Cyber resiliency maturity low in Asean – research – The Manila Times

A LEADING provider of data protection and cyber resilience solutions for hybrid cloud organizations unveiled findings from its Asean “State of Data Readiness Report 2024.”
The report, which includes insights from organizations across six Southeast Asian countries, reveals significant challenges in data recovery and cyber resilience amid growing threats and data sprawl.
The report, conducted by Tech Research Asia (TRA) and commissioned by data protection provider Commvault, surveyed CIOs/CISOs, IT leaders, and decision-makers from organizations across Southeast Asian countries, namely Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam.
71 percent of organizations surveyed have experienced at least one cyberattack in the past year. Singapore, Thailand and Vietnam experienced the majority of attacks on data environments, including production, secondary and backups, while attacks on production data only are highest in Singapore, Malaysia and Vietnam.
Of those who experienced a cyberattack, just 35 percent successfully recovered 100 percent of their data. When asked about the challenges, maintaining immutable data across multi-infrastructure environments was identified as the top hurdle for organizations when trying to secure their data estates.
The research found misaligned expectations of business leaders and IT teams when it comes to cyber recovery. For business leaders, speed of business resumption is paramount — with 24 percent stating an outage of one day or less is tolerable. By the end of day five, 79 percent of business leaders expect the organization to have data access restored and be back in business. However, the IT teams reported that the average time it takes to recover from a breach is between four and five weeks.
“Businesses in Asean are overwhelmed with huge volumes of data, escalating threats, and the complexity of their own IT systems,” said Michel Borst, area vice president, Commvault. “Additionally, they are dealing with diminished budgets and scarce IT and security teams. From our research, it is clear there are serious gaps in Asean organizations' cyber resiliency maturity, their ability to recover all data, and the speed by which they can resume operations as the business requires.”
The research also highlights that a staggering 91 percent of companies struggle with managing “dark data,” which Gartner defines as the information assets organizations collect, process and store during regular business activities but generally fail to use for other purposes, such as analytics. These statistics highlight a critical gap in the region's ability to respond to and recover from cyber incidents.
Strengthening cyber resiliency
Cyber resiliency clearly has a critical influence on maintaining business operations. However, the research revealed that only 7 percent of companies in the region believe they have a “proactive, mature cyber resiliency capability.”
When it comes to testing their incident response plans, 85 percent of companies stated they have a response plan in place if attacked. However, only 26 percent said they have a “clearly understood response and communication plan in place,” while 22 percent stated their incident response capability is weak, “very unorganized,” and “(they) scramble to respond.”
“Testing incident response and cyber readiness has historically been very challenging, but it is critical,” said Daniel Tan, Commvault's head of Solutions Engineering, Asia. “The trouble is that traditional modes of testing can be cost-prohibitive and bring significant disruption to the operations. This, compounded with having to engage multiple vendors, creates a lack of visibility into, and gaps in, recovery capabilities, ultimately costing organizations more in terms of money and time to recover.”
Modern cleanrooms in the cloud can help address these testing challenges. “They are designed to not only provide companies with a way to orchestrate, on demand, recovery into a clean, isolated location in the cloud, but organizations can also use them to frequently and cost-effectively test their cyber recovery strategies in advance — critical in an age of rapidly evolving cyberthreats,” added Tan.
The research revealed that 92 percent of companies are using some form of data cleanrooms across the region, of which 28 percent ranked better data recovery post breach as the #1 benefit.
It is clear that businesses need to move beyond “are backup jobs running?” to a more proactive stance so compromised data is recoverable and have solutions like data cleanrooms in place to fight the emerging threat landscape.

source