SINGAPORE, July 20, 2016 /PRNewswire/ -- RSA
CONFERENCE -- RSA, The Security Division of EMC (NYSE:
EMC), has announced the results of research that demonstrates
organizations in Asia Pacific
& Japan (APJ) investing in
detection and response technologies are better poised to defend
against today's advanced threats, in comparison to those primarily
utilizing perimeter-based solutions. The results of the second
annual RSA Cybersecurity Poverty Index found that 74% of survey
respondents in the APJ region face a significant risk of cyber
incidents – closely aligned to the global average of 75%.
More than 200 respondents from the APJ region participated in
the 2016 RSA Cybersecurity Poverty Index. The survey gave
participants the chance to self-assess the maturity of their
cybersecurity programs by leveraging the NIST Cybersecurity
Framework (CSF) as the measuring stick. The findings showed that
organizations continue to struggle with their ability to take
proactive steps to improve their cybersecurity and risk posture. In
fact, 70% of APJ-based respondents had experienced cyber incidents
that negatively impacted their business operations in the past
year. Not surprisingly, only 23% of those organizations considered
their cybersecurity strategy mature. The results also showed that
organizations often delay investing in cybersecurity until they've
undergone a major incident – typically one that impacts critical
business assets. The inability of organizations to quantify their
Cyber Risk Appetite (the risks they face and the potential impacts
on their organizations) makes it difficult to prioritize mitigation
and investment, a foundational activity for any organization
looking to improve their security and risk posture.
The strongest reported maturity levels were in the area of
Protection. However, perimeter-based defense solutions are proving
to be increasingly ineffective over time as cyber threats become
more advanced. The categories of Response and Detection were ranked
least mature in the region. Organizations must focus on executing
preventative strategies and improving capabilities that offer
complete visibility to detect and respond to advanced threats
before they can impact the business.
The results of the RSA Cybersecurity Poverty Index also revealed
the urgency for smaller organizations in the APJ region to improve
their cybersecurity strategies to better defend themselves against
today's advanced threats. 85% of organizations surveyed with less
than 1,000 employees reported to be not well prepared for today's
threats versus 61% of mid-sized organization (between 1,000-10,000
employees) and 65% of large organizations (10,000+ employees)
reported not being as well prepared. This wide gap in defense
capabilities between large and small organizations point to a
potential risk of smaller organizations becoming prime targets for
threats in today's digital landscape.
Methodology
To assess cybersecurity maturity,
respondents self-assessed their capabilities against the CSF, which
designed to provide guidance based on existing standards,
guidelines and practices for reducing cyber risks, and was created
through collaboration between industry and government. While the
CSF was initially developed in the United
States with the aim of helping to reduce cyber risks to
critical infrastructure, organizations worldwide have found it to
be a prioritized, flexible, repeatable and cost-effective approach
for managing cyber risk. Thus, it serves as an excellent baseline
to assess any organization's core cybersecurity and cyber risk
management capabilities.
Organizations rated their own capabilities in the five key
functions outlined by the CSF: Identify, Protect, Detect, Respond,
and Recover. Ratings used a 5-point scale, with 1 signifying that
the organization had no capability in a given area, and 5
indicating that it had highly mature practices in the area.
EXECUTIVE QUOTE:
Nigel Ng, Vice President, APJ,
RSA, The Security Division of EMC
"The results of this research provide insight into how the APJ
region can improve its overall cybersecurity maturity. Over the
next few years, we are bound to face more vulnerabilities as
technology and internet penetration in the region is set to grow in
parallel alongside sophisticated cyber threats. Especially so in
Southeast Asia, which is now the
world's fastest-growing Internet region globally, where the
internet user base is expected to double to 480 million by
2020. So it is more important than ever for organizations of
all sizes to acknowledge weaknesses, review their cybersecurity
strategies and move beyond conventional approaches – like
perimeter-based protection -- when thinking about security."
ADDITIONAL RESOURCES:
- Download the RSA Cybersecurity Poverty Index eBook providing
valuable insights into organizations' cyber security maturity
- Take the same Cybersecurity Maturity Assessment that was used
for the RSA Cybersecurity Poverty Index to determine your own
organization's maturity
- View the RSA Cybersecurity Poverty Index Infographic
- Download RSA's Cyber Risk Appetite whitepaper
- Hear President, Amit Yoran and
Vice President and GM of RSA's Global Public Sector, Mike Brown discuss results from the RSA
Cybersecurity Poverty Index
- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and
the RSA Speaking of Security Blog and Podcast
ABOUT RSA
RSA provides more than 30,000 customers
around the world with the essential security capabilities to
protect their most valuable assets from cyber threats. With
RSA's award-winning products, organizations effectively detect,
investigate, and respond to advanced attacks; confirm and manage
identities; and ultimately, reduce IP theft, fraud, and cybercrime.
For more information, go to www.rsa.com.
This release contains "forward-looking statements" as defined
under the Federal Securities Laws. Actual results could
differ materially from those projected in the forward-looking
statements as a result of certain risk factors, including but not
limited to: (i) risks associated with the proposed acquisition of
EMC by Denali Holdings, Inc., the parent company of Dell, Inc.,
including, among others, assumptions related to the ability to
close the acquisition, the expected closing date and its
anticipated costs and benefits; (ii) adverse changes in general
economic or market conditions; (iii) delays or reductions in
information technology spending; (iv) the relative and varying
rates of product price and component cost declines and the volume
and mixture of product and services revenues; (v) competitive
factors, including but not limited to pricing pressures and new
product introductions; (vi) component and product quality and
availability; (vii) fluctuations in VMware, Inc.'s operating
results and risks associated with trading of VMware stock; (viii)
the transition to new products, the uncertainty of customer
acceptance of new product offerings and rapid technological and
market change; (ix) risks associated with managing the growth of
our business, including risks associated with acquisitions and
investments and the challenges and costs of integration,
restructuring and achieving anticipated synergies; (x) the ability
to attract and retain highly qualified employees; (xi)
insufficient, excess or obsolete inventory; (xii) fluctuating
currency exchange rates; (xiii) threats and other disruptions to
our secure data centers or networks; (xiv) our ability to protect
our proprietary technology; (xv) war or acts of terrorism; and
(xvi) other one-time events and other important factors disclosed
previously and from time to time in the filings of EMC, the parent
company of RSA, with the U.S. Securities and Exchange
Commission. EMC and RSA disclaim any obligation to update any
such forward-looking statements after the date of this
release.
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/rsa-research-shows-74-of-apj-organizations-face-significant-risk-of-cyber-incidents-300301119.html
SOURCE RSA