Study: HK enterprises not ready at all for cybersecurity threats

Hong Kong enterprises are unprepared to handle cloud-related cybersecurity threats, according to a study conducted by Palo Alto Networks.

The study has identified three cybersecurity risks in cloud environments, such as insecure interfaces and APIs, a lack of a unified view of assets, and data breaches/loss.

The latest report from the cybersecurity company has shown that 76% of large enterprises in Hong Kong believed that the security provided by cloud providers was sufficient to protect them from cloud-based threats and that they even assumed public clouds were secure by default.

62% of Hong Kong respondents said they operated more than 10 separate security tools within their infrastructure to secure their clouds, which created a fragmented method to handle security threats and added further complexity, especially if the companies were operating in a multi-cloud environment. 68% of large organisations surveyed in this report said they deployed a multi-cloud approach.

"It is ideal for organisations to have a central console that uses technologies such as artificial intelligence to help prevent known and unknown malware threats, and quickly remediate accidental data exposure when it arises," said Andrew Milroy, head of advisory services, Asia Pacific of Ovum, a consultancy firm that Palo Alto Networks has worked with on this research.

Though enterprises understood the importance of cloud audits and security training, 77% said they had either never conducted a security audit or didn't perform one on a yearly basis. Furthermore, a quarter of audits did not even include cloud assets and 69% of organisations conducted internal audits only.

And it gets worse. About 57% of Hong Kong organisations did not provide cybersecurity training to IT security employees on a yearly basis, and, unsurprisingly, 74% of non-IT professionals did not receive the same training on a yearly basis either.

Palo Alto Networks has advised that enterprises need to build security into their cloud environments from the very first stage. They need to develop consistent security policies across all types of cloud deployments, allow frictionless deployment and easy scalability in multi-cloud environments, increase audits and training for both IT and non-IT staff, and automate threat intelligence with integrated, data-driven, and analytics-based approaches. Moving forward they then need to leverage machine learning and AI to avoid human error.