sb-au logo
Story image

Australian employees are weakening organisations' security posture - report

20 Apr 2020

Inappropriate IT use by Australian employees is the single biggest weak spot in an organisation’s cybersecurity posture, according to a new report from Kaspersky released today.

Almost half (49.4%) of all security incidents in 2019 occurred as a result of ‘inappropriate usage’ by employees, with a further 42.9% of incidents being caused by inappropriate data sharing across mobile devices by employees.

The survey, which quizzed approximately 5,000 global businesses, with about 250 of them being Australian, found that cybercriminals are increasingly exploiting IT systems as they get more complex, tailoring their attacks to take advantage of weaknesses in new technologies.

“Many businesses have now been forced to quickly adapt to a home workforce during COVID-19,” says Kaspersky A/NZ senior security researcher Noushin Shabab.

“With an increased dependency on mobile devices, remote working using cloud applications and data being used from more locations, the risk of cyberattacks in 2020 is set to skyrocket if businesses don’t quickly close gaps in their security and focus on the way they’re using cloud services.”

“It also helps to double-check mobile device protection to have anti-theft capabilities enabled, such as remote device location, lock and wipe of data, screen lock and password, and Face ID or Touch ID,” says Shabab.

The research also indicates that 36.5% of Australian businesses have been involved in an incident through a third-party cloud service that their employees used in the past year. 

Despite increasing security vulnerability on mobile devices, only 8.5% of Australian survey respondents ranked security issues with mobile devices as their most important security issue.

Meanwhile, almost half of all breaches in China in 2018-2019 stemmed from mobile devices.

The survey found that when it comes to budgets, about two-thirds of Australian businesses expected to increase IT budgets over the next three years with much of that to happen over the next year. 

However, about 28% of Australian enterprises and SMBs currently allocate less than 10% of their IT budget to security with around 40% allocating between 10% and 25% to security. 

“Our findings show that Australian businesses vastly underfund their security measures compared to global counterparts with 11.7% of businesses globally allocating more than half their IT budget on security,” reports Shabab.

This illustrates a growing discrepancy between budget allocation to cybersecurity and the huge cost of potential data breaches, which could be crippling to some businesses if they don’t take preventative measures.

26.4% of Australian small businesses reported that they lost between AUD$3,000 and $15,000 through attacks in 2018-2019.

The research found that in 2018-2019, 38.5% of respondents reported losses under $100,000, 20.9% reported losses between $100,000 and $249,000, and 19.8% reported losses up to $1 million, with 20.9% reporting incidents costing in excess of $1 million.