When it comes to technology budgets, businesses are spending more on cybersecurity, said Sophos recently when releasing results of a survey.
According to The Future of Cybersecurity in Asia Pacific and Japan — done in collaboration with Tech Research Asia (TRA), 11% of technology budgets are dedicated to cybersecurity in 2022, up 8.6% from the previous year.
Asia Pacific and Japan (APJ) organisations have identified threat hunting as a key consideration for strengthening cybersecurity defences, the firm said.
Most organizations (90%) undertook threat hunting to bolster their cybersecurity capabilities in 2021, survey results indicate.
Of those that did the above, 85% stated the approach is critical or important to their company’s overall cybersecurity capabilities, Sophos added.
“Given that threat hunting has become a priority for the majority of organisations, it’s interesting to see that cybersecurity professionals rank ‘not being able to keep up with the pace of threats’ in their top five frustrations in 2022, as indicated in the survey,” said Aaron Bugal, global solutions engineer at Sophos.
Even with the additional investment, organisations need to ensure they are not overstating their maturity levels and the implementation of threat hunting solutions, leading to complacency, he advised.
With increased maturity and investment, one would think successful cyberattacks would decline, however they continue to wreak havoc, Bugal added.
Sophos’ State of Ransomware Report indicates that 72% of APJ organisations were hit by ransomware in 2021, up from 39% in 2020.
With this in mind, it’s important that organisations review their cyber strategies regularly and address the gaps, Bugal said.
In addition, organisations must be active in their approach to combatting cyberattacks, with threat hunting functioning as an always-on activity and not a once or twice a year exercise, he added.
Reactive and passive towards cybersecurity
According to the survey report, 45% of companies surveyed haven’t made a change to their information or cybersecurity approach in the last 12 months, indicating a passive attitude to cybersecurity, Sophos said.
This is something that must be addressed as a priority, the firm added.
The driving factor behind a change in strategy is an attack or breach, leading to an “attack, change, attack, change” cycle, a trend observed since 2019, Sophos said.
In fact, 49% of the respondents are planning to make changes in the next six months due to experiencing an attack, highlighting the current reactive approach organisations take to managing their security, according to the report.
Cybersecurity strategies must move with – or even faster than – the threat landscape and, sadly, that’s not happening at the moment, Bugal observed.