Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

Asia's Security Leaders Feel Underprepared for Future Threats: Report

A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.

Security professionals in Asia expect major breaches of critical infrastructure, and of their own organizations, to occur within the next two years, according to a study released today.

The study, Cyber Risk in Asia, is being published by Black Hat Asia, one of the region's top cybersecurity conferences. This year's event will take place Mar. 20-23 in Singapore.

More than two-thirds (67%) of cybersecurity professionals surveyed for the study said they believe a major, successful cyberattack affecting multiple Asian countries will likely occur within the next two years. Some 72% said they believe they will have to respond to a major breach of their own organizations within the next 12 months.

A chief reason for these concerns is cyber activity coming from large nation-states. Some 57% of the survey respondents said they believe recent actions by Russia, China, and North Korea have made their enterprise data less secure. Several exploits affecting critical infrastructure, including Operation PZChao, have already been detected, the report notes.

A lack of resources is also contributing to poor confidence among Asian cybersecurity professionals, the study indicates. Fifty-eight percent of respondents do not feel they have enough staff to respond to the threats they believe they will face in the coming year. Fifty-seven percent said they have insufficient budget; 69% feel they do not have enough training to perform the job functions required of them.

The Black Hat Asia survey responses were remarkably similar to those from similar surveys conducted among attendees of Black Hat USA and Black Hat Europe in 2017. In all three studies, a majority of security professionals said they believe a major critical infrastructure breach will occur in their regions within the next two years, and a major breach of their own organization will occur even sooner.

A majority of the respondents to the Black Hat Asia study (56%) said they are most concerned about sophisticated attacks specifically targeting their organization. Social engineering attacks were the second-greatest concern, followed by polymorphic malware.

Like their counterparts in Europe and the United States, however, Asian security professionals said they are not able to focus their resources on the threats they most fear. Compliance-related initiatives are the second-greatest consumer of manpower and budget among the Black Hat Asia survey respondents, often detracting from the resources available to respond to imminent threats. Targeted attacks (31%) and phishing and social engineering threats (21%) are other top consumers of security budgets.

End users were cited as the weakest link in enterprise defenses, as cited by 38% of Black Hat Asia survey respondents. These insiders may also represent the greatest threat: nearly a third (31%) of Asian security professionals say the adversaries they fear most are those with strong knowledge of their organization and trusted access to enterprise systems and data.

"Humans are not the only cause for IT professionals' concern," the study continues. "Fifteen percent of the respondents in the Black Hat Asia survey said their biggest weakness stemmed from a lack of planning and a tendency within their organizations to treat IT as a tactical, fire-fighting mission."

Data from the Black Hat Asia study, as well as the Black Hat studies in Europe and the United States, will be presented at the Black Hat Asia conference on Mar. 22.

Related Content:

 

 

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
markgrogan
50%
50%
markgrogan,
User Rank: Apprentice
8/8/2018 | 9:18:24 AM
hi
The cyber industry is in itself developing, so of course not a lot of leaders are going to know what to do if there are any technological threats that affect their country. Look at what happened in the trial of Mark Zuckerburg! Some of the senators who were questioning clearly demonstrated to knowledge of how social media works, let alone trying to lead a nation into some technologically advanced future. I'd be shocked if there is going to be progress like that if they don't bring any new blood into the cabinet.
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12346
PUBLISHED: 2019-06-24
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
CVE-2014-9699
PUBLISHED: 2019-06-24
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server.
CVE-2019-7231
PUBLISHED: 2019-06-24
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that termi...
CVE-2017-17945
PUBLISHED: 2019-06-24
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
CVE-2019-10271
PUBLISHED: 2019-06-24
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. ...