 |
| Corporate Culture, Employee Education Vital in Cybersecurity: Sophos |
In its report titled "The Future of Cybersecurity in Asia Pacific and Japan – Culture, Efficiency, Awareness," the global leader in next-generation endpoint and network cybersecurity highlighted the lack of education, leadership, and funding among businesses that block their organization's cybersecurity preparedness.
The comprehensive study of 100 business decision-makers showed that across the country, the majority (64%) of business decision-makers believe lack of security expertise is a challenge for their organization, with 62% observing recruitment of skills to be a struggle. This comes down to the set-up of cybersecurity within organizations, which commonly sees IT staff tasked with security in addition to their other responsibilities.
There is also a broader corporate cultural issue, relating to attitude and behavior, impacting corporate cybersecurity. In fact, 78% of organizations in the Philippines believe the biggest challenge to their security in the next 24 months will be improving cybersecurity awareness and education among employees and leadership.
Less than half (44%) of the organizations have a dedicated cybersecurity budget –- in most cases, budgets are included as part of other broader IT or another departmental spend.
See Also: Sophos Warns Against Notorious Ransomware GandCrab
Only 34% of organizations are regularly making significant changes to their cybersecurity approach, with 30% intending to make changes to their security approach in the next six to 24 months.
As part of this, three in four (77%) companies anticipate their use of external security partners to rise over the next 12 months.
The main triggers for security updates — beyond changes to overall security posture — are technology and product developments, compliance and regulation requirements, and growing awareness of new attacks.
“Our research highlights the struggles organizations face in attaining security expertise and staying up to date. It also shows a lack of visibility into security risk and an overestimation of respondents’ abilities to defend their organizations. For example, on average, one-third of respondents believed their organizations had been the victim of a breach in the last year, whereas anecdotal evidence suggests this number should be close to 100%,” said Chester Wisniewski, principal research scientist at Sophos. “Today’s security teams must be proactive in their response to today’s cyber threats. This requires having the tools to effectively find suspicious activity and access to a network of security knowledge to interpret that information and lead them to appropriate corrective action.”