Infoblox, the leader in DNS management and security services, today unveils a report examining the state of security concerns, costs, and remedies. As the pandemic and uneven shutdowns stretch into a third year, organisations are accelerating digital transformation projects to support remote work. Meanwhile, attackers have seized on vulnerabilities in these environments, creating more work and larger budgets for security teams.
1,100 respondents in IT and cybersecurity roles in 11 countries – United States, Mexico, Brazil, United Kingdom, Germany, France, the Netherlands, Spain, United Arab Emirates, Australia, and Singapore – participated in the survey.
Key findings from Singapore respondents include:
-
Singapore reported among the lowest response-time rates among respondents from other countries. Less than half of Singapore organisations (49%) said they were generally able to respond to a threat within 24 hours. This presents an opportunity for cybersecurity professionals to improve their threat intelligence capabilities. Unfortunately, challenges such as poor network visibility (32%), shortage of IT security skills (32%), and funding (28%) are most likely to hamper Singapore organisations’ threat detection efforts going forward
-
Singapore organisations saw higher rates of security incidents and breaches compared to other countries. 65% of Singapore respondents experienced six or more IT security incidents, compared to 21% of global respondents. A large majority (73%) reported their organisations’ IT security incidents resulted in a breach. Among those that suffered a breach, respondents reported that the most likely culprits were a cloud infrastructure or application (45%), an IoT device or network (42%), or remote, employee-owned endpoint (32%).
-
Singapore workers continued to fall for phishing scams. Though ransomware often grab headlines, phishing is the most common conduit for illegal entry. Phishing attacks accounted for 68% of breaches reported in the past 12 months in Singapore, followed by ransomware (59%) and APTs (57%). Phishing usually signals the need or failure of employee and customer security awareness training that require technological backstops.
-
Singapore organisations are most concerned about their vulnerabilities in defending against data leakage, ransomware, and remote-worker compromises. The loss of direct security controls and network visibility has 51% of Singapore organisations most concerned about data leakage. Up to 42% worry remote connections will come under attack, including by those behind ransomware, while (35%) are concerned about networked IoT attacks. Additionally, direct attack through cloud services is a top concern for 29% of Singapore respondents, given the growing reliance on cloud-based or hybrid environments and rash of third-party breaches.
-
Singapore organisations are putting more resources toward cloud, data, and network protections. A large majority of respondents (73%) in Singapore reported an increase in IT security budgets in 2021, and 69% expect their budgets to increase in 2022. Popular purchase options for on-premises investments include DNS security (28%) and network security (26%). Data encryption (37%) and cloud access security brokers (36%) are the most popular cloud-based investments.
-
Interest in Secure Access Service Edge (SASE) frameworks in Singapore is accelerating. As assets, access, and security move out of the network core to the edge with the push for virtualization, 61% of Singapore organisations have already partially or fully implemented SASE. Additionally, another 29% has plans to do so, through either one vendor (44%) or many (56%).
"The pandemic shutdowns over the past two years have reshaped how organisations in Singapore operate," said Alvin Rodrigues, Field Chief Security Officer, Asia Pacific, Infoblox.
"With Singapore’s high rate of security breaches and slow response rates, cloud-first networks and corresponding security controls have gone from nice-to-have features to business mainstays. To address the spike in cyberattacks, security teams are turning to DNS security and zero trust models like SASE for a more proactive approach to protecting corporate data and remote devices,” he added.
The full report is available for download here.