Sophos, a global leader in next-generation cybersecurity, recently released additional findings from its survey report, The Future of Cybersecurity in the Asia Pacific and Japan, in collaboration with Tech Research Asia (TRA), revealing businesses are increasingly prioritizing budget for cybersecurity. Organizations in the Philippines set aside up to 13% of technology budgets for cybersecurity in 2022 compared to 11% on average across APJ, which is an increase from 8.6% the previous year.
Asia Pacific and Japan (APJ) organizations have identified threat hunting as a critical consideration for strengthening cybersecurity defenses. Most organizations (90%) undertook threat hunting to bolster their cybersecurity capabilities in 2021; of those that did, 85 percent stated the approach is critical to their company’s overall cybersecurity capabilities.
“It’s great to see organizations taking cybersecurity more seriously, with budgets and maturity levels on the rise and organizations looking to build threat hunting into their cyber defense strategies,” Aaron Bugal, global solutions engineer at Sophos, said.
“Given that threat hunting has become a priority for the majority of organizations, it’s interesting to see that cybersecurity professionals rank ‘not being able to keep up with the pace of threats’ in their top five frustrations in 2022, as indicated in the survey.”
“Even with the additional investment, organizations need to ensure they are not overstating their maturity levels and implementing threat hunting solutions, leading to complacency. With increased maturity and investment, one would think successful cyberattacks would decline. However, they continue to wreak havoc. Sophos’ State of Ransomware Report reveals that 72 percent of APJ organizations were hit by ransomware in 2021, up from 39 percent in 2020. In the Philippines, up to 69% of organizations reported being attacked last year, with 58% experiencing encrypted data as a result, costing them as much as US$1.34 million on average to rectify the impact on their business. With this in mind, organizations must review their cyber strategies regularly and address the gaps.”
This is becoming increasingly important considering Sophos has seen an uptick in the number of instances where organizations are being attacked multiple times – sometimes simultaneously.
“Organizations must be active in combatting cyberattacks, with threat hunting functioning as an always-on activity and not a once or twice a year exercise. Organizations must constantly be on the front foot to identify and thwart attacks, and regular and consistent threat hunting is key to this; failure to do so means organizations will remain vulnerable,” Bugal said.
Organizations are reactive and passive in their approach to cybersecurity
Forty-five percent of companies surveyed haven’t changed their information or cybersecurity approach in the last 12 months, indicating a passive attitude to cybersecurity—something that must be addressed as a priority. The driving factor behind a change in strategy is an attack or breach, leading to an “attack, change, attack, change” cycle, a trend observed since 2019. In fact, half (49%) of the respondents are planning to make changes in the next six months due to experiencing an attack, highlighting the current reactive approach organizations take to managing their security.
“Cybersecurity strategies must move with – or even faster than – the threat landscape, and, sadly, that’s not happening at the moment. By updating cybersecurity strategies after a successful attack, organizations will always remain in a reactive state and continue to be easy targets for attacks. Organizations that need help can outsource all or part of their threat hunting procedures to experts who monitor systems 24/7 and have access to telemetry and artificial intelligence for faster detection and response capabilities,” said Bugal.