APAC companies bolster cybersecurity amid increasing attacks and talent drain
Companies across Asia Pacific (APAC) are ramping up their cybersecurity measures in response to a troubling rise in cyber attacks, according to new research by cybersecurity company Kaspersky, which revealed 77% of APAC businesses experienced at least one cyber incident within the last two years.
The study attributing these incidents largely to a lack of adequate threat detection tools and shortages of in-house IT security personnel.
The research surveyed 234 IT security professionals in APAC, including small-to-medium enterprises (SMEs) and corporations, to better understand the human impact on cybersecurity within companies.
The study found the primary reasons for cyber incidents were a lack of necessary threat detection tools (20%) and a shortage of internal IT security staff (24%). Of those affected, 87% characterised the incidents as serious.
In response to the urgent shortage of local cybersecurity expertise, 57% of APAC companies surveyed plan to invest in outsourcing their cybersecurity requirements over the next 12 to 18 months.
"Businesses in APAC have been battling a shortage of local cybersecurity professionals for years now. Clearly, the result of our recent study put a definite number on how this gap can take a toll on enterprise security," says Adrian Hia, Managing Director for Asia Pacific at Kaspersky.
A variety of approaches is being considered to address these cybersecurity gaps, according to survey responses. Some 32% of respondents suggested engaging more external specialists, while one quarter of organisations (34%) are planning to invest in third-party professional services.
Similarly, as many as 34% of respondents are aiming to outsource cybersecurity to MSP/MSSPs (Managed Service Providers/Managed Security Service Providers). The industries most likely to invest in third-party services in the near future include critical infrastructure, energy, oil and gas companies.
While turning to external experts appears to be a favoured solution, many organisations are also actively looking into automating their cybersecurity processes. Over half of businesses in the region (51%) have concrete plans to introduce software that automatically manages their cybersecurity in the next 12 months. Another 15% are discussing this possibility.
Outsourcing and automation can provide a lifeline for organisations struggling with a lack of expertise and overload of alerts, according to Ivan Vassunov, VP, Corporate Products at Kaspersky.
"Cybersecurity vendors, Managed Service Providers, Managed Security Service Providers are the companies that have relevant expertise, all the necessary tools, and can manage cybersecurity effectively for customers of any size… Automation tools provided by cybersecurity vendors is another way an organisation can strengthen its cybersecurity," Vassunov says.
To help businesses manage potential shortages of in-house tools or IT security staff, Kaspersky recommends employing the services offered by managed security providers, adopting automated scripts, and investing in cybersecurity training to ensure that IT security specialists' skills are always updated and equipped.