GET STARTED
Introduction In the age of the customer, the threat landscape is constantly evolving. Attackers are out to steal your company s data, and the ever-expanding number of devices and technologies being introduced into your environment makes the task of protecting your network and applications more difficult than ever. 1 In APAC, due to its sheer size and complexity, this challenge is particularly daunting. There are special economic and political considerations, and most countries China in particular are rife with cyberattacks. Companies operating in this region strive to strike a balance between protecting their organizations and conforming to the product and service standards that consumers demand. In March 2016, Tenable commissioned Forrester Consulting to conduct a survey evaluating vulnerability management adoption trends in Asia Pacific, including the perceived challenges, drivers, and benefits of various vulnerability management strategies and investments. 5% 9% 33% 53% Where do you work? China: 25% Singapore: 25% Japan: 25% ANZ: 25% How large is your company? Number of employees: 500 to 999: 33% 1,000 to 4,999: 53% 5000 to 19,999: 9% 20,000 or more: 5% What is your title? All respondents are at the manager level or above and working in IT, with responsibility for vulnerability management.
1 2 Managing Risk Is A Top Priority For APAC Security Decision-Makers Reducing risk is a top driver of strategic IT objectives for APAC firms. Our survey found that reducing risk and increasing security posture is the No. 2 overall IT priority behind improving IT service delivery for the business. Our survey also found that: Top security initiatives focus on protecting customer data. A number of different security initiatives are considered to be a high or critical priority. Among the top initiatives are application security (89%), data security (88%), and protecting customers personal information (87%). Vulnerability management solutions, historically focused on compliance, are shifting to a risk focus. Our survey found that: Forty percent of APAC security decision-makers said that their vulnerability management programs are primarily strategic, in order to help the organization understand the risks to assets. Another 37% said that their vulnerability management program combines a compliance and risk focus. Only 23% still prioritize compliance above understanding their risk posture.
1 2 Eighty Percent Of Companies Were Attacked In The Past Year The focus on risk is not without merit. Our study found that 80% of companies have been attacked at least once in the past 12 months, with phishing and DNS-based attacks being the most common. As new technologies and devices are introduced by employees, customers, and partners, the potential for vulnerabilities increases. These attacks have a damaging impact the business, with consequences ranging from lost productivity, loss of business renewals, and loss of new customer wins to increased operational expenses, breaches of contract, and an increase in negative branding/perception.
Many Vulnerability Management Solutions Are Insufficient Despite security decision-makers assertion that risk management is their top vulnerability management priority, only 22% have ongoing scans that monitor their environments for new threats continuously. This may be due to insufficient strategies or vulnerability management platforms; our study found that respondents have a lot of vulnerability management challenges, including difficulties with remediating breaches across security and operations, prioritizing vulnerabilities, and monitoring mobile and cloud threats. Despite having a risk management focus, only 22% of respondents monitor their environments continuously.
Security Pros Seek To Invest In Better Solutions Security professionals in APAC are expanding their investments in an array of different network security and security operations technologies, including mobile security, network analysis and visibility, internet-of-things security, and wireless security, among many others. Our survey found that when considering investments in network vulnerability management or continuous monitoring solutions, respondents most highly value the ability to identify, scan, and protect devices; active scanning; malware analysis; benchmarks to compare current security controls; continuous scanning/listening capabilities; and coverage across cloud, virtualized, and mobile environments. Security teams have failed to make the investments necessary to instrument breach detection across the business. These investments include the people, process, and oversight required to make technology deployments. 2
Conclusion Companies are under a constant threat of cyberattacks and have declared risk management to be a major priority yet their current security approaches often fail to protect them adequately. Security decision-makers must re-evaluate their processes and technologies against industry best practices to ensure that they can mitigate evolving threats. METHODOLOGY This Technology Adoption Profile was commissioned by Tenable. To create this profile, Forrester conducted a custom survey of 120 enterprise IT decision-makers responsible for security and vulnerability management at companies in China, Singapore, Japan, Australia, and New Zealand. The custom survey was conducted in March 2016. ENDNOTES 1 Source: Defend Your Digital Business From Cyberattacks Using Forrester s Zero Trust Model, Forrester Research, Inc., September 23, 2015. 2 Source: Defend Your Digital Business From Cyberattacks Using Forrester s Zero Trust Model, Forrester Research, Inc., September 23, 2015. ABOUT FORRESTER CONSULTING Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scope from a short strategy session to custom projects, Forrester s Consulting services connect you directly with research analysts who apply expert insight to your specific business challenges. For more information, visit forrester.com/consulting. 2016, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go to forrester.com. [1-ZIFT3K] Project Director: Mark Brozek Sr. Market Impact Consultant Contributing Research: Forrester Security and Risk team