Three quarters of Asia Pacific enterprises -- and two thirds of businesses in Singapore - have experienced cyber attacks in the past 12 months, according to new global research.
The 2010 Symantec State of Enterprise Security Study, released today, found that 38 per cent of Asia Pacific enterprises, and 67 per cent in Singapore, rank cyber risk as their top concern, more than natural disasters, terrorism, and traditional crime combined.
Initiatives that IT executives rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualisation, endpoint virtualisation, and software-as-a-service.
The study involved surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January this year, including 850 respondents from the Asia Pacific and 100 from Singapore.
According to the new Symantec research, every one of the enterprises surveyed experienced cyber losses in 2009. The top three reported losses in Singapore were theft of intellectual property (100 per cent), environment downtime (67 per cent) and theft of other corporate data (33 per cent).
Security means a competitive edge
"Protecting information today is more challenging than ever," said Francis deSouza, senior vice president, enterprise security, Symantec. "By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today's information-driven world."
The research also found that enterprise security was becoming more difficult due to understaffing plus new IT initiatives that intensify security and IT compliance issues. IT compliance has become a huge undertaking, with the typical enterprise exploring 19 separate IT standards or frameworks and currently employing eight of them. Some of the top standards include ISO, HIPAA, Sarbanes-Oxley, CIS, PCI, Cobit, and ITIL.
The survey concluded that organisations need to protect their infrastructure by securing their endpoints, messaging and Web environments. It said defending critical internal servers and implementing the ability to back up and recover data should be priorities.
Organisations also need the visibility and security intelligence to respond to threats rapidly.
Information-centric approach needed
Their recommendations were that:
• IT administrators need to protect information proactively by taking an information-centric approach to protect both information and interactions. Taking a content-aware approach to protecting information is key in knowing where sensitive information resides, who has access, and how it is coming in or leaving your organisation.
• Organisations need to develop and enforce IT policies and automate their compliance processes. By prioritising risks and defining policies that span across all locations, customers can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen.
• Organisations need to manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.