sb-au logo
Story image

AU businesses training staff on cybersecurity, but more needs to be done – survey

17 Sep 2018

Almost one in three Australian (29%) businesses have suffered more than three cybersecurity incidents in the past 12 months while more than one in ten (12%) of companies simply don’t know if their security defences have been breached in the past year. That’s according to a survey of IT security professionals conducted by Content Security, an Australian IT security integration and consulting company. While any security breach can be both damaging and expensive, the survey also found that Australian businesses are making a determined effort when it comes to cybersecurity training and education.

Forty-six percent of companies train their staff on security either on a monthly or quarterly basis while just over one in three (35%) train staff on an annual basis. Content Security CEO and co-founder Louis Abdilla says, “An organisation’s success in defending against an attack is largely dependent on its level of preparation and the tools it deploys to monitor systems and detect, shut down and contain suspicious activity.  

“It's encouraging to see that Australian organisations are preparing for the very real possibility of an attack but every individual needs to be responsible for aspects of personal security such as changing compromised passwords.  

“Security awareness training is now a key component of security strategy, with the survey suggesting that organisations have now recognised that security is now a business-wide issue and non-technical end-users need to be educated,” Abdilla says.

The survey found that 36% of companies review their cybersecurity strategy and incident response plan quarterly, 21% biannually and 39% annually.   Additional survey findings include:

  • More than half of all companies (56%) rate their ability to defend against cyber attacks as being very mature
  • 41% of organisations aligning to requirements for compliance with the Notifiable Data Breaches scheme and 30% of organisations aligning with GDPR compliance.   

“At the end of the day, most companies will be breached if an attacker really wants access to that company.

“You can still come out of a breach in a pretty good spot if you’ve been diligent about your IT and security controls, including the implementation of monitoring, detection, and response capabilities that can help minimise the impact of the breach and stamp down any thoughts of negligence and if you’ve handled the post-incident breach work well and in accordance with legal regulation and ethical principles.    “All of this is predicated on having an incident response and breach notification plan in place prior to being breached. The last thing you want to do is go into an incident ill-prepared, without a plan, and figuring things out while in the middle of the incident,” says Abdilla.   Moving into 2019, the survey found that more than half of all companies (58%) will invest in vulnerability management, 48% in cloud auditing and 49% in multi-factor authentication security solutions.  

More than one in three (37%) also see CASB as a critical technology for investment while 36% of organisations will also focus on SIEM solution deployments.   “Ultimately, companies must practice good IT and security hygiene, including patching systems and applications, updating and modernising systems and applications, controlling access to only those that need access, validating identities, and encrypting or applying other safeguards to critical business systems and data,” says Abdilla.

“They also must implement stringent monitoring and alerting mechanisms as compensating controls for when or if an attacker breaks through their defences. The amount of IT and cybersecurity control you wrap around something should be equivalent to the value of what you are trying to protect.”

Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Link image
Huawei APAC FSI Data Storage Summit: Key takeaways
Missed the action? Catch the Summit on-demand & learn more about the latest trends in data storage.Watch Now
Link image
Gartner report: Why SD-WAN is becoming the de-facto option
Network service providers are increasingly challenged by established and new competition in the overlay SD-WAN management as well as in the underlay WAN transport, the report says.More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More