Security market in Asia is less than 50% of that in US and Canada

Suparna Goswami Bhattacharya

September 13, 2016: Asian firms are more vulnerable to cyber attacks than their Western counterparts, says a recent report. The findings by Mandiant Consulting, a FireEye company, states that APAC firms are frequently underprepared to identify and respond to breaches.

According to IDC Worldwide Security Market Q1 2016, the network security market in APAC is worth $541 million, which is less than 50% of the US and Canada market, which is worth $1.14 billion. Europe with a market size of $583 million also spends more on network security compared to APAC.

Rob van der Ende, vice-president, Mandiant Consulting, Asia Pacific and Japan at FireEye, states that being unprepared for a breach is business as usual in Asia Pacific. “The region’s governments and boards need to address this further. Organisations must bring together the technology, threat intelligence and expertise necessary to quickly detect and respond to cyber attacks. Firms can benefit by embracing modern response techniques rather than legacy approaches, which often fail to find the attacker’s needle in the haystack.”

Additionally, some attacker tools are used to exclusively target organisations in APAC. For instance, in April 2015, Mandiant Consulting uncovered the malicious efforts of APT30, a suspected China-based threat group that has exploited the networks of governments and organisations across the region, targeting highly sensitive political, economic and military information. “This group appeared to have operated uninterrupted for at least a decade. They likely had little reason to change their operating methods because they were not detected,” states the report.

Interestingly, incident investigation statistics show that organisations in APAC are not up to the challenge of detecting and responding to advanced threat actors. Firms in APAC allow attackers to dwell (time between compromise and detection) in their environments for a median period of 520 days before discovering them, much higher than global median of 146 days.

Chuan-Wei Hoo, CISSP, technical advisor, Asia-Pacific, (ISC)², states that a lot depends on which economy one is looking at. There are economies that have advanced ICT adoption and still suffer from cyber attacks and incidents. It just means with more ICT adoption, we are going to see more attacks and incidents.

“Worse, some of the Asian firms feel that they are not a big target, they need not spend on controls. It is important to note that sophisticated adversaries often target small and medium-size companies as a mean to gain a foothold on the interconnected business ecosystems of larger organisations with which they partner,” says Hoo.

While adoption of technology trends like IoT and cloud computing are increasing, with it the threat of attacks is also on the rise. However, more often than not, organisations continue to rely on security strategies developed a decade ago that can no longer support the ever increasing speed of business.

“A 2015 ZK Research Security Survey revealed that 43% of respondents admit to turning features off in security appliances to improve performance. To successfully compete in this new digital economy, organisations need to implement a tightly coordinated security strategy that can see and govern this data across an entire borderless network without compromising agility or performance,” says Rajesh Maurya, regional director, India & SAARC, Fortinet.

However, Xavier Larduinat, Gemalto, is of the opinion that it is unfair to target companies in APAC for cyber attack vulnerabilities. “It’s a worldwide issue and relates solely on the pro-active actions taken by enterprises. Vulnerability depends on the size of enterprises. Therefore, wherever a specific region has a high density of SOHO (Small offices/Home offices), the absolute number of attacks may be higher,” he says.

Steps to be taken

1. Review network ingress/egress points and use appropriate monitoring on each application service (web browsing, email, remote virtualised desktop solutions, etc.) that crosses the estate boundary

2) Review each security logging device and ascertain how security risks will be identified and alerted when they occur

3) Adopt a behavioural analysis detection approach with log data to identify high-risk security threats (such as APTs) because signature detection will only find known threats