Indian Businesses Not Completely Risk-Proof in Their Digital Transformation Journey: ForcePoint

Global cybersecurity leader, Forcepoint unveiled the findings of a study conducted along with leading IT analyst firm Frost & Sullivan, revealing that the digital transformation journey of Indian organizations’ is getting increasingly hindered by cyberattacks.

The study reveals that 95% of organizations have embarked on a digital transformation journey, however, 61% of respondents shared that the risk of cyberattacks is stalling their digitalisation progress. For those organizations that have begun executing their digital transformation projects, 46% of them have encountered a security incident and 20% of the organizations didn’t conduct breach assessment regularly in the last 12 months. In fact, only 18% respondents thought about cybersecurity at the early stages of the digital transformation projects – indicating the less mature approach by organizations to involve cybersecurity when designing digital transformation project. Seventy percent of organizations think about cybersecurity only at the latter stages of the projects, the study revealed.

“It’s clear from this study that many APAC organizations are on the back foot when it comes to enterprise cybersecurity in the borderless organization,” said Kenny Yeo, Industry Principal, APAC ICT, Frost & Sullivan. “Security leaders need to look beyond perimeter security, leverage automation, and have a better grasp of the psychology of both cybercriminals and their business users. Incorporating behaviour modelling into their IT security architecture is certainly a way to identify potential risks and fend off cyberattacks.”

Rising data breach attacks

The study found that 69% of Indian organizations are at risk with 44% of them having encountered data breach before and 25% of them not performing any breach assessment in the last 12 months. Among the biggest group of respondents, BFSI and IT services & BPO emerged as the top sectors to perform regular breach assessment to ensure there was no security incident in the company.

“Organizations today need to urgently to embrace “secure-by-design” into their digital transformation projects. Adopting a behaviour-centric security approach that focuses on understanding users’ behaviour on the network and within applications to identify behavioural anomalies can mitigate cyberattacks before they happen,” said Alvin Rodrigues, senior director and security strategist at Forcepoint Asia Pacific.

Serious misconceptions around security in the cloud

As organisations move to the cloud to become more agile and productive, there is greater threat to enterprise security. The study highlights that 76% of businesses in India have adopted cloud computing, but organizations that have moved to the cloud are at higher risk with 47% of them have encountered significant security incident within the span of 12 months. Also, 52% of Indian organizations think cybersecurity is the responsibility of their cloud service provider, resulting in higher tendency in getting cyber-attacks due to this misconception.  Typically, compliance and security are a shared responsibility between the organization and the cloud service provider.

Most organizations underestimate the impact of cyber security incidents on their operations

The study findings reveal that organizations usually experience serious service disruption due to security incidents. While 30% of respondents experienced instances of internal service disruption lasting more than one day, impacting the overall businesses productivity; a good 98% of them experienced external service disruption, and 30% of those who encountered security incidents experienced more than one day of external service downtime.

Security blind spots in digital transformation

With respect to organisational risk posture, the study reveals that organizations suffer from a perception imbalance at the leadership level when it comes to certain security incidents, including loss of intellectual property, remote code execution and online brand impersonation. Organizations today have lower levels of preparedness to mitigate incidents of loss of intellectual property and data corruption while in reality, these two incidents have relatively high impact and can lead to bigger business impact.