Organisations in Vietnam are facing longer downtimes from cybersecurity breaches, compared to the regional and global averages, according to Cisco’s 2019 Asia-Pacific CISO Benchmark Study.
|A growing number of Vietnam companies face downtimes longer than a day from cyberattacks |
According to the study, 30 per cent of companies in Vietnam experienced a downtime of 24 hours or more after their most severe breach in the past one year, compared to just 4 per cent globally and 23 per cent in the Asia-Pacific. The number in Vietnam saw a huge increase from 2018 when only 15 per cent of organisations in the country suffered downtime of 24 hours or more.
The study, based on a survey of close to 2,000 security professionals from across the region, highlights that security practitioners in Vietnam are being kept busy. According to the study, 36 per cent of respondents reported receiving more than 10,000 threat alerts a day, while 26 per cent said they received more than 50,000 alerts per day.
With a high number of cyber threats alerts, the real challenge lies in what comes after an alert is received. How many of the alerts are investigated, and how many of those found to be genuine are eventually remediated.
The good news is that companies in Vietnam are doing better than the Asia-Pacific average on both those fronts. According to the study, companies in Vietnam investigated 51 per cent of the threats, compared to 44 per cent across the Asia-Pacific. Of the threats that were investigated and found to be genuine, 45 per cent were addressed (up from 44 per cent in 2018). Companies in Vietnam are doing better in remediating legitimate alerts compared to the regional and global averages, which stood at 38 and 43 per cent, respectively.
Vietnamese companies have also seen a big decline in the financial impact from cyber breaches. Among the respondents, 18 per cent said the most severe breach in the past year cost them more than one million dollars. This is a huge decline from a year ago, when 77 per cent of companies reported a financial impact of one million dollars or more.
|Luong Thi Le Thuy, managing director at Cisco in Vietnam |
Luong Thi Le Thuy, managing director, Vietnam, Cisco, said, “As digital maturity and adoption increases across Vietnam, we are seeing an increased awareness of cybersecurity among businesses. This is crucial because we will see more users and devices come online in the next few years. While this means greater opportunity for businesses, it also means that the attack surface will increase exponentially, exposing businesses to more threats and cyber risks. Security can no longer be an afterthought: it needs to be the underlying foundation of any digitalisation effort.”
The study highlights that the use of multiple vendors is adding to the complexity for security professionals. According to the study, 31 per cent of companies in Vietnam are using more than 10 vendors. While the Vietnamese number is better than the global average of 39 per cent, it is still posing a challenge for companies.
When asked how challenging it is to manage a multi-vendor environment, 76 per cent said it was somewhat or very challenging to orchestrate multiple vendor alerts. This is in line with the global trend, with 79 per cent of respondents across the world highlighting this as an issue.
Kerry Singleton, cybersecurity director for the ASEAN at Cisco, said: “Complexity due to a multi-vendor environment and the increased sophistication of businesses with OT networks and multi-cloud adoption continue to challenge security practitioners in the Asia-Pacific. As organisations look to reduce the impact of a cybersecurity breach, they need a simplified and systematic approach to security in which solutions act as a team, and learn, listen, and respond as a co-ordinated unit.
“One way for organisations to simplify security is by considering a Zero Trust approach which looks at security in three key areas – workforce, workload, and workplace. Doing so enables organisations to protect users and their devices against stolen credentials, phishing, and other identity-based attacks, manage multi-cloud environments, and contain lateral movement across the network,” he said.
Other key trends that emerged from the study include:
The top three barriers for adopting advanced security technologies in Vietnam are:
- lack of trained personnel (47 per cent)
- lack of knowledge about advanced security processes and technology (40 per cent)
- budget constraints (36 per cent)
In fact, a lack of trained personnel is an issue for a greater number of companies in Vietnam this year compared to 2018, when only 37 per cent of organisations cited it as a main challenge.
When it comes to data breaches and the improvements that were made following a breach, the top improvement among Vietnamese companies was to increase security awareness training among employees (62 per cent), followed by increased investment in security defense technologies or solutions (48 per cent) and increased focus on preventing security breaches caused by employee-owned mobile devices (46 per cent).