Overreliance on perimeter-based defense creates opportunities for attackers

RSA has announced the results of research that demonstrates organizations in Asia Pacific & Japan (APJ) investing in detection and response technologies are better poised to defend against today’s advanced threats, in comparison to those primarily utilizing perimeter-based solutions.

The results of the second annual RSA Cybersecurity Poverty Index found that 74% of survey respondents in the APJ region face a significant risk of cyber incidents – closely aligned to the global average of 75%.

How mature is your cybersecurity strategy?

More than 200 respondents from the APJ region participated in the survey, which gave participants the chance to self-assess the maturity of their cybersecurity programs by leveraging the NIST Cybersecurity Framework (CSF) as the measuring stick.

The findings showed that organizations continue to struggle with their ability to take proactive steps to improve their cybersecurity and risk posture. In fact, 70% of APJ-based respondents had experienced cyber incidents that negatively impacted their business operations in the past year. Not surprisingly, only 23% of those organizations considered their cybersecurity strategy mature.

Don’t delay investing in cybersecurity

The results also showed that organizations often delay investing in cybersecurity until they’ve undergone a major incident – typically one that impacts critical business assets. The inability of organizations to quantify their Cyber Risk Appetite (the risks they face and the potential impacts on their organizations) makes it difficult to prioritize mitigation and investment, a foundational activity for any organization looking to improve their security and risk posture.

The inefficiency of perimeter-based defense

The strongest reported maturity levels were in the area of Protection. However, perimeter-based defense solutions are proving to be increasingly ineffective over time as cyber threats become more advanced. The categories of Response and Detection were ranked least mature in the region.

Organizations must focus on executing preventative strategies and improving capabilities that offer complete visibility to detect and respond to advanced threats before they can impact the business.

Small organizations need better cybersecurity

The results of the RSA Cybersecurity Poverty Index also revealed the urgency for smaller organizations in the APJ region to improve their cybersecurity strategies to better defend themselves against today’s advanced threats. 85% of organizations surveyed with less than 1,000 employees reported to be not well prepared for today’s threats versus 61% of mid-sized organization (between 1,000-10,000 employees) and 65% of large organizations (10,000+ employees) reported not being as well prepared. This wide gap in defense capabilities between large and small organizations point to a potential risk of smaller organizations becoming prime targets for threats in today’s digital landscape.

“The results of this research provide insight into how the APJ region can improve its overall cybersecurity maturity. Over the next few years, we are bound to face more vulnerabilities as technology and internet penetration in the region is set to grow in parallel alongside sophisticated cyber threats. Especially so in Southeast Asia, which is now the world’s fastest-growing Internet region globally, where the internet user base is expected to double to 480 million by 2020. So it is more important than ever for organizations of all sizes to acknowledge weaknesses, review their cybersecurity strategies and move beyond conventional approaches – like perimeter-based protection – when thinking about security,” said Nigel Ng, Vice President, APJ, RSA.