SINGAPORE (Oct 1): Singapore is stepping up efforts to bolster its defence against the rising threat of cyberattacks. But multinational technology conglomerate Cisco warns that companies here are spending more on cybersecurity – in the wrong ways.
Senior Minister Teo Chee Hean on Tuesday introduced a masterplan to safeguard Singapore’s operational technology (OT) systems from cyberattacks that have the potential to cripple important sectors such as transport and power.
But Cisco’s 2019 Asia Pacific CISO Benchmark study, released on the same day, found that companies in Singapore are facing longer downtimes and higher financial costs from cybersecurity breaches compared to global averages.
Some 27% of companies in Singapore experienced a downtime of 24 hours or more after their most severe breach, compared to a mere 4% globally. The Singapore figure also denotes a dramatic increase from just 5% in the preceding year.
Similarly, 39% of local companies witnessed a financial impact of $1 million or more from their most significant breach in the past year, compared to 30% globally.
“The two factors are often related,” says Stephen Dane, Managing Director of Security for Asia Pacific, Japan and China at Cisco. “Larger downtimes result in higher financial costs, as it becomes more difficult to figure out the problem with time.”
More alerts investigated, fewer remediated
The good news, according to Dane, is that companies in Singapore have seen an improvement in the number of alerts investigated. According to the study, companies in Singapore investigated 45% of threats, up from 41% in 2018.
However, he stresses that there has been a significant decline in the number of legitimate alerts that were remediated – falling nine percentage points to 41% from 50% in 2018. And although the Singapore figure is ahead of the regional average of 38%, Dane describes this as “a significant red flag” for the country.
The reason behind this might well lie in the sheer number of alerts that security practitioners in Singapore are flooded by on a daily basis. The study, based on a survey of some 2,000 security professionals across the region, identifies that 48% of respondents in Singapore receive more than 10,000 threat alerts a day, compared to the global figure of 35%.
“With the number of cyber threats increasing rapidly, the real challenge lies in what comes after the alert is received,” says Dane.
“In the case of Singapore, we feel that the professionals often find themselves overwhelmed with information, which then results in fewer alerts being acted upon – something we term cyber fatigue,” he adds.
Quality, not quantity
Singapore has worked long and hard to carve a name for itself as a leading nation in terms of technology, and a centre of excellence for tech talent. And this, according to Dane, has resulted in companies turning to numerous cybersecurity vendors for products and services.
While this means a greater scope for cyber threat detection, Dane is quick to emphasise that it does not automatically translate into greater efficiency.
The study revealed that 34% of companies in Singapore are using more than 10 vendors. While lower than the global average of 39%, this is a relatively sharp spike compared to the 2018 figure of 27%.
At the same time, 90% of companies said it was somewhat or very challenging to manage a multi-vendor environment, compared to the global average of 79%.
Dane’s observation is simple: Companies in Singapore are spending more on quantity instead of quality when it comes to cybersecurity solutions.
“Complexity due to a multi-vendor environment and the increased sophistication of businesses with [operational technology] and multi-cloud adoption continue to challenge security practitioners in Asia Pacific,” says Dane.
As organisations look to reduce the impact of a cybersecurity breach, they need a simplified and systematic approach to security in which solutions act as a team, and learn, listen and respond as a coordinated unit,” he adds.
Dane highlights how companies today are generally inclined to spend large amounts of money on another tool that not only has little added value in terms of threat discovery, but are likely to create more complexities for the company.
“Integration is key,” says Dane. “The use of multiple vendors [and products] result in a fragmented approach towards cybersecurity, and more often than not, this puts a strain on the company’s employees and resources.”