SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber threats: Legacy systems aren't always the culprit
Tue, 9th Jul 2019
FYI, this story is more than a year old

A new survey has revealed that organisations are putting the blame on legacy systems for cyber threats, while in reality they need to manage cyber risks across many different factors an.d a holistic and constant approach should be employed to manage security threats

The survey, conducted by Axis Communications, was designed to understand customers' attitudes to cyber threats, how cybersecurity impacts their business and how prepared they feel to face an attack.

Among the 175 security management professionals interviewed, the survey concluded that despite cyberattacks being recognised as a real and incumbent danger by most companies (87% prioritised it as a risk), only a few felt that they had adequate defences (15%).

While 76% of the respondents regard physical protection of assets and safety as their main responsibilities, none of them mention internal attack factors as a threat. Instead, around 60% of them lay the blame on legacy systems.

While these systems are a clear weakness, cyber threats are actually just as relevant for recently deployed firmware and software versions as for older ones.

This suggests a common misconception that product security is the only way to mitigate vulnerabilities and threats. On the contrary, companies need to manage cyber risks across many dimensions.

Tackling cyber threats requires a practical and constant approach, such as setting clear and actionable policies and procedures, as well as having the correct measures performed on a daily basis. Adopting this holistic mindset is the only effective way to manage all the various types of cybersecurity threats.

Highlights of the survey include:

  • 87% of the respondents prioritise cybersecurity as a risk, but only 15% say they are well prepared
  • 57% recognise a lack of internal priority and competences as a reason for not being properly prepared
  • Where an attack took place, 45% blamed on social engineering and phishing email while 59% on legacy systems
  • Only 35% report having a cybersecurity expert working in their business
  • 26% report having experienced a cyberattack in the past 12 months, however 28% are unsure of whether an attack took place
  • The consequences of a cyberattack can damage not only the company's monetary resources, but also the trust between them and their customers