Nearly nine in ten (85%) companies in Singapore expect a cybersecurity incident to disrupt their business in the next 12 to 24 months.
However, only 14% are in the “mature” level of readiness needed to be resilient against today’s modern cybersecurity risks, according to the Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World report.
Since organisations have moved from an operating model that was largely static to a hybrid world, they need to have defences across five pillars to address the new and unique cybersecurity challenges. The pillars are identity, devices, network, application workloads and data, explains Tay Bee Kheng, president for Asean at Cisco, at a media briefing earlier today.
The report, therefore, asked respondents the type of cybersecurity solutions they had deployed and the stage of deployment before categorising them into four stages of cybersecurity resilience.
Those at the initial stages of deploying solutions and are performing below average on cybersecurity readiness fall under the “beginner” and “formative” levels, respectively. Meanwhile, those in the “mature level” have achieved advanced stages of deployment and are most ready to address security risks.
The report also reveals that companies in Singapore tend to be in the “mature” stage when it comes to protecting identity, devices and data. Yet, they are least prepared in terms of network security and securing application workloads, with 50% and 56% being in the beginner or formative stages, respectively.
See also: Alibaba anoints new chief in revamp of stalling commerce arm
Koo Juan Huat, Cisco’s cybersecurity director for Asean security sales, shares that organisations might be struggling with securing application workloads as they have to now think about cloud-native apps, containers, and serverless.
He also encourages organisations to improve their network security as “the network sees everything”. “[A lot of organisations today] use point security solutions and traditional firewalls, intrusion prevention systems, security gateways etc. [The downside of] those solutions is that they can’t secure connected devices like smart printers. Even if we were to use a firewall, it can only see the north-south traffic (i.e., traffic that flows in and out) and can’t detect if a bad actor does something malicious within the network perimeter. So organisations should realise that network can be a security sensor as well as an enforcer,” he says.
In general, Tay advises organisations to ensure the cybersecurity solutions they deploy provide visibility, analytics, automation, orchestration and governance. The solutions should also work together to support an integrated security approach across the five pillars of cybersecurity (i.e., identity, devices, network, application workloads and data) to help enhance the organisation's overall cyber resilience.
