SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Breach Prevention
#
Cybersecurity
#
GDPR
Businesses worried but complacent about cyber attacks - Aura Infosec
Mon, 14th Jan 2019
FYI, this story is more than a year old
By Michael Warnock, Australia Country Manager, Aura Information Security
Follow us

Almost a third of Australian businesses report having been targeted by cyber-criminals in the past twelve months, and more than a third expect to become a target in the coming year.

What's more, 40% of businesses say their employees receive between one and five phishing or ransomware attacks every quarter, and a further 30% say the number is higher — as many as ten per quarter.

The situation is pretty bad, and most businesses think it's only going to get worse in the year ahead, according to research commissioned by Aura Information Security.

Little fear of financial impact

Given these numbers, and the potential for serious financial losses in the event of a cybersecurity breach, one might think that Australian businesses were fully on board with doing whatever had to be done to mitigate harm.

Unfortunately, that is not always the case.

While the majority of businesses have some sort of structure in place to keep the board and senior management apprised of security issues, one-fifth of IT professionals report that senior managers do not regard cybersecurity as a key concern.

As anyone will tell you, buy-in from senior management is essential for any company-wide process.

Complacency on cybersecurity from management puts the whole organisation at risk.

What's worse, almost half of businesses allocate less than 10% of their IT budget to security, while a further quarter raise the bar to a mere 15%.

For something like data security — which can be an existential issue for some companies — these numbers are frighteningly low.

The slow tide of rising importance

Local research has found three-quarters of business leaders report more of the IT budget will go to security in the coming year.

But will that be enough?

Consider that the vast majority — 79% — of businesses leaders believe they have put in place the necessary tools and processes to train employees in security awareness to fend off phishing attacks and the like.

However, only 47% are confident that the processes they have in place will actually prevent a breach.

As organisations get larger, the likelihood that they have such processes increases, but so too does the likelihood of phishing and ransomware attacks.

More employees might bring a greater awareness of the need to mitigate risk, but they also bring more potential victims of targeted attacks.

Clearly, the money being invested in training and other processes is not buying confidence.

Distance doesn't equal defence

Australia is geographically isolated, but of course, cybercriminals know no borders and are not hampered by oceans.

Wherever the Internet goes, so do they.

Even so, almost a quarter of Australian businesses regard local companies as not as big a target as similar companies in other countries (the remainder regard Australia as either as large a target or larger).

It is unsurprising, then, that 40% of businesses see Australia as lagging behind the rest of the world when it comes to implementing good cybersecurity practices.

The global nature of digital business means that four out of 10 Australian businesses have reporting requirements under the European Union's General Data Protection Regulation (GDPR), which compels organisations that handle data of European citizens to have in place technical and organisational measures to protect that data and to notify people of data breaches.

Of those, 80% say they are prepared to notify clients and could do so within 48 hours of a breach being detected.

Australia's own regulatory regime is also bringing a focus on data protection, in the form of the Notifiable Data Breaches (NDB) Scheme, introduced earlier this year and having a similar effect.

Prior to the introduction of the NDB, only 59% of businesses said they would have reported a security breach to customers.

Now that it is in place, 71% say they believe their business is supportive of it.

Given the potentially catastrophic financial implications of a cyber breach — not to mention the loss of trust that would follow if customer data were compromised — one might expect businesses to come to the security party out of pure self-interest, and some are.

As for the rest, legislation will simply have to drag them along.

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Axis unveils hybrid cloud platform for adaptable security solutions
Cisco launches Hypershield for AI-driven security upgrade
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models