Cyberattacks are increasing in frequency and sophistication worldwide with threat actors targeting organisations via multi-vector approaches to steal vital information, holding enterprises to ransom as well as causing reputational and financial damage. According to the IDC Info Snapshot, Curating Trusted Partnerships by Building a Secure, Robust, and Profitable Ecosystem, commissioned by Kaspersky, in 2022, two in three enterprises (65%) in Asia/Pacific fell prey to ransomware with victims having no guarantee of data recovery. With the steady rise in cybercrime rates, organisations are now actively focusing on the importance of appropriate effective cybersecurity investments. These investments are critical in their efforts to mitigate and prevent ransomware attacks
“In an environment that is seeing accelerated digital transformation and constantly evolving risk vectors, enterprises require cybersecurity investments that include technical solutions, encompass buy-in from technological and management stakeholders as well as a change in strategic mindset towards cyber resilience while ensuring business processes remain mission capable against disruptions,” said, Bridget Huang, MSP Partner Account Manager forAsia Pacific, Kaspersky.
Asia/Pacific enterprises are cognisant of the need to bolster their cybersecurity posture with increased investments across predictive analytics (Eg. SIEM, XDR and NITA), managed security services (MxDR, MDR and threat intelligence), threat intelligence solutions, endpoint security solutions (EDR and anti-ransomware) as well as cyber resilience services. According to IDC, several enterprises who were subjected to ransomware attacks attributed prior investments in security solutions that helped to thwart the attempt with 64% having invested in network detection & response (NDR) solutions, 47% in security information and event management (SIEM) and endpoint detection & response (EDR) for 43% of respondents.
However, many enterprises are unable to enact a holistic cybersecurity programme on account of a host of factors, including a lack of skilled personnel, fragmented and unnecessarily complex existing IT and security platforms as well as budgetary limitations.
Enterprises, and small to medium organisations in Asia/Pacific lack the necessary expertise and resources to establish a robust cybersecurity programme, including the appropriate artificial intelligence and machine learning (AI/ML) capabilities for effective cybersecurity processes. To address shortcomings in capabilities, resources and knowledge, enterprises are increasingly relying on forming strategic partnerships and outsourcing key cybersecurity operations with trusted third-party managed security service providers (MSSP).
Enterprises are turning towards outsourcing cybersecurity operations to third-party managed security service providers (MSSP) to address these shortcomings in capabilities as well as resources.
Many small to medium organisations lack the capabilities and resources to enact a sufficiently robust cybersecurity programme as well as lacking artificial intelligence and machine learning (AI/ML) capabilities for cybersecurity processes. To bridge the resource and knowledge gap, Asia/Pacific enterprises are forming strategic partnerships and outsourcing key cybersecurity operations to trusted third-party managed security service providers (MSSPs).
Strategic partnerships as a solution to address resource and technology gaps
According to the IDC Info Snapshot, the majority of Asia/Pacific enterprises (89.5%) gave a rating over 7 out of 10 when asked about their likelihood to adopt security services from an external service vendor for their DX initiatives, while several are looking to consolidate their existing service providers and engage one who can offer multiple services at reasonable cost to simplify from having to manage multiple vendor solutions.
“MSSPs seeking a long-term MxDR service provider will collaborate with those who can provide performance-driven KPIs and metrics such as reduced false alerts, better efficiency by automating repetitive tasks, MTTD, MTTR and proactive threat detection with advanced analytics,” says Huang.
By 2025, IDC predicts that 45% of CEOs in Asia/Pacific will demand security metrics and results to assess and validate investments made in their security programmes which makes preparing and being able to meet these metrics vital for MSSPs selecting long term technology providers.
“MSSPs need to select a long-term MxDR service provider who can offer assessable metrics and proven results but also superior technical understanding of the cyber threat landscape and best-in-class technologies capable of meeting a challenging cybersecurity environment,” adds Huang.
