Zero trust approaches to cybersecurity

Ivanti has unveiled the findings of a Frost & Sullivan study it commissioned, entitled “Embracing Secure Access in a World of Rapidly Expanding Virtual Borders” – which investigates the impact of the COVID-19 pandemic on cybersecurity and compliance attitudes and behaviors in Singapore, Australia and New Zealand.

Examining the impact of COVID-19 on business demand and cybersecurity strategies

The pandemic has negatively impacted business for enterprises in the Asia Pacific region. Most respondents experienced a moderate 1-9 percent reduction in business demand, with Australia having the highest percentage of respondents reported (80 percent), compared to those in New Zealand (73 percent) and Singapore (59 percent).

Overall, 38 percent of respondents said that their main strategy was to focus on IT operations to maintain business operations for their remote workforce during COVID-19.

Perceptions of cybersecurity

More than 40 percent of the respondents in Australia and New Zealand stated that they focused more on cybersecurity to better protect their organisation from attacks. In contrast, enterprises in Singapore showed a slightly lower average increase in cybersecurity licensing, with 56% of respondents reporting a 1-5% increase, compared to the overall average of 60% of enterprises reporting the same over all regions.

The pandemic has also resulted in a reduction of cybersecurity budgets, with a majority of enterprises across Singapore (58%) stating that they would stop buying new cybersecurity solutions and only focus on vital refreshes.

In terms of critical areas for cyber security spending, respondents in Singapore pointed to secure web gateway (41%), software-defined perimeter (40%), network sandboxing (38%) and anti-phishing (38%) as the four leading solution approach areas.

Concerningly, respondents across all regions experienced a higher number of cybersecurity incidents during the pandemic. The percentage of respondents who experienced security incidents increased from 33% to 41%. This strongly outlines the case for enterprises to recognize security as a business enabler now more than ever, despite economic uncertainty, and to factor in contextual realities in their security strategies.

Adoption of Cloud

When it comes to cloud adoption during COVID-19, most respondents indicated their organisation adopted cloud more during the pandemic, especially those in Australia and New Zealand, with 64 percent and 57 percent of respondents agreeing that their organisation adopted cloud more during the pandemic respectively.

Meanwhile, 48% of enterprises in Singapore stated that they had increased their adoption of cloud-based solutions during the pandemic, while 52% affirmed that this increased adoption was enabling them to better meet client needs.

Attitudes towards remote working in Singapore

With the raft of directives aimed at curbing the spread of the pandemic, remote working is a new reality that businesses are coming to terms with. Enterprises in Singapore, while open to the idea of allowing employees the flexibility to choose between remote and fixed office locations in the future (62%), were less supportive of this trend than the regional average (71%) over Singapore, Australia, and New Zealand.

On average, the biggest challenge of remote work faced by enterprises in Singapore pointed to the undertaking of effectively securing remote devices. Other major areas of concern were new employee onboarding, data and application preparation, employee communication, patching and maintenance.

Devising the right security formula for today’s hybrid, adaptive modern enterprise

Consolidation and integration of solutions was ‘very important’ to 71 percent of respondents across Singapore, Australia, and New Zealand. 

At the same time, the importance of zero trust frameworks increased across the board with 75 percent of all enterprises surveyed during the pandemic stating that this was very important, compared to the 64 percent that stated the same before the pandemic.

With cybercriminals now targeting the underlying technologies that support a growing remote workforce, manual, disparate security tools are not going to be sustainable for IT teams.

Enterprises are therefore recommended to adopt a strategic approach that focuses on:

Complete visibility and centralised control 

This is achieved by deploying solutions that provide a single view of threats, technology management, vulnerabilities and perceived risks across an organisation’s entire environment.

When enterprises enter the market for new security vendors, the key features they need to look for include threat detection and response, penetration testing, vulnerability testing and scanning and security technology management.

Support for multi-cloud and diverse environments

In order to address the mounting challenge of protecting globally dispersed data and compute environments, it is critical that the modern enterprise’s security stance encompasses assets in all environments, whether on-premises, public clouds, private clouds, or a mixed setup.

Kenny Yeo, Associate Director and Head of Asia Pacific Cyber Security Practice at Frost & Sullivan said, “To secure digital assets in the new Everywhere Workplace, security leaders need complete visibility into all endpoints that connect to their networks.

“They also need to ensure that only trusted users, devices, and applications can access corporate resources. Deploying an integrated security platform that features best-in-class contextual automation and zero trust capabilities is the best way to reduce the risk of breaches and future-proof businesses.”

Michael Waring, VP Asia Pacific & Japan, Ivanti Security Solutions Group (SSG), said, “In changing the way we work, COVID-19 has also created new security challenges for organizations. As employees, we are increasingly mobile and remote, and we use an ever-changing combination of networks and devices – some of which could be vulnerable or even compromised – to access sensitive corporate IT applications.

“Businesses today need to adopt a zero trust approach, which enables highly secure yet more fluid ‘anytime, anywhere’ access to applications and information in the data center or in the cloud”.

The study surveyed C-Suite respondents at large enterprises with over 500 employees, across the banking and financial services industry (BFSI), as well as retail, manufacturing and healthcare verticals.