4 in 5 Singapore firms went for continuity over security

More than four in every five (82%) of Singapore senior security professionals say cybersecurity has taken a back seat in the last year in favour of accelerating other digital business initiatives, according to a new report from CyberArk.

The report is based on a survey conducted by Vanson Bourne of 1,750 IT security decision makers who are based in the United States, the United Kingdom, France, Germany, Japan, Italy, Spain, Brazil, Mexico, Israel, Singapore and Australia.

Findings show  that every major IT or digital initiative results in increasing interactions between people, applications and processes, creating large numbers of digital identities. 

If these digital identities go unmanaged and unsecured, they can represent significant cybersecurity risk, with 74% of non-humans or bots having access to sensitive data and assets.

The average staff member has greater than 28 digital identities, but machine identities now outweigh human identities by a factor of 27x on average.

Also, 89% of Singapore respondents store secrets in multiple places across DevOps environments, while 87% say developers typically have more privileges than necessary for their roles.

The report also noted the prevalence and type of cyber threats facing security teams and areas where they see elevated risk.

Credential access was the number one area of risk for respondents (at 43%), followed by defence evasion (41%), persistence (33%), privilege escalation (32%) and execution (31%).

Almost 80% of Singapore organisations surveyed have experienced ransomware attacks in the past year — two each on average.

Seven in every 10 (69%) have done nothing to secure their software supply chain post the SolarWinds attack and most (70%) admit a compromise of a software supplier would mean an attack on their organisation could not be stopped.

Security professionals agree that recent organisation-wide digital initiatives have come at a price. This price is “cybersecurity debt” — security programs and tools that have grown but not kept pace with what organisations have put in place to drive operations and support growth. 

This debt has arisen through not properly managing and securing access to sensitive data and assets, and a lack of Identity Security controls is driving up risk and creating consequences.

The debt is compounded by the recent rise in geopolitical tensions, which have already had direct impact on critical infrastructure, highlighting the need for heightened awareness of the physical consequences of cyber attacks.

Among respondents, 82% agree that their organisation prioritised maintaining business operations over ensuring robust cyber security in the last 12 months.

Less than half (46%) have Identity Security controls in place for their business-critical applications.

To address the situation, CyberArk advises that firms push for transparency, introduce strategies to manage sensitive access, and prioritise identity security controls to enforce Zero Trust principles.