- Surpasses global average confidence levels in detecting a cyber attack
- Top concerns: data leakage and data loss prevention; security testing for attack and penetration; identity and access management
- Majority have agreed communications strategy or plan in response to attack
Singapore companies are confident of their ability to detect a sophisticated cyber attack, according to the annual EY Global Information Security Survey (GISS), Path to cyber resilience: Sense, resist, react. 80% of the Singapore respondents share that sentiment, surpassing the global average of 50%.
Now in its 19th year, the survey of 1,735 organizations globally (including 20 from Singapore) examines some of the most compelling cybersecurity issues businesses face today. Globally, confidence levels are at its highest since 2013 – due to investments in cyber threat intelligence and cyber analytics to more proactively hunt for indicators of attacks, continuous monitoring mechanisms, security operations centers (SOCs) and active defense mechanisms.
Gerry Chng, EY Asean Cyber Security Leader says: “Over the last few years, Singapore has been driven by strong regulatory guidance in both the government and financial sectors to uplift the adoption of digital platforms as well as address the corresponding risks. This has resulted in a comparatively matured ecosystem of regulators, businesses, customers, and service providers.”
Yet, 85% of Singapore respondents (global 86%) say that their cyber security function does not fully meet their organization’s needs. For Singapore respondents, the top cybersecurity threats are cyber attacks that disrupt or deface the organization (69%), spam (67%), zero-day attacks (65%) and phishing (56%). In contrast, global respondents find malware, phishing, cyber attacks to steal financial information, or cyber attacks to attack intellectual property or data of most concern.
Paul Van Kessel, EY Global Advisory Cybersecurity Leader says: “Organizations have come a long way in preparing for a cyber breach, but as fast as they improve, cyber attackers come up with new tricks. Organizations therefore need to sharpen their senses and upgrade their resistance to attacks. They also need to think beyond just protection and security to ‘cyber resilience’ – an organization-wide response that helps them prepare for and fully address these inevitable cybersecurity incidents. In the event of an attack they need to have a plan and be prepared to repair the damage quickly and get the organization back on its feet. If not, they put their customers, employees, vendors and ultimately their own future, at risk.”
Top cyber security concerns: The survey finds the top cyber security priorities for Singapore respondents being data leakage and data loss prevention (75%), security testing for attack and penetration (70%) and identity and access management (65%). For global respondents, business continuity and disaster recovery is rated as top priority (57%), along with data leakage and data loss prevention (57%).
Among the activities that Singapore respondents plan to spend more in the year ahead, data leakage and data loss prevention (58%), security testing for attack and penetration (53%) and security awareness and training (47%) rank high.
Vulnerabilities and obstacles remain: The survey reveals that the obstacles that Singapore respondents face with regard to their information security function are lack of skilled sources (80%), budget constraints (60%), and lack of quality tools for managing information (25%). In contrast, global respondents see budget constraints (61%), lack of skilled resources (56%) and lack of executive awareness or support (32%) as the top obstacles.
Chng says: “With the flood of information from multiple sources, enterprises will need to make good use of technology to increase the productivity and effectiveness in detecting malicious activities. The use of Robotics Process Automation to streamline repetitive tasks allows consistency and speed in performing routine activities while releasing much-needed resources to higher-value activities. The use of cyber analytics is also on the rise as enterprises use data science to help detect anomalous activities.”
The digital ecosystem and connected devices also pose challenges. Organizations struggle with the number of devices that are being added to their digital ecosystem. Majority of respondents (Singapore 80%, global 73%) are concerned about poor user awareness and behavior around mobile devices, such as laptops, tablets and smartphones. Most (Singapore 60%, global 50%) cite the loss of a smart device as a top risk because it would encompass both information and identity loss.
In the event of an attack that has resulted in the compromise of data, most Singapore companies recognize their responsibility to stakeholders. 80% of Singapore respondents (global 52%) will notify affected customers of an attack that definitely compromised data within the first week. 75% of Singapore respondents (global 57%) have an agreed communications strategy or plan in place in the event of a significant attack.
Chng concludes: “In the digital world that we live in today, there is a higher risk of standing still for fear of digital attacks. Companies that choose to do so will find themselves becoming irrelevant in the near future. Yet, cyber risks are real and organizations should relook at their current capabilities to ensure relevance.
“As enterprises start to recognize that a successful attack is imminent and bound to happen at some point in time, it is important not to solely invest in preventive mechanisms but also to uplift the enterprise’s capability to detect, respond, and recover the business operations. That is true resilience in a digital world – the ability to get up after a successful attack.”
About the survey: EY’s 19th annual Global Information Security Survey captures responses from 1,735 C-suite leaders and IT executives and managers from most of the world’s largest and most recognized global companies. The survey was conducted between June 2016 and August 2016.