SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
App development
#
APM
#
Compliance
Australia's cloud usage significantly higher, increasing malware risk
Thu, 26th Oct 2023
Author image
By Kaleah Salmon, Journalist
Follow us

A new report by the Netskope Threat Labs, a team of threat researchers from cybersecurity and networking company Netskope, has revealed that Australia is ahead of other regions regarding cloud usage and malware delivered via cloud ecosystems. The report finds that popular cloud business applications are primarily used to deliver malware to relevant Australian organisations and workers.

The data analysed between October 2022 and September 2023 shows that Australian workers used an average of 30 different cloud apps each month, as opposed to an average of 22 in other regions. More disturbingly, cloud malware delivery in Australian organisations reached an average of 64% of all malware deliveries, compared to 56% in other regions.

The most used cloud apps exploited for malware delivery were OneDrive, Sharepoint, Github, Weebly and Outlook.com. The analysis also identified that a significant majority of users (97%) download data from and upload data to the cloud every month, increasing the risk of potential data breaches.

Ray Canzanese, Director of the Netskope Threat Labs, says: "Beyond the significant impact on their customers, what the recent high-profile Australian data breaches did was put Australia even higher on the list of prime targets of global threat actors who realised Australian organisations may have inconsistent levels of cybersecurity awareness and preparedness."

According to Canzanese, the sharp increase in malware delivered via popular cloud apps from November 2022 is a testament to the heightened cybersecurity challenges local businesses have to defend themselves against, many originating from cloud ecosystems. Trojans were identified as the most common type of malware (76%), commonly used by threat actors to gain an initial foothold to deliver other types of malware.

Canzanese adds: "Legacy security technology, which is still used by a number of Australian organisations, is often blind to cloud ecosystems and unable to provide granular visibility and control over the data."

"Cloud ecosystems have become a primary potential source for cyber threats in 2023, and it is critical that organisations improve application and network monitoring and detection capabilities to include cloud use," says Ray Canzanese. 

The research was based on anonymised usage data collected by the Netskope Security Cloud platform from a subset of Netskope Australian customers with prior authorisation.

In Australia, Netskope provides threat protection to more than 625,000 private and government workers, including one in four organisations from the ASX50, through ongoing monitoring of their network, cloud ecosystem, and data flows.

Netskope is a global Secure Access Service Edge (SASE) expert redesigning cloud, data, and network security to assist organisations in applying zero trust principles and protecting data. Thousands of customers, including over 25 Fortune 100, trust Netskope and its robust NewEdge network to deal with evolving threats, risks, technology shifts, and new regulatory requirements.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Australians show interest in using AI for online dating
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity