondents, such as difficulties with remediating breaches across security and operations, prioritising vulnerabilities and mobile and cloud threat monitoring, are a natural consequence of the evolving threat environment.

“In order to overcome these challenges and deliver a comprehensive security solution that adequately assesses and mitigates cyber risk, security decision makers need to re-evaluate their processes and technologies against industry best practices.” 

According to survey results, one of the top security priorities of companies is protecting customer data, with a focus on application security, data security and protection of customers’ personal information.          

Despite their customer focus, only 22% of security decision makers performed continuous vulnerability assessments to monitor their environments for new threats. The majority of respondents (44%) conducted scans periodically, while 28% performed scans monthly. 

Managing risk a top priority

The survey found 46% of respondents cited reducing risk and improving security posture as the highest ranking security priority of all strategic IT objectives for companies in the Asia Pacific region. The survey elaborated that vulnerability management solutions are currently shifting to a risk focus, deviating from a traditional focus on compliance. 

Security decision makers strive to help their companies understand risks to assets in their IT environments, as 40% of the respondents stated that their vulnerability management programmes are mainly strategic. In fact, 37% of the respondents also said that their vulnerability management programmes focus on a combination of compliance and risk management.

Cyber security is a pressing issue, as the study discovered that 80% of companies have been attacked at least once in the past 12 months, with phishing and DNS-based attacks being the most common. The potential vulnerabilities of companies are compounded as new technologies and devices are introduced by employees, customers and partners.

Such attacks significantly affect the business, ranging from internal consequences such as decreased productivity (53% of respondents said that the impact of this was ‘severe’ or ‘very severe’) and increased operational expenses (60%) to detriments such as brand damage (51%), resulting in lost customer trust (57%) and lost revenue (51%).

“The size and complexity of Asia Pacific combined with the unique political, socioeconomic and cultural distinctions, make cyber security a major challenge for this region,” says Gula.

“The security industry needs to help organisations in the region safeguard critical corporate assets, conform to the product and service standards their customers demand, and to help protect them from detrimental effects of cyber attacks to reputation and business continuity," he says.

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.