Companies in Asia Pacific and Japan spend 11% of their technology budget on cybersecurity in 2022, an 8.6% increase over the previous year. Moreover 90% undertook threat hunting to bolster their cybersecurity capabilities in 2021; and of those that did, 85% stated the approach is critical to their company’s overall capabilities.
“It’s great to see organisations taking cybersecurity more seriously, with budgets and maturity levels on the rise and organisations looking to build threat hunting into their cyber defence strategies,” said Aaron Bugal, global solutions engineer at Sophos.
Bugal is commenting on the additional findings from its survey that were released yesterday. Entitled “The Future of Cybersecurity in Asia Pacific and Japan”, it was conducted in collaboration with Tech Research Asia.
He pointed out that even with additional investment in cybersecurity, organisations need to ensure they are not overstating their maturity levels and the implementation of threat hunting solutions, leading to complacency.
“With increased maturity and investment, one would think successful cyberattacks would decline, however they continue to wreak havoc. Sophos’ State of Ransomware Report reveals 72% of APJ organisations were hit by ransomware in 2021, up from 39% in 2020. With this in mind, it’s important organisations review their cyber strategies regularly and address the gaps.”
This is becoming increasingly important considering Sophos has seen an uptick in the number of instances where organisations are being attacked multiple times – sometimes simultaneously.
Nearly half of organisations have a passive cybersecurity approach
The Sophos survey found that 45% of companies polled haven’t made a change to their cybersecurity approach in the last 12 months, indicating a passive attitude to cybersecurity.
“Organisations must be active in their approach to combatting cyberattacks, with threat hunting functioning as an always-on activity and not a once or twice a year exercise. Organisations must constantly be on the front-foot to identify and thwart attacks, and regular and consistent threat hunting is key to this; failure to do so means organisations will remain vulnerable,” said Bugal.
Unfortunately, survey results revealed 49% of companies plan to take a more proactive stance in protecting their digital assets in the next six months, and this strategy change is only spurred by a cyberattack on their organisation.
“Cybersecurity strategies must move with – or even faster than – the threat landscape and, sadly, that’s not happening at the moment. By updating cybersecurity strategies after a successful attack, organisations will always remain in a reactive state and continue to be easy targets for attacks. Organisations that need help can outsource all or part of their threat hunting procedures to experts who monitor systems 24/7 and who also have access to telemetry and artificial intelligence for faster detection and response capabilities,” said Bugal.
