More than half of IT and security leaders in Singapore believe a cloud breach would make normal operations impossible in their organisations, a report from Illumio shows.
Illumio commissioned Vanson Bourne to conduct a 1,600-person global study of IT and security decision makers across nine countries, including 150 Singaporean respondents.
There were also 200 respondents who are based in Australia and 150 in Japan. The other markets covered include the United States, the United Kingdom, France, Germany, Saudi Arabia, and the United Arab Emirates.
The study also showed that almost all Singaporean organisations (95%) cite improving cloud security will be a key priority over the next year.
Andrew Kay, Illumio’s director of systems engineering in Asia-Pacific and Japan, said the goal of cyberattacks has shifted from monetising data, to impacting business operations and, as a result, the cloud has become a prime target for attack.
“Yet, more than half of Singaporean businesses say they wouldn’t be able to operate in the event of a cloud breach, which is concerning,” said Kay.
“Organisations need to ensure that their infrastructure is attack-tolerant, particularly as cloud usage increases,” he added. “Attackers can’t paralyse critical operations without spreading across a network first – so breach containment and preventing lateral movement has to be the priority.”
The study found that, in many cases, threat actors target the weakest link in an IT network in order ‘break in’ and then move laterally. Lateral movement allows hackers to move deeper into a system to target the most sensitive data and high-value assets.
In the event of a cloud breach, more than one quarter (26%) of Singaporean IT and security leaders say it would be easy for an attacker to find weaknesses in their organisations’ environment and move laterally, as they have limited or no controls in place to limit network discovery or lateral movement, or have a limited amount of preventative and detective controls.
Meanwhile, just one-third (35%) are confident they have excellent preventative controls in place, making it very difficult for attackers to find vulnerabilities.
Illumio noted that while cloud technology affords organisations the ability to scale and innovate, traditional security tools are holding Singaporean businesses back in both respects.
Almost all (96%) of organisations in Singapore believe they need security that better scales with the speed of cloud adoption. Three-quarters (74%) of IT and security decision makers also believe the security function slows down cloud adoption in their organisation.
Further, security and development teams are on the frontlines when it comes to curbing the repercussions of cloud breaches. However, the Illumio research shows that much work needs to be done to best equip them for success.
Nearly half (48%) of local respondents said their business needs to improve collaboration between security and application developers.
Almost all (99%) IT and security decision makers in Singapore believe they need to make it easier for DevOps teams to adopt cloud security best practices, and 91% believe reducing workloads and increasing efficiency for SecOps teams needs improvement.