SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
APAC unprepared to weather storm of cybersecurity breaches
Wed, 20th Apr 2022
FYI, this story is more than a year old

Sixty eight percent of enterprises in Asia Pacific suffered from at least on security breach in 2021, according o a new report from Forrester.

The State Of Enterprise Breaches report found organisations in APAC took a median of 33 days to find and eradicate an attack and a median of 11 days to recover from an attack, totalling 44 days.

Breaches cost the region a median of $2.2 million in total per breach, the report found.

Every year, Forrester delivers the Forrester Analytics Business Technographics Security Survey, which gives us insight into security decision-makers' current state, challenges, and forward-looking priorities.

This year, the company analysed the data to see how digital transformation hesitancy, disaster recovery preparedness, and balancing expectations with data affect the cost and effects of breaches.

Globally, the report found 63% of organisations were breached in the past year, 4% more than the year before. In the past 12 months, organisations were breached an average of three times.

"It's not surprising that this was less than in the previous year, given the shift to remote work during the COVID-19 pandemic," says Allie Mellen, analyst at Forrester.

"Regions that hesitated to address challenges with business alignment were breached at a higher rate than those that addressed such challenges early on."

The report found enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach. Globally, organisations took a median of 27 days to find an adversary and eradicate an attack and a median of 10 days to recover from a breach, totalling 37 days to find and recover from a breach. It also cost organisations a global mean of $2.4 million in total per breach.

According to the report, concerns over types of breaches are far afield from the reality on the ground. Security decision-makers are more concerned about external attacks than any other attack vector, at 47%. Breaches come in various ways, however, and are much more evenly spread in frequency among external attacks, lost/stolen assets, internal incidents, and third-party providers.

Mellen says tTe findings in the research go far beyond what is mentioned to dig into how geographic differences played an outsize role in how enterprises were affected by breaches.

"Through our findings, we highlight the following key takeaways for security professionals: The future waits for no one. Procrastinating on digital transformation efforts and other IT priorities works … until an urgent forcing function changes everything," she says.

"As security professionals, you need to advocate for technology updates internally to help the organisation be more flexible, adaptable, and prepared for dramatic shifts, which will continue into the foreseeable future."

Mellen says following metrics leads to better outcomes. "With the constant drumbeat of headline-making breaches, it's not surprising that security professionals are most concerned with external attacks. It's important, however, to lead your organisation with data and metrics to ensure that you aren't missing attacks from other, more prevalent vectors," she says.

"Adjust your strategy according to the data, not the headlines."

Mellen adds that adapting to regional challenges within global companies is imperative.

"Not all regions are built the same — geopolitical conflict, regulations, culture, staffing availability, and other world events greatly influence the rate of breaches and timely response," she explains.

"Your global strategy will face challenges in different regions because of this. Adapt your timelines, strategy, and metrics to address regional limitations, and set appropriate expectations."