News
Vendors

Tenable detects that 74% of Japanese organizations seek more resources for proactive cyber defense

November 13, 2023
Tenable adds comprehensive web application, API scanning capabilities to its Nessus Expert

Exposure management firm Tenable published a new study revealing that 74 percent of Japanese respondents believe their organizations could better defend against cyberattacks with more resources dedicated to preventive cybersecurity. However, a concerning 68 percent indicated that their cybersecurity teams spend the majority of their time addressing critical incidents, hindering them from taking a proactive stance.

The study further revealed that over the past two years, Japanese organizations successfully thwarted 63 percent of cyberattacks. However, this meant they were left vulnerable to the remaining 37 percent, causing them to resort to reactive measures rather than preventing the attacks from the outset.

The data is drawn from, ‘Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Japan,’ a commissioned study of 825 IT and cybersecurity professionals, including 50 Japanese respondents conducted in 2023 by Forrester Consulting on behalf of Tenable.

The study, which emphasizes the significance of adopting a proactive cybersecurity approach, found that a core reason for the prevalent reactivity in Japanese organizations’ cybersecurity practices is the lack of alignment in goals between IT and security teams. Seven in 10 (72 percent) organizations say their IT teams are more concerned with uptime than patching/remediation. The disparity results in a lack of coordination between the two teams, a challenge acknowledged by 42 percent of Japanese organizations.

Japanese organizations were also struggling to identify the right threats to remediate, with only 22 percent of respondents reporting they were “extremely confident” that their organization’s cybersecurity practices were successfully reducing their risk exposure. An even lower 10 percent were ‘extremely confident’ that the vulnerabilities they prioritized for remediation over the past year posed the greatest threats to the organization.

“Siloed cybersecurity tools, and by extension, the teams behind them, are inadvertently preventing organizations from having a clear, continuous, and comprehensive view of their cyber risk,” Naoya Kishima, country manager at Tenable Japan, said in a media statement. “Internal mindsets further complicate matters, and make collaboration between IT and security teams challenging.”

The use of numerous third-party technologies without established processes poses a significant vulnerability for Japanese organizations. A striking 72 percent of respondents utilize third-party programs for SaaS apps and services, but fewer than half (46 percent) possess high to very high visibility into third-party environments.

Naoya noted, “While there are no quick fixes to these challenges when we look at key differences between low-maturity and high-maturity organizations across the overall sample, some themes begin to emerge that can serve as a guide for organizations looking to reduce their risk.”

  • Low-maturity organizations are more likely to be stuck in reactive mode. In the past 12-24 months, high-maturity organizations preventively defended against 61 percent of the attacks they experienced and reactively mitigated against the rest. In low-maturity organizations, 56 percent of attacks were preventively defended, while 44 percent were reactively mitigated. 
  • High-maturity organizations see the value in data aggregation: 57 percent use aggregation tools to collect and analyze data to quantify risk exposure, compared with only 46 percent of low-maturity organizations. 
  • High-maturity organizations spend far less time each month producing reports for business leaders than their low-maturity counterparts: 57 percent of high-maturity organizations say it takes 11 hours or more to produce such reports, compared with 72 percent of low-maturity organizations.

Earlier this month, Tenable published a study revealing that Australian organizations could not prevent 42 percent of cyberattacks on their businesses, only successfully stopping 58 percent of cyberattacks over the past two years. Consequently, organizations have had to rely on reactive measures rather than preventing attacks from occurring in the first place.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates