Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

Asia's Security Leaders Feel Underprepared for Future Threats: Report

A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.

Security professionals in Asia expect major breaches of critical infrastructure, and of their own organizations, to occur within the next two years, according to a study released today.

The study, Cyber Risk in Asia, is being published by Black Hat Asia, one of the region's top cybersecurity conferences. This year's event will take place Mar. 20-23 in Singapore.

More than two-thirds (67%) of cybersecurity professionals surveyed for the study said they believe a major, successful cyberattack affecting multiple Asian countries will likely occur within the next two years. Some 72% said they believe they will have to respond to a major breach of their own organizations within the next 12 months.

A chief reason for these concerns is cyber activity coming from large nation-states. Some 57% of the survey respondents said they believe recent actions by Russia, China, and North Korea have made their enterprise data less secure. Several exploits affecting critical infrastructure, including Operation PZChao, have already been detected, the report notes.

A lack of resources is also contributing to poor confidence among Asian cybersecurity professionals, the study indicates. Fifty-eight percent of respondents do not feel they have enough staff to respond to the threats they believe they will face in the coming year. Fifty-seven percent said they have insufficient budget; 69% feel they do not have enough training to perform the job functions required of them.

The Black Hat Asia survey responses were remarkably similar to those from similar surveys conducted among attendees of Black Hat USA and Black Hat Europe in 2017. In all three studies, a majority of security professionals said they believe a major critical infrastructure breach will occur in their regions within the next two years, and a major breach of their own organization will occur even sooner.

A majority of the respondents to the Black Hat Asia study (56%) said they are most concerned about sophisticated attacks specifically targeting their organization. Social engineering attacks were the second-greatest concern, followed by polymorphic malware.

Like their counterparts in Europe and the United States, however, Asian security professionals said they are not able to focus their resources on the threats they most fear. Compliance-related initiatives are the second-greatest consumer of manpower and budget among the Black Hat Asia survey respondents, often detracting from the resources available to respond to imminent threats. Targeted attacks (31%) and phishing and social engineering threats (21%) are other top consumers of security budgets.

End users were cited as the weakest link in enterprise defenses, as cited by 38% of Black Hat Asia survey respondents. These insiders may also represent the greatest threat: nearly a third (31%) of Asian security professionals say the adversaries they fear most are those with strong knowledge of their organization and trusted access to enterprise systems and data.

"Humans are not the only cause for IT professionals' concern," the study continues. "Fifteen percent of the respondents in the Black Hat Asia survey said their biggest weakness stemmed from a lack of planning and a tendency within their organizations to treat IT as a tactical, fire-fighting mission."

Data from the Black Hat Asia study, as well as the Black Hat studies in Europe and the United States, will be presented at the Black Hat Asia conference on Mar. 22.

Related Content:

 

 

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
markgrogan
50%
50%
markgrogan,
User Rank: Apprentice
8/8/2018 | 9:18:24 AM
hi
The cyber industry is in itself developing, so of course not a lot of leaders are going to know what to do if there are any technological threats that affect their country. Look at what happened in the trial of Mark Zuckerburg! Some of the senators who were questioning clearly demonstrated to knowledge of how social media works, let alone trying to lead a nation into some technologically advanced future. I'd be shocked if there is going to be progress like that if they don't bring any new blood into the cabinet.
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Could you pass the hash, I really have to use the bathroom!
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9892
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbit...
CVE-2019-10066
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment i...
CVE-2019-10067
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context...
CVE-2019-6513
PUBLISHED: 2019-05-21
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
CVE-2019-12270
PUBLISHED: 2019-05-21
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The ...