Most Singapore firms still can't keep up with security patches

Businesses in the city-state saw an 18% increase in cyber attacks over the past year, with 58% of breaches associated with a vulnerability where a patch was available but not applied.
Written by Eileen Yu, Senior Contributing Editor

Singapore businesses are experiencing more cyber attacks and still are unable to keep pace with the volume of patches. This has resulted in 58% of breaches that were linked to a vulnerability where a patch was available but not patched. 

Enterprises in the city-state saw an 18% climb in cyber attacks over the past year, with 88% noting they did not have sufficient resources to keep up with the number of software patches, according to a study conducted by Ponemon Institute. Commissioned by ServiceNow, the study polled 3,000 security professionals across nine countries, including 183 in Singapore and 403 in Japan. 

Singapore businesses lost an average of 10 days coordinating with the relevant team prior to applying a patch and reported a 27% increase in downtime due to delays in patching vulnerabilities compared to last year. Some 72% planned to hire an average of five staff members over the next year who would be dedicated to patching.

However, their struggles with patch deployment were not necessarily the result of staffing issues. Some 67% of Singapore respondents pointed to an inability to have a common view of applications and assets across security and IT teams. Another 69% said they could not take critical applications and systems offline to patch them quickly, while 45% struggled to prioritise what needed to be patched. 

Some 49% noted that their organisations were dragged down by heavy manual processes required to patch vulnerabilities. 

Amidst the growing number of cyber attacks, 60% of Singapore security professionals believed hackers currently were ahead of businesses in their use of technology such as artificial intelligence and machine learning. Some 80% believed deploying automation tools helped them respond more quickly to vulnerabilities. 

Their counterparts in Japan appeared to have a tougher time coping with software patches, with 99% of respondents saying they lacked adequate resources to keep up with the volume. They also lose more time, 13 days, when coordinating with the relevant team before a patch was applied. 

Globally, respondents reported a 24% increase in spending to prevent, detect, and remediate cyber attacks, compared to last year. However, on average, it took 12 days more to patch vulnerabilities, which they attributed to data silos and poor organisation coordination. 

For the most critical vulnerabilities, respondents across the nine markets took an average of 16 days to patch. Some 88% said they had to involve other departments within their organisation to deploy a patch and this created coordination issues that delayed patching by 12 days, on average, 

ServiceNow's general manager for security and risk, Sean Convery, said: "Companies saw a 30% increase in downtime due to patching of vulnerabilities, which hurts customers, employees, and brands. Many organisations have the motivation to address this challenge, but struggle to effectively leverage their resources for more impactful vulnerability management. Teams that invest in automation and maturing their IT and security team interactions will strengthen the security posture across their organisations." 


Singapore firms struggling to keep up with security patches

Some 78 percent don't have adequate resources to cope with the volume of patches, and 58 percent say their data breaches are due to human error, reveals global survey.

Singapore sees drop in common security threats, but foresees more data breaches

Cyber Security Agency says the number of common cyber threats, including website defacements and phishing, dipped in Singapore last year, but expects to see more frequent data breaches and disruptive attacks against the cloud in the near future.

Singapore updates guidelines on data breach notification and accountability

Expected to be included as part of the upcoming amendment to the country's data protection law, the new guidelines state businesses must take no more than 30 days to investigate a suspected breach and notify authorities 72 hours after completing their assessment of the breach.

Most Singapore firms experienced data breaches, worried over 5G deployments

Some 96% of companies in the city-state admitted to experiencing a data breach over the past year, with 98% expressing security concerns involving digital transformation initiatives and 5G network deployments.

APAC firms will need AI as speed increasingly critical in cyberdefence

With cybercriminals taking less and less time to break into corporate systems, enterprises will have to tap artificial intelligence and machine learning tools to bolster their ability to defend against attacks and beef up their network resilience.

Editorial standards