Security awareness has increased among organisations in Singapore but bad habits still persist, according to the Global Advanced Threat Landscape Survey 2016 by CyberArk.
The report polled 750 IT and IT security decision makers from global enterprises - including those from Australia, New Zealand, and Singapore - to examine whether they have learnt and applied lessons from "high-profile" cyberattacks they experienced, and how it influenced their security priorities and decision making.
Majority of the polled organisations in Singapore (75 percent) said they have learnt from major cyberattacks. As such, they have increased deployment of endpoint security (25 percent), malware detection (23 percent), and identity and access governance (20 percent). In addition, 42 percent evolved their processes for managing privileged accounts.
Twenty-six percent of the respondents from the city-state cited distributed denial-of-service (DDoS) attacks as their top security concern in the next 12 months. This is followed by privileged account exploitation (18 percent), perimeter breaches (16 percent), and phishing (15 percent).
In response, 76 percent of the respondents said stopping the breach or removing attackers is among their top priorities, as well as updating IT security to prevent the same breach from happening again (58 percent).
Despite the increased awareness, more than half of the organisations in the republic polled (53 percent) still store privileged and administrative passwords in a Word document or spreadsheet, while 39 percent use a shared server or USB.
Meanwhile, 70 percent of the Singapore respondents believe they can prevent attackers from breaking into their internal network. Majority of the organisations (89 percent) also have cybersecurity emergency response plan.
However, the report stated the security preparedness by organisations is undermined by lack of communication and testing, as only 39 percent communicate and regularly test their plan with all the IT employees.
"The findings of this year's Global Advanced Threat Landscape Survey demonstrate that cyber security awareness doesn't always equate to being secure. Organisations undermine their own efforts by failing to enforce well-known security best practices around potential vulnerabilities associated with privileged accounts, third-party vendor access and data stored in the cloud," said John Worrall, Chief Marketing Officer of CyberArk, in a press release.
"There's a fine line between preparedness and overconfidence. The majority of cyberattacks are a result of poor security hygiene - organisations can't lose sight of the broader security picture while trying to secure against the threat du jour," he continued.
Sign up for CIO Asia eNewsletters.