People, Process and Technology Challenges Stand in the Way of Preventive Security in Asia Pacific

Uncover the obstacles hindering preventive cybersecurity and ways to build cyber resilience for your APAC organisation in a commissioned study conducted in 2023 by Forrester Consulting on behalf of Tenable.

Amid heightened scrutiny from government agencies, insurance firms and investors, many organisations encounter difficulties in delivering effective reports and conveying their risk posture. Against the backdrop of a progressively intricate threat landscape, organisations in the Asia-Pacific region (APAC) confront substantial hurdles in precisely gauging their susceptibility to cyberattacks. An array of hindrances stemming from people, processes and technology compounds the difficulties, rendering it highly demanding for cybersecurity teams to effectively implement preventive security measures.

A new white paper, “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in APAC”, reveals that, in the last two years, the average organisation was prepared to preventively defend 59% of the cyberattacks they encountered. However, having only this much coverage leaves them vulnerable to 41% of these attacks, which they were forced to reactively mitigate rather than stop altogether. 

More than three-quarters (76%) of security and IT leaders believe their organisation would be more successful at defending against cyberattacks if it devoted more resources towards preventive cybersecurity. The white paper is based on a commissioned survey of 825 cybersecurity and IT leaders, including 219 APAC respondents, conducted in 2023 by Forrester Consulting on behalf of Tenable.

Challenges at a glance

People Challenges: Cybersecurity and IT teams are often siloed and their performance is evaluated using separate and contradictory criteria and goals. Internal attitudes make coordination between IT and security teams difficult and time-consuming.

The study reveals a striking statistic: Six in 10 respondents (61%) concur that their cybersecurity teams are too busy fighting critical incidents, leaving them little time to adopt a proactive approach to reducing their organisation's cyber risk. 

Process Challenges: Managing a plethora of third-party technologies without proper processes can make APAC organisations vulnerable. In the era of cloud-based services and applications, seven in 10 respondents (72%) their organisations use a third-party program for SaaS apps and services. However, under half (48%) have high and very high visibility into third-party environments. This lack of visibility can be a ticking time bomb, creating potential blind spots that cyber attackers could exploit.

Technology Challenges: Professionals using siloed tools are unable to determine the relationships among users, systems and software, and different measurement metrics among all the different tools make it difficult to accurately assess risk. While most respondents (75%) say they consider user identity and access privileges when they prioritise vulnerabilities for remediation, over half (53%) say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices.

Tackling these challenges with exposure management

Amidst these challenges, there is a silver lining. APAC organisations, irrespective of their current cybersecurity maturity level, have the power to take proactive steps toward reducing cyber risk. Implementing a robust exposure management program is the key to overcoming these hurdles.

An exposure management program empowers organisations to assess their vulnerabilities, prioritise remediation efforts and streamline their cybersecurity operations. By shifting the focus from reactive measures to proactive strategies, businesses can stay ahead of cyber threats and fortify their defences.

By addressing these challenges head-on and embracing a proactive approach to cybersecurity, APAC businesses can safeguard their digital assets, customer trust and their overall reputation. The study serves as a wake-up call, highlighting the urgency of taking action. It's time for Australian organisations to shed old habits, empower their teams and embrace a future where preventive cybersecurity reigns supreme.

To learn more about these challenges, gain insights into how the most mature organisations are addressing them and see recommendations for how to overcome these challenges, download the white paper, “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in APAC”.