SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Organisations feeling inadequate against cyber threats, survey finds
Tue, 25th Jun 2019
FYI, this story is more than a year old

Organisations are feeling inadequate when it comes to defending themselves against cyber threats, despite cyberattacks being recognised as a real danger by most, according to new research.

The survey, from Axis Communications, discovered that among the 175 security management professionals interviewed, only 15% felt that they had adequate defences, despite 87% of those companies prioritising cyberattacks as a risk to their businesses.

While 76% of the respondents regard physical protection of assets and safety as their main responsibilities, none of them mention internal attack factors as a threat. Instead, around 60% of them lay the blame on legacy systems, the survey shows.

While these systems are a clear weakness, cyber threats are actually just as relevant for recently deployed firmware and software versions as for older ones, Axis Communications says. This suggests a common misconception that product security is the only way to mitigate vulnerabilities and threats.

On the contrary, companies need to manage cyber risks across many dimensions.

According to the report, tackling cyber threats requires a practical and constant approach, such as setting clear and actionable policies and procedures, as well as having the correct measures performed on a daily basis.

"Adopting this holistic mindset is the only effective way to manage all the various types of cybersecurity threats," the company says.

The survey found 87% of the respondents prioritise cybersecurity as a risk, but only 15% say they are well prepared. At the same time, 57% recognise a lack of internal priority and competences as a reason for not being properly prepared.

Where an attack took place, 45% blamed on social engineering and phishing email while 59% on legacy systems.

According to the survey, only 35% of those interviewed reported having a cybersecurity expert working in their business. Meanwhile, 26% reported having experienced a cyberattack in the past 12 months. However, the report also showed 28% were unsure of whether an attack took place

"The consequences of a cyberattack can damage not only the company's monetary resources, but also the trust between them and their customers," Axis Communications says.