Singapore firms take 118 hours to detect, contain cyber attacks

After detecting a breach, businesses in the city-state take 37 hours on average to investigate and contain the attack, compared to the 31 hours companies across the globe take to do likewise.

Businesses in Singapore take an average of 118 hours to detect and respond to security breaches, including 63 hours to detect intruders in their network and eight hours before a team is assigned to determine a remedy. They then require 10 hours to fully investigate the breach and another 37 hours to contain and respond to the cybersecurity breach. 

Worldwide, on average, organisations took 162 hours, or just under seven days, to detect and respond to breaches, according to a CrowsStrike survey, which polled 1,900 senior IT decision makers and security professionals across 11 markets, including Japan, Australia, India, the UK, and the US. Some 100 respondents were based in Singapore. The study was conducted by market research firm Vanson Bourne.

APAC firms will need AI as speed increasingly critical in cyberdefence

With cybercriminals taking less and less time to break into corporate systems, enterprises will have to tap artificial intelligence and machine learning tools to bolster their ability to defend against attacks and beef up their network resilience.

Read More

Across the board, organisations needed 31 hours on average to contain a breach after it had been detected and investigated. This meant that 80% were unable to stop intruders in their network from accessing targeted data over the past 12 months, with 44% attributing the reason for this to their tardiness in detecting a breach.

In Singapore, 48% of respondents were able to identify the attackers following a breach, while 92% viewed nation-state attacks as the highest threat to cybersecurity. Another 17% of cybersecurity teams in the country treated the detection of intruders on their network as a priority. 

CrowdStrike recommends a defence model it calls the 1-10-60 rule, in which enterprises should be able to detect a breach in 1 minute, investigate it within 10 minutes, and remediate the issue within 60 minutes. 

However, the security vendor noted, 95% of enterprises across all markets did not meet any of these three time rules, with only 11% able to detect intruders under one minute. Just 9% could investigate a breach in 10 minutes, while 33% were able to contain an incident in an hour. 

On average, respondents took 120 hours to detect a cybersecurity incident. 

Across the board, 32% cited difficulty in securing or upgrading legacy systems as a reason for their inability to detect a breach more quickly. Another 30% pointed to a lack of resources in the cybersecurity team, while 28% noted that shadow IT made it challenging to detect breaches.

According to the study, the number of companies that reported attacks on supply chains doubled to 34% this past year, up from 16%. More also paid ransoms to recover data encrypted in a software supply chain attack, more than doubling from 14% to 40%. In fact, more than half of companies in food and beverage, hospitality, and entertainment and media industries did so in the past year. 

In addition, 83% of respondents worldwide saw nation-state sponsored attacks as a clear danger to organisations in their domestic market, including 97% in India and 84% in the US.

CrowdStrike Services' vice president Thomas Etheridge said: "The study clearly shows organisations are severely lacking in their abilities to not only detect and prevent an attack, but also to respond to and remediate the incident. In fact, 95% of respondents acknowledge that something more needs to be done to prevent a breakout once an intruder is in the network. 

"A reliance on legacy infrastructure, exacerbated by a lack of resources and expertise, has hampered organisations' abilities to mount an effective defence against the adversaries they face," Etheridge said.

He urged companies to adopt the cloud for endpoint security so their IT teams had comprehensive visibility and "crowdsourced protection" to more effectively address their security and operational needs.

RELATED COVERAGE

APAC firms will need AI as speed increasingly critical in cyberdefence

With cybercriminals taking less and less time to break into corporate systems, enterprises will have to tap artificial intelligence and machine learning tools to bolster their ability to defend against attacks and beef up their network resilience.

One cyber attack can cost major APAC ports $110B

In an "extreme" scenario, a single software virus infecting 15 ports across five Asian markets including Singapore, Japan, and China, can result in losses totalling $110 billion, estimates a new study, which notes 92% of such costs remain uninsured.

APAC firms must transform cybersecurity approach

With the number of data breaches escalating and threat landscape fast evolving, Asia-Pacific enterprises will have to think outside the box and transform their cybersecurity strategy, especially since current tools are no longer effective in staving off attacks.

One in four APAC firms not sure if they suffered security breach

A quarter of Asia-Pacific companies have experienced a security incident, while 27 percent aren't even sure because they haven't conducted any data breach assessment--even as the region is estimated to have lost US$1.75 trillion last year due to cyberattacks.

Lack of collaboration, disclosure affecting APAC security posture

Threat actors are collaborating more effectively than legit businesses in the region, which aren't sharing enough intelligence with others in the industry, says Microsoft Asia CSO.