sb-au logo
Story image

Attack volumes, breach levels and security investment all rise in Australia

14 Jul 2020

A massive majority of CIOs, CTOs and CISOs in Australia have reported an increase in cyber-attack volume and breaches in the last 12 months.

94% of 250 high-level executives around Australia surveyed in a report released today from VMware have noticed a surge in attack volume, which has, in turn, prompted increased investment in cyber-defence.

Additionally, 96% of respondents acknowledged that their business suffered a security breach of some kind within the last year, with the average organisation suffering two breaches during that time period.

88% of Australian executives believe cyber-attacks have become more sophisticated, while a huge 96% plan on increasing cybersecurity budgets in response to this.

In fact, many organisations have already begun sizeable investments into security infrastructures – according to the report, an average of more than seven different tools are used by Australian businesses to bolster cyber-defence.

“Siloed, hard-to-manage environments hand the advantage to attackers from the start,” says VMware Carbon Black cybersecurity strategist Rick McElroy.

“Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. 

“As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment.”

The report also found that OS vulnerabilities and third-party applications were the leading causes of breaches, both with 18% respectively, followed by web application attacks.

The method of attack known as island-hopping was identified as a notable cause of breaches at 11%, despite only being cited by 4% of respondents as the most common attack type experienced. McElroy says this is because attack vectors in the supply chain prove an easy target for hackers.

“Island-hopping is having an increasing breach impact with 11% of our survey respondents citing it as a main cause of breaches,” he says.

“In combination with other third-party risks such as third-party apps and the supply chain, it’s clear the extended enterprise is under pressure.”    

The VMware report also drew a direct link between a worldwide increase in cyber-attack volume and the COVID-19 pandemic.

In a separate survey which quizzed global respondents from the US, UK, Singapore and Italy, 91% of cybersecurity professionals said attack volumes have increased as more employees work from home, while 92% said their organisations have experienced cyber-attacks linked to COVID-19 malware.

“These figures indicate that the surveyed CISOs may be facing difficulty in a number of areas when answering the demands placed on them by the COVID-19 situation,” says McElroy.

“The 2020 survey results suggest that security teams must be working in tandem with business leaders to shift the balance of power from attackers to defenders. 

“We must also collaborate with IT teams and work to remove the complexity that’s weighing down the current model,” he adds.

“By building security intrinsically into the fabric of the enterprise – across applications, clouds and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.”