Story image

Australian firms face cybersecurity inertia as the struggle to keep up takes its toll

12 Mar 2018

Australian organisations are being left stranded in a haze of inertia about their cybersecurity strategies, even after a cyber attack has hit them.

Research from CyberArk’s Global Advanced Threat Landscape Report 2018 suggests that inertia is increasing organisations’ vulnerability to attacks, particularly for the 52% of respondents who rarely change their security strategy even after being attacked.

“Attackers have almost limitless freedom and agility, and are constantly evolving their tools and techniques. Organisations, being much larger and more structured are not able to evolve their security strategy and controls to match this pace of change,” comments CyberArk’s regional director of Australia and New Zealand, Matthew Brazier.

The study’s findings suggest that inertia is now part of many organisations that do not believe they are able to repel or contain cyber threats.

 45% of Australians say their organisation can’t prevent attackers breaking into internal networks each time an attack is attempted.

Part of the problem may lie in the insufficient storage and use of administrative credentials. 41% of Australian respondents say those credentials are stored in Word or Excel documents on company PCs.

DevOps and cloud processes can also be automated, which means privileged accounts, credentials and secrets are being created at a ‘prolific’ rate, CyberArk states.

Brazier says that privileged accounts and secrets are targeted in almost every attack.

“These are the most prized assets for attackers as these allow them to bypass other security controls undetected. The most cyber mature organisations in Australia have a deep awareness of their privileged asset landscape and have put in place strong controls around the way these are issued, used and audited. Aligning both defensive and alerting capabilities to protect these assets is fundamental to an effective security strategy.”

Despite data protection regulations coming into force across the world, 58% of Australian respondents say their customers’ privacy and personally identifiable information may be at risk because the organisation doesn’t provide security beyond the legally-required basics.

Globally, IT professionals are most concerned about security threats including targeted phishing attacks (56%); insider threats (51%); ransomware or malware (48%); unsecured privileged accounts (42%); and unsecured data in the cloud (41%).

The majority of Australian respondents (85%) agree that cybersecurity strategy should be a regular board-level discussion topic.

Australians are also less concerned about recognising or rewarding employees who prevent a security breach (46%) than their US counterparts (76%).

CyberArk polled 1300 IT security decision makers as part of its report.  See how Singapore respondents fared by clicking here.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.