Managing risk has been cited by Asia Pacific’s information security practitioners as a top priority for their companies, yet demonstrated that their use of vulnerability management is inadequate and that attacks are reaching the vast majority of organisations, according to the findings of he Technology Adoption Profile (TAP) study entitled Vulnerability Management Trends in Asia Pacific.
The TAP survey, an April 2016 commissioned study conducted by Forrester Consulting on behalf of Tenable, evaluated perceived challenges, drivers and benefits of various vulnerability management strategies and investments based on responses from information security professionals in Australia, China, Japan, New Zealand and Singapore.
“Some of the pain points identified by the respondents, such as difficulties with remediating breaches across security and operations, prioritising vulnerabilities and mobile and cloud threat monitoring, are a natural consequence of the evolving threat environment,“ said Ron Gula, CEO, Tenable Network Security. “In order to overcome these challenges and deliver a comprehensive security solution that adequately assesses and mitigates cyber risk, security decision makers need to re-evaluate their processes and technologies against industry best practices.”
According to survey results, one of the top security priorities of companies is protecting customer data, with a focus on application security, data security and protection of customers’ personal information.
Despite their customer focus, only 22 percent of security decision makers performed continuous vulnerability assessments to monitor their environments for new threats. The majority of respondents (44 percent) conducted scans periodically, while 28 percent performed scans monthly.
Managing Risk a Top Priority
Forty-six percent of survey respondents cited reducing risk and improving security posture as the highest ranking security priority of all strategic IT objectives for companies in the Asia Pacific region. The survey elaborated that vulnerability management solutions are currently shifting to a risk focus, deviating from a traditional focus on compliance.
Security decision makers strive to help their companies understand risks to assets in their IT environments, as 40 percent of the respondents stated that their vulnerability management programs are mainly strategic. Thirty-seven percent of the respondents also said that their vulnerability management programs focus on a combination of compliance and risk management.
Cybersecurity is a pressing issue, as the study discovered that 80 percent of companies have been attacked at least once in the past 12 months, with phishing and DNS-based attacks being the most common. The potential vulnerabilities of companies are compounded as new technologies and devices are introduced by employees, customers and partners. Such attacks significantly affect the business, ranging from internal consequences such as decreased productivity (53 percent of respondents said that the impact of this was ‘severe’ or ‘very severe’) and increased operational expenses (60 percent) to detriments such as brand damage (51 percent), resulting in lost customer trust (57 percent) and lost revenue (51 percent).
“The size and complexity of Asia Pacific combined with the unique political, socioeconomic and cultural distinctions, make cybersecurity a major challenge for this region,” said Gula. “The security industry needs to help organisations in the region safeguard critical corporate assets, conform to the product and service standards their customers demand, and to help protect them from detrimental effects of cyber attacks to reputation and business continuity.”