Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Enterprises increasingly prioritising budget for cyber security

Sophos data has shown that 11 per cent of technology budgets are now dedicated to cyber security, an increase from 8.6 per cent the previous year.

user iconReporter
Mon, 29 Aug 2022
Enterprises increasingly prioritising budget for cyber security
expand image

Asia-Pacific and Japan organisations have identified threat hunting as a key consideration, according to Sophos researchers, for strengthening cyber security defences with most organisations (90 per cent) undertaking threat hunting to bolster their cyber security capabilities in 2021. Of those that did, 85 per cent stated the approach is critical or important to their company’s overall cyber security capabilities.

According to the global solutions engineer at Sophos, Aaron Bugal, Sophos' State of Ransomware Report reveals 72 per cent of APJ organisations were hit by ransomware in 2021, up from 39 per cent in 2020.

"Given that threat hunting has become a priority for the majority of organisations, it’s interesting to see that cyber security professionals rank 'not being able to keep up with the pace of threats' in their top five frustrations in 2022, as indicated in the survey.

============
============

"Even with the additional investment, organisations need to ensure they are not overstating their maturity levels and the implementation of threat hunting solutions, leading to complacency.

"With increased maturity and investment, one would think successful cyber attacks would decline, however they continue to wreak havoc," Bugal said.

Considering Sophos has seen an uptick in the number of instances where organisations are being attacked multiple times – sometimes simultaneously, prioritising cyber security is becoming increasingly important.

"With this in mind, it’s important organisations review their cyber strategies regularly and address the gaps.

"It’s great to see organisations taking cyber security more seriously, with budgets and maturity levels on the rise and organisations looking to build threat hunting into their cyber defence strategies.

"Organisations must be active in their approach to combating cyber attacks, with threat hunting functioning as an always-on activity and not a once or twice a year exercise," Bugal said.

The survey also found 45 per cent of companies surveyed haven't made a change to their information or cyber security approach in the last 12 months, indicating a passive attitude to cyber security – something that must be addressed as a priority.

The driving factor behind a change in strategy is an attack or breach, according to Sophos researchers, which has led to an "attack, change, attack, change" cycle, a trend observed since 2019. Half of (49 per cent) of the surveyed respondents are planning to make changes in the next six months due to experiencing an attack, highlighting the current reactive approach organisations take to managing their security.

Organisations must constantly be on the front-foot to identify and thwart attacks, Bugal further explains, and regular and consistent threat hunting is key; failure to do so means organisations will remain vulnerable.

"Cyber security strategies must move with – or even faster than – the threat landscape and, sadly, that’s not happening at the moment.

"Organisations that need help can outsource all or part of their threat hunting procedures to experts who monitor systems 24/7 and who also have access to telemetry and artificial intelligence for faster detection and response capabilities," Bugal said.

"By updating cyber security strategies after a successful attack, organisations will always remain in a reactive state and continue to be easy targets for attacks."

[Related: Android Trojans and domain name attacks top July cyber threat trends]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.