Less than 10% of APAC orgs have a CISO

Less than 10% of APAC organisations have a dedicated chief information security officer, and companies are struggling to implement effective identity and access management policies, research suggests.

A survey conducted by IDC on behalf of LogMeIn’s LastPass found that for 80% of organisations, the head of IT has to fill the double role of also being head of security.

Furthermore, despite dedicating more IT resources to identity and access management than any other area of IT security, identity management is not being prioritised at many businesses.

Only 23% of APAC organisations plan to deploy multi-factor authentication for all users accessing sensitive data and 30% are currently considering or piloting identity federation plans, which involves the linking of an employee’s single authentication across multiple systems.

The research also found that the surge in remote working triggered by the COVID-19 crisis has left IT security teams struggling to adequately manage levels of access and security at scale.

The survey found that 60% of APAC employees want remote access but only 40% have it. This rises to 72% and 32% respectively for the worst affected industry, the banking and financial services sector.

“At present, security investments are focused on alleviating customer concerns regarding data privacy, which grossly overlooks the security and monitoring of user semantics — the individuals who will be accessing the data,” LogMeIn VP of APAC and Japan Lindsay Brown said.

“This is where identity management solutions such as multi-factor authentication and confined data access can provide multifaceted value for an organisation. Speaking the right language and setting common objectives are crucial — security leaders need to fully communicate the enterprise risk identity management addresses by extension.”

Image credit: ©stock.adobe.com/au/Gorodenkoff