Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Almost a third of Singapore firms unconfident in detecting cyber attacks: EY survey

Zafirah Salim | Dec. 7, 2015
Majority of Singapore organisations (80 percent) do not believe their information security structure fully meets their organisations’ needs; while 56 percent of them feel their IT security budgets should be increased to better align their organisations’ need for protection.

Almost one-third of Singapore organisations still lack confidence in their ability to detect sophisticated cyber attacks, according to the recently-released EY's Global Information Security Survey (GISS) 2015.

This is almost on par with the global finding, which states that 36 percent of global organisations are also facing this same problem.

Polling 1,755 organisations across 67 countries, including 35 from Singapore, the survey examines some of the most important cybersecurity issues facing businesses today.

The survey revealed that a majority of Singapore organisations (80 percent) do not believe their information security structure fully meets their organisations' needs. In fact, 56 percent of them said their IT security budgets should be increased by up to 50 percent to better align their organisations' need for protection.

"Organisations are embracing the digital world with enthusiasm, but there must be a corresponding uptick in addressing the increasingly sophisticated cyber threats. Businesses should not overlook or underestimate the potential risk of cyber breaches. Instead, they should develop a laser-like focus on cybersecurity and make the required investments," said Paul O'Rourke, Asia-Pacific Cyber Security Leader.

Additionally, the survey found that in Singapore, the top three likely sources of cyber attacks are hacktivists (74 percent), cyber criminals (62 percent) and employees (41 percent).

Gerry Chng, Asean and Singapore Information Security Leader, said that since employees increasingly have access to more digital information, it is natural for hackers to target them - who are also seen as the "weakest link in the chain" - through attacks such as social engineering or targeted malicious software. "Without the right level of training, culture, and enabling technologies, employees may easily fall prey to such tactics," he added.

In line with perceiving employees as a top source of cyber attacks, it is not surprising that Singapore survey respondents view unaware employees (50 percent) and malware (45 percent) as the top two threats and vulnerabilities; followed by cyber attacks to disrupt or deface the organisation (44 percent) and phishing (41 percent).

"Today, cyber risks are manifested through many different channels. Attacks could be carried out on employees, third-parties, or through the use of emerging technologies or existing weaknesses in the technology platform," said Chng. "Organisations should re-evaluate their cyber risk readiness capabilities to ensure that they are adopting a risk-initiated approach to anticipate possible threats to their organisation, and prioritise their investments in cyber defense based on the potential impact to the business."

Organisations falling short in thwarting a cyber attack

According to the survey, more than half (52 percent) of Singapore respondents said that they lack a dedicated function that focuses on emerging technology and its impact; while 44 percent said they do not have a security operations centre.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.