Most financial services institutions (FSIs) across Asia Pacific excluding Japan (APeJ) are still in the early stages of IT security, according to IDC's MaturityScape Benchmark: IT Security in Financial Services in Asia/Pacific (Excluding Japan) 2017 report.
This is worrying because the methods by which threat actors will try to breach a network today are many and varied. Traditional IT approaches of focusing on perimeter prevention thus no longer work.
"The bad guys are already on the inside, and we are all looking outside to see what we can stop, thereby missing the advanced threat actors who can create the worst scenario for any business," said Simon Piff, vice president of Security Practice for IDC Asia Pacific.
IDC thus urge APeJ FSIs to invest sufficiently into network detection and remediation. Timely detection of risks will help them mitigate some of these threats and save organisations billions of dollars.
Commenting on the findings, Piff said: "The key issues at hand that resulted in this shocking statistic is very much about the way IT security is considered within organisations.Thinking that IT security is a problem for IT to solve is both short-sighted and does not embrace the full issue.Organisations must think in terms of business risk first then decide how IT can help mitigate some of these risks, and not simply assign an IT label to it."
Sign up for CIO Asia eNewsletters.