ASEAN businesses ramp up cybersecurity

A recent study shows business attitudes towards cybersecurity had changed across several markets in Southeast Asia, including Indonesia, Singapore, the Philippines, and Thailand – before the escalation of COVID-19.

According to the study by cybersecurity company Palo Alto Networks, in addition to increasing their cybersecurity budgets, many companies in Singapore are also feeling more confident in their ability to mitigate cyberthreats.

With 2018 and 2019 seeing a number of high-profile breaches and cyberattacks in Singapore, about four in five companies 79 per cent increased their cybersecurity budget between 2019 and 2020.

More than half (53 per cent) of companies here also reported allocating over half their organisation’s IT budget to cybersecurity spending. This initial increase in budget was mainly attributed to the growing volume (71 per cent) and sophistication (58 per cent) of threats, as well as a need to upgrade existing frameworks to incorporate automation (51 percent).

Like other countries in ASEAN, companies in Singapore continue to rely on popular solutions such as anti-malware and antivirus software (61 per cent). However, the interest around more holistic and advanced tools is growing as companies adapt their cybersecurity strategies to meet the evolving needs of the business landscape.

Software-defined wide area network (SD-WAN) security (62 per cent) was reported as the most popular solution amongst Singapore companies as a means of maintaining visibility into ever-expanding, complex digital networks. SD-WAN solutions are gaining momentum as more companies look to connect more offices and employees securely to cloud applications and resources.

Likewise, in line with Singapore’s role as a regional business and innovation hub and a mature cloud market, over half of businesses (54 per cent) are already investing in cloud-native security. With the Government’s recent commitments to increase public sector investment in ICT and the bigger push for more small and medium-sized enterprises to go digital post-COVID-19, this figure is only set to grow. A similar proportion have also started leveraging next-generation firewalls (54 per cent) as well.

In preparation for an impending rollout next year, 31 per cent have also already ventured into 5G security for IoT.

Perhaps bolstered by their increased investments in cybersecurity, the majority of Singapore companies (66 per cent) regard their organisation’s risk to cyberthreats as “low” to “moderate”. Overall, Singapore companies were the second most confident of the four countries surveyed with 75 per cent believing that their current security measures are capable of protecting them from existing cyberthreats.

This confidence can be attributed to a number of factors besides increased spending. Most (70 per cent) companies in Singapore reported using a managed security service provider (MSSP) to handle IT and cybersecurity responsibilities.

Businesses have also demonstrated a clear commitment to improving visibility when it comes to handling cybersecurity risks:

• The vast majority (96 per cent) of companies reported reviewing their cybersecurity policies and standard operating procedures at least once a year.
• Singapore companies are strong advocates for transparency, with 91 per centsupporting mandatory breach reporting, an expected result of recently announced guidelines by the Personal Data Protection Commission (PDPC).

A clear majority (81 per cent) also check their organisations’ computers at least once a month to ensure that software is up to date.

Despite the overall confidence, three in five respondents are still mindful that their organisation may be vulnerable to cyberattacks. Besides the potential impact of monetary losses, companies’ biggest concerns involve the loss of internal data (29 per cent), which includes intellectual property and employee data, and external data (33 per cent) such as customer payment information, as the biggest potential sources of damage in the event of a breach.

• When asked to rank the biggest cybersecurity challenges within their companies, respondents identified the following:
• Risks from third-party service providers and suppliers (49 per cent)
• The IT team’s need to manage other priorities (37 per cent)
• Lack of employee awareness on cybersecurity (36 per cent)