51% of Asia-Pacific companies blame cyberattacks on unknown assets
A new poll by MIT Technology Review Insights, in association with Palo Alto Networks, uncovers the complex challenges Asia-Pacific companies face in securing networks and systems for remote workers in the post-pandemic era.
In this new cybersecurity landscape, conducting a full inventory of internet-connected digital assets—from laptops to cloud applications—and rebooting cybersecurity policies for today’s modern remote work environment can mitigate risks. But organizations must also understand the cybersecurity trends and challenges that define their markets, many of which are unique to organizations operating in the Asia-Pacific region.
Report highlights include:
- More attacks are expected: Fifty-one percent of respondents have experienced a cyberattack originating from a digital asset they didn’t know about or didn’t manage, and 16% expect such an attack eventually. Unique challenges such as varied cyber maturity across the region and being unprepared to pivot to remote work during the pandemic have heightened the urgency to establish cybersecurity strategies.
- Securing cloud assets is a priority: Forty-three percent of respondents report that more than half of their digital assets are in the cloud. Well-funded and well-organized hackers and the fast-evolving nature of technology are forcing organizations to consider multiple ways to secure their cloud environments and monitor digital assets.
- Executives are paying attention to cybersecurity: Organizations also can mitigate risks by adding cybersecurity to the C-suite agenda. As it stands, 68% of respondents say their organization’s board of directors will request an attack surface management plan for cybersecurity this year.
“Our research shows that 70% of companies report a secure cloud management strategy is key to avoiding cybersecurity attacks. And 67% of respondents realize that continuous asset monitoring is the cornerstone of that strategy,” says Laurel Ruma, editorial director at MIT Technology Review Insights, US.
The research is based on a multi-industry poll of more than 728 technology decision-makers across more than a dozen global industries, including information technology, telecommunications, manufacturing, pharmaceuticals, health care, and retail. It includes in-depth interviews from public- and private-sector organizations in Asia-Pacific (22%), Europe (38%), North America (24%), and the Middle East and Africa (13%). Three resulting reports have been published: “IT Security Starts with Knowing Your Assets: Asia-Pacific,” “A Game-changer in Security Operations,” and “IT Security Starts with Knowing Your Assets: Europe, the Middle East and Africa.”
Cybersecurity strategies for the cloud and other assets needed
As companies continue to accelerate their digital transformation strategies, more and more of their operations are being moved to cloud environments. Cloud-based assets comprise most cybersecurity exposures. According to Palo Alto Networks research, 79% of observed issues come from the cloud.
"This data makes all too clear the reality of unknown or unmanaged assets: they are a major security risk, and the only way to protect yourself is to have a complete and up-to-date inventory of all internet-facing assets," says Tim Junio, senior vice president of products for Cortex at Palo Alto Networks.
Companies urgently need to formulate strategies to mitigate cyber-related vulnerabilities.
- Gain control over “shadow IT”: “Shadow IT,” which is rogue purchases of cloud services and installments of IoT-type connected devices, opens the doors for bad actors. Smart locks and other types of mobile access applications for employees can allow hackers to gain access to corporate networks.
- Monitor inventory: Forty-six percent of respondents conduct inventories to discover unknown or unprioritized digital assets. Still, 31% report taking such action just once per month or less frequently.
- Develop talent: Competitive salaries, stimulating projects, and opportunities for upskilling can help organizations attract and retain top talent. Even employees without extensive cybersecurity skills can mitigate security risks by increasing their understanding of the threat landscape.
- Consult the experts: Outsourcing cybersecurity allows organizations to tap into a reservoir of skills and experience they wouldn’t otherwise have. Only 29% of Asia-Pacific organizations turn to outside experts.
“To understand your attack surface, organizations must monitor and scan continuously,” says Leonard Kleinman, chief technology officer for Palo Alto Networks Cortex division for the Asia-Pacific region. “It’s time to eliminate spot checks and sporadic security activities and instead, move to more continuous, 24/7 monitoring to match the pace of digital transformation.”