Aus organisations under fire from persistent and sophisticated cyber attacks
The majority (69%) of Australian organisations expect to experience a breach of customer records in the next year.
This is according to the new Trend Micro Cyber Risk Index (CRI) report, which measures the gap between respondents' cybersecurity preparedness versus their likelihood of being attacked.
The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an elevated risk. Australia's global index is currently -0.89, indicating a more elevated risk compared to the global figure.
Organisations in Asia Pacific ranked the top three negative consequences of an attack as critical infrastructure damage and disruption, lost IP and cost of outside consultants/experts brought in to help mitigate the damage.
Key Australian findings from the report include the following:
- 64% said it was somewhat to very likely that they'd suffer serious cyber attacks in the next 12 months
- 30% suffered seven or more cyber attacks that infiltrated networks/systems
- 19% had seven or more breaches of information assets
- 24% of respondents said they'd suffered seven or more breaches of customer data over the past year
One of the two top infrastructure risks was cloud computing. Many respondents admitted they spend considerable resources managing third party risks like cloud providers.
The top cyber risks in Asia Pacific highlighted in the report were as follows:
- Watering hole attacks
- Advanced persistent threats (APT)
- Malicious insiders
- Fileless attacks
The top security risks to infrastructure in Asia Pacific include malicious insiders, as well as cloud computing infrastructure and providers and organisational misalignment and complexity.
The main challenges for cybersecurity preparedness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as organisations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure, Trend Micro finds.
Trend Micro director and data scientist Dr. Jon Oliver says, “Once again we've found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges.
"To lower cyber risk, organisations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.”
Ponemon Institute CEO Dr. Larry Ponemon says of the report, “Trend Micro's CRI continues to be a helpful tool to help companies better understand their cyber risk.
"Businesses globally can use this resource to prioritise their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries.”