EY building in London. Source: Shutterstock

How can APAC businesses improve their cybersecurity posture in 2020?

Up until 2020, cybersecurity efforts have largely been driven by the need for compliance with regulations or a result of defense put up against incoming attacks.

This has been hard for businesses in the APAC who have not only been struggling to find the right talent but also integrate the right solutions into their workflows. Fortunately, things are changing for the better.

EY recently surveyed cybersecurity professionals to understand the threat landscape better and found many improvements.

Fifty-three percent of respondents in the APAC, for example, said they haven’t seen an increase in the number of destructive attacks over the past 12 months, compared with 41 percent globally.

The APAC is now also at a similar level as the rest of the world when it comes to ‘board and executive understanding’ on the needs and value of cybersecurity – with more than half of both global (58 percent) and APAC (54 percent) respondents agreeing.

In addition, 57 percent of global respondents claim their cybersecurity subcommittees now hold briefings with executive boards on a regular basis, with APAC following closely at 52 percent. Results suggest that the APAC is now better-equipped and more prepared to respond to cyber threats.

Although the results are exciting, the reality is that there’s room for improvement for businesses in the APAC. Tech Wire Asia spoke to EY APAC Cybersecurity Leader Richard Watson to learn more.

The threats landscape is changing in the region

Watson, who’s spent more than a decade in the cybersecurity space, said that the important thing that businesses need to understand is that the threats landscape is constantly changing.

EY’s survey, for example, revealed that the largest drivers of cyberattacks in the APAC are now social activists (19 percent), exemplifying a shift away from traditional financial motives and creating new challenges for organizations.

Observing and monitoring these trends is important for organizations that want to ensure that they’are able to defend themselves against threats, effectively.

“Businesses that have been driving their cybersecurity agenda because of regulations have largely remained focused on data breaches. As the landscape changes, businesses must keep up.”

Although organizations in the region are doing pretty well in comparison to global peers, Watson believes that a more thorough approach to cybersecurity is essential.

“To survive in the constantly evolving threats landscape, companies need to think about cybersecurity first. That’s why we suggest that they adopt a ‘security by design’ approach.”

According to Watson, the Chief Information Security Officer (CISO) needs to be roped in by teams across the organization when they want to launch a new product or service or leverage a new solution to support operations and existing workflows.

“People need to think about cybersecurity from the get to in order to keep attackers out. Involving the CISO when planning new IT investments, reviewing merger or acquisitions, or creating new products helps improve the overall cybersecurity posture while also saving resources that would otherwise be spent firefighting issues later on.”

Answering the ‘what next’ question in cybersecurity

The EY survey revealed that the state of cybersecurity in the APAC has improved a lot in recent times.

Companies in the region have spent the last few years taking control of their data and devices, and helping spread awareness among their staff about the importance of exercising caution when navigating the digital world.

“In the past two to three years, companies have dramatically improved their own cybersecurity posture. For them, the next step is to review the posture of third parties they’re associated with.”

Watson believes that organizations looking to strengthen their defense in 2020 need to conduct a third-party risk assessment and find out the maturity and measures in place at partner organizations.

After all, a data breach in a company could land its partners in trouble.

“When a cyber incident occurs at a vendor who performs services for a big bank, it’s the big bank’s name and reputation at stake when news of the attack hits the front page and could land them in trouble if their data was compromised, just because of the way regulations are shaping up.”

In the coming months, CISOs need to step up, be more involved in business decisions from the get-go rather than spend all their time monitoring risks, and businesses need to work more closely with third parties to expand their cyber defense strategy.