Story image

Aus businesses see themselves as prime targets for cyber attacks

07 Nov 18

Almost one in three businesses believe Australia is more at risk of cyber attacks than the rest of the world, and the majority aren't "very confident" they could stop a breach, a new survey commissioned by Aura Information Security has found.

The survey of 307 Australian IT and security executives demonstrates the considerable uncertainty faced by businesses in trying to combat cybersecurity threats. 

While some leaders are confident they are on top of cybersecurity with the tools, policies and budget to be successful, others are unsure their planning and posture is strong enough to ward off an attack – or at least an attempted one.

The survey also shows those that have been attacked are not confident they can avoid being hit again.

Half of CEOs, general managers and operations executives say they have been subject to a cyber attack in the past 12 months, and they are also the respondents most expecting to be the target of an attack in the next 12 months.

Prime target

According to the survey, 29% of executives believe that Australia is more at risk than the rest of the world when it comes to cyber attacks, and a further 48% say Australia is at "the same risk" as other countries.
 
Perhaps surprisingly given the interconnected nature of the world, 23% of executives think Australia is at less risk of attack than other countries. This appears to be a perspective shared by other regional executives; a similar survey commissioned by Aura Information Security in New Zealand found 33% of executives there shared this view.
 
"Organisations should avoid getting too complacent about the risks of an attack. Threat actors operate across geographic boundaries and often look for targets with easy points of entry, such as unsecured, unpatched or misconfigured hardware," says Aura Information Security Australia country manager Michael Warnock. 

Just over 40% of respondents believe Australia’s cybersecurity practices are lagging behind the rest of the world.

The same amount, however, believes we are on par.

Other key results include:

●     Breach prevention: Australian businesses are mature when it comes to education and awareness, with 80% saying they have policies or training in place to prevent cyber breaches. Despite this, less than half (47%) are very confident these policies and training will prevent a breach.
 
●     Slow security budgets: Over 70% of businesses allocate 15% or less of their total IT spend to security; 14% of respondents spend less than five percent. In recognition of the growing threat, 72% say they intend to raise their budgets.
 
●     Personal targets: CEOs and general managers are disproportionately targeted by phishing and ransomware attacks, with over half of these survey respondents revealing they had been personally targeted. On average, 34% of all business managers and above reported being targeted in the past year.
 
●     Data breach notification: 71% of businesses support the existence of the national mandatory data breach notification scheme, and 36% have had to report under it so far. Almost two-thirds said the data breach scheme prompted them to re-assess their cybersecurity policies. Still, not everyone is completely committed: 17% of Australian organisations would try to hide a breach from their customers or clients.
 
●     Pentesting: Six in ten Australian businesses carry out some form of penetration testing. Regular testing is most common in organisations between 100 and 200 staff in size. 
 
●     Built-in security: In the web app design process, 41% of businesses take security into account at the earliest planning stages of the project. A further 37% admit to baking security in "midway through", while only 11% treat security as an afterthought.
 
“With attacks on the rise it’s becoming increasingly crucial that businesses get the cybersecurity basics right,” Warnock says.

“Employee training, regular penetration testing of web-facing applications and cyber- attack simulations are just some of the things that should be on the priority list.”

“Cybersecurity is not something that a business can assess once a year, it requires constant review and consideration by all parts of the business – from the top down,” he concludes. 

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.