Even though companies in the Asia Pacific (APAC) region regard managing cyber risk a priority, they lack sufficient vulnerability management capabilities.
This is according to the Technology Adoption Profile (TAP) study titled 'Vulnerability Management Trends in Asia Pacific'-- conducted by Forrester Consulting for Tenable Networks Security, Inc. --which polled 120 security decision makers in Australia, China, Japan, New Zealand, and Singapore to evaluate their perceived challenges, drivers and benefits of various vulnerability management strategies and investments.
According to the survey, one of the top security priorities of companies is protecting the data of customers with a focus on application security, data security and protection of customer's personal information. However, only 22 percent of the respondents performed continuous vulnerability assessments to monitor their environments for new threats; 44 percent conducted scans periodically while 28 percent performed scans monthly.
"Some of the pain points identified by the respondents, such as difficulties with remediating breaches across security and operations, prioritising vulnerabilities and mobile and cloud threat monitoring, are a natural consequence of the evolving threat environment," said Ron Gula, CEO of Tenable Network Security.
"In order to overcome these challenges and deliver a comprehensive security solution that adequately assesses and mitigates cyber risk, security decision makers need to re-evaluate their processes and technologies against industry best practices," advised Gula.
The survey also revealed nearly half of the respondents (46 percent) said reducing risk and improving security posture as their top security priority of all strategic IT objectives for companies in the APAC region. Additionally, the survey found out that vulnerability management solutions are shifting from traditional focus on compliance to risk focus.
Forty percent of the security professionals polled said that their vulnerability management programmes are mainly strategic while 37 percent said their programmes focus on a combination of compliance and risk management.
Meanwhile, cybersecurity is a pressing issue among companies in the region. The survey indicated that 80 percent of companies have been breached at least once in the past 12 months, with phishing and DNS-based attacks being the most common form of attack.
The potential vulnerabilities of companies are also compounded by new technologies and devices introduced by employees, customers and partners. These attacks affect productivity, with 53 percent of respondents saying that the impact of this was 'severe' or 'very severe'. The attacks also resulted in increased operational expenses (60 percent), brand damage (51 percent), losing customer trust (57 percent) and lost revenues (51 percent).
In essence, Gula said the size and complexity of APAC -- combined with its unique political, socioeconomic and cultural distinctions -- make cybersecurity a major challenge across the region. "The security industry needs to help organisations in the region safeguard critical corporate assets, conform to the product and service standards their customers demand, and protect them from detrimental effects of cyber attacks to reputation and business continuity."
Sign up for CIO Asia eNewsletters.