Singapore companies confident of predicting and resisting cyber attacks

• Surpasses global average confidence levels in detecting a cyber attack
• Majority have agreed communications strategy or plan in response to attack

SINGAPORE companies are confident of their ability to detect a sophisticated cyber attack, according to the annual EY Global Information Security Survey (GISS), Path to cyber resilience: Sense, resist, react.

Eighty percent of the Singapore respondents share that sentiment, surpassing the global average of 50%.

Now in its 19th year, the survey of 1,735 organisations globally (including 20 from Singapore) examines some of the most compelling cybersecurity issues businesses face today.

Globally, confidence levels are at its highest since 2013 – due to investments in cyber threat intelligence and cyber analytics to more proactively hunt for indicators of attacks, continuous monitoring mechanisms, security operations centres (SOCs) and active defence mechanisms.

According to EY Asean cyber security leader Gerry Chng, “Over the last few years, Singapore has been driven by strong regulatory guidance in both the government and financial sectors to uplift the adoption of digital platforms as well as address the corresponding risks. This has resulted in a comparatively matured ecosystem of regulators, businesses, customers, and service providers.”

Yet, 85% of Singapore respondents (global 86%) say that their cyber security function does not fully meet their organisation’s needs.

For Singapore respondents, the top cybersecurity threats are cyber attacks that disrupt or deface the organisation (69%), spam (67%), zero-day attacks (65%) and phishing (56%).

In contrast, global respondents find malware, phishing, cyber attacks to steal financial information, or cyber attacks to attack intellectual property or data of most concern.

EY Global Advisory cybersecurity leader Paul van Kessel, says, “Organisations have come a long way in preparing for a cyber breach, but as fast as they improve, cyber attackers come up with new tricks. Organisations therefore need to sharpen their senses and upgrade their resistance to attacks.

“They also need to think beyond just protection and security to ‘cyber resilience’ – an organisation-wide response that helps them prepare for and fully address these inevitable cybersecurity incidents. In the event of an attack they need to have a plan and be prepared to repair the damage quickly and get the organisation back on its feet. If not, they put their customers, employees, vendors and ultimately their own future, at risk.”

Top cyber security concerns

The survey finds the top cyber security priorities for Singapore respondents being data leakage and data loss prevention (75%), security testing for attack and penetration (70%) and identity and access management (65%).

For global respondents, business continuity and disaster recovery is rated as top priority (57%), along with data leakage and data loss prevention (57%).

Among the activities that Singapore respondents plan to spend more in the year ahead, data leakage and data loss prevention (58%), security testing for attack and penetration (53%) and security awareness and training (47%) rank high.

Vulnerabilities and obstacles remain

The survey reveals that the obstacles that Singapore respondents face with regard to their information security function are lack of skilled sources (80%), budget constraints (60%), and lack of quality tools for managing information (25%).

In contrast, global respondents see budget constraints (61%), lack of skilled resources (56%) and lack of executive awareness or support (32%) as the top obstacles.

 “With the flood of information from multiple sources, enterprises will need to make good use of technology to increase the productivity and effectiveness in detecting malicious activities. The use of Robotics Process Automation to streamline repetitive tasks allows consistency and speed in performing routine activities while releasing much-needed resources to higher-value activities. The use of cyber analytics is also on the rise as enterprises use data science to help detect anomalous activities,” said Chng.

The digital ecosystem and connected devices also pose challenges. Organisations struggle with the number of devices that are being added to their digital ecosystem.

The majority of respondents (Singapore 80%, global 73%) are concerned about poor user awareness and behaviour around mobile devices, such as laptops, tablets and smartphones. Most (Singapore 60%, global 50%) cite the loss of a smart device as a top risk because it would encompass both information and identity loss.

In the event of an attack that has resulted in the compromise of data, most Singapore companies recognise their responsibility to stakeholders. Eighty percent of Singapore respondents (global 52%) will notify affected customers of an attack that definitely compromised data within the first week. 75% of Singapore respondents (global 57%) have an agreed communications strategy or plan in place in the event of a significant attack.

 “In the digital world that we live in today, there is a higher risk of standing still for fear of digital attacks. Companies that choose to do so will find themselves becoming irrelevant in the near future. Yet, cyber risks are real and organisations should relook at their current capabilities to ensure relevance.

“As enterprises start to recognise that a successful attack is imminent and bound to happen at some point in time, it is important not to solely invest in preventive mechanisms but also to uplift the enterprise’s capability to detect, respond, and recover the business operations. That is true resilience in a digital world – the ability to get up after a successful attack,” concluded Chng.  weapon. 
 
Related Stories:
 
A sneak preview of 2017's security challenges
 
2017 cyber security trends according to Sophos
 
Frost weighs in with its 2017 cyber security predictions for Asia-Pacific
 
Intel previews 2017 security threats
 
 
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.