“RSA Says: End Dependency on Perimeter-based Security”
At RSA Conference 2016 recently, it was shared that about three quarters of Asian organizations are still faced with significant risk, being exposed to some form of major IT security exposure and compromised over the last 12 months.
More precisely, the latest RSA Cybersecurity Poverty Index found that 74% of survey respondents in the APJ region face a significant risk of cyber incidents – closely aligned to the global average of 75%. More than 200 respondents from the Asia Pacific Japan region participated in the 2016 RSA Cybersecurity Poverty Index.
Amit Yoran, President of RSA attributed this to the current popular practice of businesses primarily utilizing perimeter-based solutions, instead of investing in detection and response technologies are better poised to defend against today’s advanced threats, in comparison to those
“We need to look beyond the false hope of perimeter-based security, because hunches are not longer sufficient. Cyber security efforts to be focus around ‘Business-Driven Security’ by driving up visibility to catch on all kinds of anomalies that happen in the network. It is no longer about point products, malware, sandboxing – all of these only addresses a thin sliver of cyber security. And for visibility, advanced analytics holds one of the biggest promise in cyber security.”
70% of APJ-based respondents had experienced cyber incidents that negatively impacted their business operations in the past year. Only 23% of those organizations considered their cybersecurity strategy mature. The results also showed that organizations often delay investing in cybersecurity until they’ve undergone a major incident – typically one that impacts critical business assets.
- The strongest reported maturity levels were in the area of Protection. However, perimeter-based defense solutions are proving to be increasingly ineffective over time as cyber threats become more advanced.
- The categories of Response and Detection were ranked least mature in the region. Organizations must focus on executing preventative strategies and improving capabilities that offer complete visibility to detect and respond to advanced threats before they can impact the business.
The inability of organizations to quantify their Cyber Risk Appetite (the risks they face and the potential impacts on their organizations) makes it difficult to prioritize mitigation and investment, a foundational activity for any organization looking to improve their security and risk posture.
Nigel Ng, Vice President, APJ, RSA, The Security Division of EMC said,“Over the next few years, we are bound to face more vulnerabilities as technology and internet penetration in the region is set to grow in parallel alongside sophisticated cyber threats. Especially so in Southeast Asia, which is now the world’s fastest-growing Internet region globally, where the internet user base is expected to double to 480 million by 2020.
So it is more important than ever for organizations of all sizes to acknowledge weaknesses, review their cybersecurity strategies and move beyond conventional approaches – like perimeter-based protection — when thinking about security. ”
RSA Conference 2016 in Singapore is expected to be visited by 5,000 participants and attendees, growing from just 4 years of being held in ASEAN. This is an extremely encouraging figure as put by Amit Yoran, who shared that RSA Conference in San Francisco took 8 years to achieve the same number.