A new study says the Asia-Pacific region (Apac) has the worst cyber security in the world. Most breaches never become public and the discovery time on average was 520 days, way longer than the global average of just 146 days. IT security experts from Tripwire, AlienVault and Lieberman Software commented below.

Tim Erlin, Sr. Director, Product Management at Tripwire:

tim_erlin“Companies implement cybersecurity because it’s a business need, and that simply hasn’t been in the case in APAC.

The business need for cybersecurity is driven either by customer demand and the potential brand damage from a breach, or by adequately enforced regulations. Without customer demand or regulation, businesses simply aren’t motivated to spend money on cybersecurity.

In places where regulations do exist, lack of enforcement can result in haphazard implementations. You can’t have compliance without effective audit.”

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“Culture eats security for breakfast: Whilst technology is easy to consolidate and standardise, cultures within corporations and countries are not so easy to change. Many countries have a very different mindset and way of operating from Western countries.

In many places, there is more reliance on the government to implement security, and in some areas, trying to implement your own security controls is discouraged. For example, Dubai recently deemed VPNs illegal.

As more countries, businesses, critical infrastructure and citizens become more reliant on technologies, it is vitally important security is given serious consideration and companies are given more freedom and direction in how they should protect their assets. Much like turning the Titanic, it won’t be quick or easy, but essential to safeguard national interests going forward.”

Jonathan Sander, VP of Product Strategy at Lieberman Software:

Jonathan Sander“It’s been normal to see APAC lag the North American and European technology markets. A combination of lagging consumer maturity not demanding advancement and vendors not offering solutions localized or built for the spread out geographies of APAC contributes to this well recognized gap. However, bad guys have no reason not to wade into APAC attacks. They’re not dependant on any of those factors. That means APAC may have to forego their usual wait and see period and live with solutions not exactly suited to them or find local vendors to help. We’re also seeing a rapid increase in the maturity of the APAC condiment base from a tech point of view, which will put more pressure on organizations to have the same level of protections as other regions.”

Information Security Buzz