Telstra today released its Cyber Security Report 2017, which shows that more than half of organisations (59 per cent) surveyed in Asia have detected a business interrupting security breach at least once a month.
The Telstra Cyber Security Report is an annual research paper aimed at assisting businesses in the Asia Pacific region to detect, mitigate and improve awareness of cyber-attacks. The study paints a mixed view of the state of cyber security in Asia, most alarming is the increase and regularity of cyber-attacks on businesses, while cloud security came up as a major security issue for Asian organisations.
The findings indicate that businesses in India are most at risk to cyber security attacks, with organisations in the country experiencing the highest number of weekly security incidents of all Asian countries surveyed (14.8 per cent). India is followed closely by Hong Kong, with 14.7 per cent experiencing weekly incidents. On the other end of the scale, organisations in Singapore appeared to be the most resilient with the least number of incidents occurring weekly.
Telstra’s Director of Security Solutions, Neil Campbell, said with the rapid growth in the number and variety of connected devices and applications, including emergence of the Internet of Things and virtual cloud environments, the surface area for cyber security threats continues to grow considerably year on year.
“Businesses in Asia are dealing with unprecedented security and business challenges. Many of these are fueled by mobility, cloud based service offerings and the need to have an environment that adapts to the way users want to work and interact. Organisations must invest in appropriate security initiatives in order to reap the benefits of innovative technologies, like Cloud and IoT devices, as they emerge,” said Mr. Campbell.
Ransomware on the rise
Ransomware attacks were also amongst common security breaches with one in four organisations across the region experiencing an attack on a monthly basis. Approximately half of those affected indicated that they paid the ransom, however, nearly 40 per cent of organisations that paid the ransom did not recover their files.
“When it comes to cybercrime, our research shows that there is no such thing as honour among thieves. If businesses choose to pay a ransom to criminals, they are taking a major gamble,” said Mr. Campbell.
Cloud adoption outpacing security teams’ ability to manage risk
While 93 per cent of businesses in Asia are using cloud services, respondents still view the adoption of cloud services as a significant security challenge. Six in ten businesses see theft of corporate data as a major threat in adopting cloud services, yet only 43.1 per cent feel that they are ready to handle this risk.
“We’re seeing more organisations turning to the cloud to improve agility and flexibility, as well as improving collaboration and reducing costs. With this, businesses are opening themselves up to a number of security risks but what needs to be considered is that these are just like any other business risks. The only difference is that they are a relatively new form of risk, and as such they require a new way of thinking. One of the most effective ways to prevent and mitigate such threats is by increased C-level responsibility,” said Mr. Campbell.
Greater C-level involvement
In comparison to the Telstra Cyber Security Report 2016, there has been an increase in C-level executives taking primary responsibility for security incidents, as well as being more actively involved in prevention and mitigation initiatives.
C-level executives in Asia are perceived to be the primary stakeholders in taking responsibility for security incidents which has increased from 35 per cent in 2015 to 65 per cent in 2016. This significant responsibility shift may reflect the growing involvement of the C-suite executives in the cyber security strategy and responsibility within their organisations.
“The good news is that over two out of three C-level executives in Asia now have high involvement in their cyber security initiatives. This is a signal that cyber security is now recognised as an all-of-business issue, not just an IT issue, requiring an approach involving people, process and technology,” said Mr. Campbell.
Other key findings from the research include:
- The growth in cyber-attacks and incidents across Asia has resulted in a heightened awareness of the business impacts such risks can have. This has in turn led to increased IT security spend with close to 94.7 per cent of organisations in Asia increasing their security budget this year.
- Phishing email attacks were the most common cyber security issue reported, with more than 30 per cent of organisations experiencing at least one attack each month.
- ‘Network attack or outage’ was ranked as the top threat with the adoption of cloud services by respondents from Singapore, unlike the rest of the Asia region which cite “theft of company data” as the number 1 potential risk as a result of adopting cloud services.
Telstra Cyber Security Report 2017
Telstra commissioned Frost and Sullivan to survey 360 senior IT leaders and C-suite executives across Australia and Asia to explore the current cyber security landscape and inform businesses how to best manage and mitigate their cyber risks. To download a full copy of the 2017 Cyber Security Report, click here.